2008/12/01

kavo.exe 執行動作紀錄

隨身碟病毒 kavo.exe 在 VirusTotal 上的掃瞄結果:
反病毒引擎 版本 最後更新 掃瞄結果
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - Win32:Kavos
AVG - - PSW.OnlineGames.2.U
BitDefender - - Packer.Malware.NSAnti.1
CAT-QuickHeal - - Trojan.Krap.b
ClamAV - - -
Comodo - - TrojWare.Win32.PSW.OnlineGames.~YC
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Packed.Win32.Krap.b
Fortinet - - W32/Krap.B
GData - - Packer.Malware.NSAnti.1
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - Packed.Win32.Krap.b
McAfee - - Generic PWS.y
McAfee+Artemis - - Generic PWS.y
Microsoft - - PWS:Win32/Frethog.AJ
NOD32 - - Win32/PSW.OnLineGames.NMY
Norman - - -
Panda - - Suspicious file
PCTools - - -
Prevx1 - - Cloaked Malware
Rising - - -
SecureWeb-Gateway - - Trojan.Crypt.XPACK.Gen
Sophos - - Mal/Frethog-B
Sunbelt - - -
Symantec - - W32.Gammima.AG
TheHacker - - -
TrendMicro - - TSPY_FRETHOG.GK
VBA32 - - -
ViRobot - - -
VirusBuster - - Packed/Krap

附加訊息
MD5: 0ab7de319326e0208fd565b7d073bd68
SHA1: 6e2b5bcafa708605cbb02074c44ddd63fc89d326
SHA256: 662119cca7074edf723cd31715ae3f0fc6d8c4d9d7dbb4c0e29e7b8f4b4c19aa

執行後登錄檔異動:
Values added:
HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\kava: "C:\WINDOWS\system32\kavo.exe"

Values modified:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: A0 BA 94 B3 92 D1 94 F4 26 EE 88 FE FE 31 4A 62 68 58 42 6F 5D 92 0A 2D B6 5C 49 6B 57 DA 3E AA 4B 8F 29 C2 E8 C7 6F E7 A1 DA 98 89 B5 DB 67 2C 02 AB 9F 24 EC F7 B0 41 D7 AA 65 24 CD 3A CF F8 E6 62 DA 6E D6 50 E5 97 64 1E 58 63 05 C7 71 CB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 50 73 6F 77 E7 3C 55 35 B3 04 50 85 AA F4 FF 84 2A 48 AD AD 61 34 B5 DD 38 6B B0 07 23 1F 1F 62 8D BB 21 3F E7 DD 1A FC 65 21 EF E2 BD 0E DE B9 CD 57 0B 45 8A B7 FA 5B 82 55 FF 08 BE D0 3A 10 B9 41 CB F7 E6 62 43 BC 97 F8 96 47 53 50 F6 48
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: 0x00000001
HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden: 0x00000002
HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0x00000001
HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0x00000000
HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 04 00 00 00 40 00 00 00 40 33 61 BA AA 64 C9 01
HKEY_USERS\S-1-5-21-527237240-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 04 00 00 00 41 00 00 00 B0 17 F5 C2 AA 64 C9 01

執行後檔案異動:
Files added:
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll

Files modified:
C:\Documents and Settings\zero\NTUSER.DAT.LOG
C:\WINDOWS\Prefetch\REGSHOT.EXE-107302DE.pf
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\config\system.LOG

沒有留言:

張貼留言