Yeni Virüs Uyarısı: (Haberturk Varan 2)

Bu gün elime geçen bir mailin konu başlığından şüphelenerek kontrol ettim ve virüse rastladım, işte detayları…

Maile ait bilgiler;

Konu: ‘ VARAN 2 ‘   DENİZ BAYKAL’ A   İKİNCİ ŞOK.. DENİZ BAYKALIN İKİNCİ  SEX VİDEOSUNU YAYIMLIYORUZ

Ekli Dosya: video.haberturk.rar (339Kb)

İçerik:

HABERTURK.COM TÜRKİYENİN EN BÜYÜK İNTERNET GAZETESİ

DAHA ÖNCE 1. CİSİ YAYINLANAN DENİZ BAYKAL VE NESRİN BAYTOK’UN SEKS GÖRÜNTÜLERİNİN 2.SİDE VARAN 2 ADIYLA HABER MÜDÜRLÜĞÜMÜZE GÖNDERİLDİ.YAYIN YASAĞI NEDENİ İLE HABERLERİMİZDE YAYINLAYAMADIĞIMIZ GÖRÜNTÜLERİ İNTERNET ÜZERİNDEN SİZLERE SUNUYORUZ.

HABERLE İLGİLİ GÖRÜNTÜLER EK’TEDİR.

Ekte bulunan Video.Haberturk.rar (339Kb) dosyasının virüs olma ihtimalini düşünerek dosyayı masaüstüme aldım ve rar dosyadan çıkartarak www.virustotal.com adresine upload yaptım.

Almış olduğum rapor bilgisi aşağıdadır.

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:

video.haberturk.com

Submission date:

2010-11-02 06:10:27 (UTC)

Current status:

queued queued analysing finished

Result:

2/ 43 (4.7%)

Antivirus Version Last Update Result
AhnLab-V3 2010.11.02.00 2010.11.01
AntiVir 7.10.13.77 2010.11.01
Antiy-AVL 2.0.3.7 2010.11.01
Authentium 5.2.0.5 2010.11.02
Avast 4.8.1351.0 2010.11.01
Avast5 5.0.594.0 2010.11.01
AVG 9.0.0.851 2010.11.02
BitDefender 7.2 2010.11.02
CAT-QuickHeal 11.00 2010.10.26
ClamAV 0.96.2.0-git 2010.11.02
Comodo 6585 2010.11.02
DrWeb 5.0.2.03300 2010.11.02
Emsisoft 5.0.0.50 2010.11.02
eSafe 7.0.17.0 2010.11.01
eTrust-Vet 36.1.7948 2010.11.01
F-Prot 4.6.2.117 2010.11.01
F-Secure 9.0.16160.0 2010.11.02
Fortinet 4.2.249.0 2010.11.01
GData 21 2010.11.02
Ikarus T3.1.1.90.0 2010.11.02
Jiangmin 13.0.900 2010.11.02
K7AntiVirus 9.67.2882 2010.11.01
Kaspersky 7.0.0.125 2010.11.01
McAfee 5.400.0.1158 2010.11.02
McAfee-GW-Edition 2010.1C 2010.11.01
Microsoft 1.6301 2010.11.02
NOD32 5583 2010.11.01
Norman 6.06.10 2010.11.01
nProtect 2010-11-01.01 2010.11.01
Panda 10.0.2.7 2010.11.01 Suspicious file
PCTools 7.0.3.5 2010.11.02
Prevx 3.0 2010.11.02
Rising 22.72.00.03 2010.11.02
Sophos 4.59.0 2010.11.02
Sunbelt 7192 2010.11.02 Trojan.Win32.Generic!SB.0
SUPERAntiSpyware 4.40.0.1006 2010.11.02
Symantec 20101.2.0.161 2010.11.02
TheHacker 6.7.0.1.075 2010.11.02
TrendMicro 9.120.0.1004 2010.11.02
TrendMicro-HouseCall 9.120.0.1004 2010.11.02
VBA32 3.12.14.1 2010.11.01
ViRobot 2010.10.4.4074 2010.11.02
VirusBuster 12.70.15.0 2010.11.01
MD5   : 6bb09f070ffd041d3cbf51aedd8988a7
SHA1  : d8d2be2eeeed04130e83e5d519a82c1a10263ccd
SHA256: 98dd44e5ed54d0819a180c9401ce44a00f639f23fbea310294e41a69712ef740
ssdeep: 12288:63x4Pq2Xg/AMnjgQKVnb1Bf6CRiET2Wh7YTQSPkUW8stVIFbocXiLhU:ixSqBAMnjmbrh
wET2okcMPggk7hU
File size : 587778 bytes
First seen: 2010-11-02 06:10:27
Last seen : 2010-11-02 06:10:27
TrID:
Win32 Executable Borland Delphi 7 (85.3%)
InstallShield setup (5.4%)
UPX compressed Win32 Executable (3.8%)
Win32 EXE Yoda’s Crypter (3.3%)
Win32 Executable Generic (1.0%)
sigcheck:
publisