Yeni TROJAN Saldırısı video.haberturk.com
Bu gün aldığım aşağıdaki mailde
HABER TÜRK OLARAK YILIN MUTHİŞ HABERİNİ ERGENEKON DAVASINDAKİ YAYIM YASAĞI NEDENİ İLE İNTERNET ÜZERİNDEN YAYIMLIYORUZ.
SAVCILAR TARAFINDAN SON DERECE TİTİZLİKLE KORUNAN, DENİZ BAYKAL’IN ABDULAH ÇATLI İLE YÜZ YÜZE YAPTIĞI GÖRÜŞMELERİN , YEŞİL ‘İ CHP GENEL MERKEZİNDE AĞIRLAMASININ GÖRÜNTÜLERİNİ,HURŞİT TOLON VE VELİ KÜÇÜK İLE YAPTIĞI GÖRÜŞMELERİN GÖRÜNTÜLERİNİ ELE GEÇİRDİK,
GÖRÜŞMELERDE KULAKLARINZA İNANAMAYACAĞINIZ DİYALOGLAR VE YAPILMASI PLANLANAN DARBENİN DETAYLI GÖRÜŞMELERİ BULUNUYOR ,İZLEYİN KULAKLARINIZA VE GÖZLERİNİZE İNANAMAYACAKSINIZ.
HABER TÜRK TARTIŞMASIZ TÜRKİYE’NİN EN BÜYÜK İNTERNET GAZETESİ
şeklinde bir mesaj ve ardındanda ekli dosya olarak video.haberturk.com isimli (107 Kb) WINRAR ile sıkıştırılmış yer alıyordu. Normal olarak böyle bir dosyadan şüphelendiğim için dosyayı INTERNET üzerinde VIRUSTOTAL sistemi ile taradım ve aşağıdaki sonuçlara ulaştım.
Sonuçlardan da görüleceği gibi gönderilen bu ek, bir VİRÜS ve asıl amacı da sizin sisteminizdeki özel bilgilerinizi, şifrelerinizi ele geçirmek…
Antivirüs | Versiyon | Son Güncelleştirme | Sonuç |
a-squared | 4.0.0.101 | 2009.04.08 | Trojan-Spy.Win32.Agent!IK |
AhnLab-V3 | 5.0.0.2 | 2009.04.07 | – |
AntiVir | 7.9.0.138 | 2009.04.07 | – |
Antiy-AVL | 2.0.3.1 | 2009.04.07 | – |
Authentium | 5.1.2.4 | 2009.04.08 | W32/Agent.CT.gen!Eldorado |
Avast | 4.8.1335.0 | 2009.04.07 | – |
AVG | 8.5.0.285 | 2009.04.07 | SHeur2.ZRU |
BitDefender | 7.2 | 2009.04.08 | – |
CAT-QuickHeal | 10.00 | 2009.04.07 | – |
ClamAV | 0.94.1 | 2009.04.07 | – |
Comodo | 1102 | 2009.04.07 | – |
DrWeb | 4.44.0.09170 | 2009.04.08 | – |
eSafe | 7.0.17.0 | 2009.04.07 | – |
eTrust-Vet | 31.6.6442 | 2009.04.07 | – |
F-Prot | 4.4.4.56 | 2009.04.08 | W32/Agent.CT.gen!Eldorado |
F-Secure | 8.0.14470.0 | 2009.04.08 | Trojan-Spy.Win32.Agent.akwx |
Fortinet | 3.117.0.0 | 2009.04.07 | – |
GData | 19 | 2009.04.08 | – |
Ikarus | T3.1.1.49.0 | 2009.04.08 | Trojan-Spy.Win32.Agent |
K7AntiVirus | 7.10.695 | 2009.04.07 | – |
Kaspersky | 7.0.0.125 | 2009.04.08 | Trojan-Spy.Win32.Agent.akwx |
McAfee | 5577 | 2009.04.07 | Generic Delphi |
McAfee+Artemis | 5577 | 2009.04.07 | Generic Delphi |
McAfee-GW-Edition | 6.7.6 | 2009.04.07 | – |
Microsoft | 1.4502 | 2009.04.07 | – |
NOD32 | 3994 | 2009.04.07 | – |
Norman | 6.00.06 | 2009.04.07 | – |
nProtect | 2009.1.8.0 | 2009.04.08 | – |
Panda | 10.0.0.14 | 2009.04.07 | Trj/CI.A |
PCTools | 4.4.2.0 | 2009.04.07 | – |
Prevx1 | V2 | 2009.04.08 | – |
Rising | 21.24.12.00 | 2009.04.07 | – |
Sophos | 4.40.0 | 2009.04.08 | Mal/Generic-A |
Sunbelt | 3.2.1858.2 | 2009.04.08 | Trojan.Unclassified.gen |
Symantec | 1.4.4.12 | 2009.04.08 | Trojan Horse |
TheHacker | 6.3.4.0.303 | 2009.04.07 | – |
TrendMicro | 8.700.0.1004 | 2009.04.07 | – |
VBA32 | 3.12.10.2 | 2009.04.07 | – |
ViRobot | 2009.4.7.1682 | 2009.04.07 | – |
VirusBuster | 4.6.5.0 | 2009.04.07 | – |
İlave Bilgiler | |||
File size: 238121 bytes | |||
MD5…: c103b348b93e7eefab3db605b2bc4e5b | |||
SHA1..: 84e302abfa86a280ac98f358737188a5f3f47bb0 | |||
SHA256: ab7fa58761cf8a11dbb01cc513d45b51ee07daa62ac336d424d62446b7c2a3cd | |||
SHA512: d99d07fa1e4401b4a3010406708972ed70706a6c60c8d28dbee989eaab273515<br>b1c2b576a09d9b89714a40ccaeca308e11a916900f9804a631fd6946840a4507 | |||
ssdeep: 6144:OwLI2BSV/gUOW55yZx2qAGV0OxuTBpf1of:Ob2BSSUOSohBuTNof<br> | |||
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft | |||
TrID..: File type identification<br>Win32 Executable Borland Delphi 7 (58.5%)<br>Win32 Executable Borland Delphi 5 (39.4%)<br>Win32 Executable Generic (0.7%)<br>Win32 Dynamic Link Library (generic) (0.6%)<br>Win16/32 Executable Delphi generic (0.1%) | |||
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x30888<br>timedatestamp…..: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype…….: 0x14c (I386)<br><br>( 8 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x2f8b8 0x2fa00 6.57 7f480ff0067f2d472deef0838ac0a522<br>DATA 0x31000 0x36cc 0x3800 7.02 c514710c4c6a870f1d9b1f39234a82bb<br>BSS 0x35000 0xb05 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x36000 0x19ce 0x1a00 4.75 6e29af2aa5a2d36fe9fe0fdc5277c530<br>.tls 0x38000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.rdata 0x39000 0x18 0x200 0.20 0aab54a987d246b4127ed3c40f8aa392<br>.reloc 0x3a000 0x30e4 0x3200 6.67 28cc16759e0dda077f7a86c89331e162<br>.rsrc 0x3e000 0x1e00 0x1e00 3.85 15472dd2d33b288b606764067f3c07c4<br><br>( 20 imports ) <br>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, CreateDirectoryA, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<br>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA<br>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<br>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<br>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<br>> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCreateKeyA, RegCloseKey<br>> kernel32.dll: lstrlenA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, SetThreadPriority, SetFileTime, SetFilePointer, SetFileAttributesA, SetEvent, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetVersionExA, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCommandLineA, GetCPInfo, GetACP, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateThread, CreateSemaphoreA, CreateProcessA, CreateFileA, CreateEventA, CompareStringA, CloseHandle<br>> gdi32.dll: UnrealizeObject, StretchBlt, SetTextColor, SetStretchBltMode, SetROP2, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, GetTextMetricsA, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetBrushOrgEx, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt<br>> user32.dll: wvsprintfA, WindowFromPoint, WaitMessage, TranslateMessage, ToAscii, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetTimer, SetParent, SetFocus, SetCursor, SendMessageTimeoutA, SendMessageA, ReleaseDC, RegisterWindowMessageA, RegisterClassA, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, LoadIconA, LoadCursorA, KillTimer, IsWindowEnabled, IsWindow, InvalidateRect, GetWindowRect, GetWindowLongA, GetWindowDC, GetSystemMetrics, GetSysColor, GetMessageA, GetKeyState, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDC, GetCursorPos, GetClientRect, GetClassInfoA, GetCapture, FindWindowExA, FindWindowA, FillRect, DispatchMessageA, DestroyWindow, DestroyIcon, DestroyAcceleratorTable, DefWindowProcA, CopyImage, ClientToScreen, CallWindowProcA, CharNextA, CharLowerBuffA, CharUpperBuffA, CharToOemA<br>> shell32.dll: ShellExecuteA<br>> ole32.dll: CoUninitialize, CoInitialize<br>> oleaut32.dll: GetErrorInfo<br>> wininet.dll: InternetGetConnectedState, InternetOpenA, InternetConnectA<br>> shell32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA<br>> user32.dll: CreateWindowExA<br>> oleaut32.dll: SysFreeString, SysAllocStringLen<br>> kernel32.dll: Sleep<br>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<br>> winmm.dll: timeSetEvent, timeKillEvent<br>> user32.dll: DdeCmpStringHandles, DdeFreeStringHandle, DdeQueryStringA, DdeCreateStringHandleA, DdeGetLastError, DdeFreeDataHandle, DdeUnaccessData, DdeAccessData, DdeCreateDataHandle, DdeClientTransaction, DdeNameService, DdePostAdvise, DdeSetUserHandle, DdeQueryConvInfo, DdeDisconnect, DdeConnect, DdeUninitialize, DdeInitializeA<br><br>( 0 exports ) <br> | |||
RDS…: NSRL Reference Data Set<br>- | |||
ThreatExpert info: <a href=”http://www.threatexpert.com/report.aspx?md5=c103b348b93e7eefab3db605b2bc4e5b” target=”_blank”>http://www.threatexpert.com/report.aspx?md5=c103b348b93e7eefab3db605b2bc4e5b</a> |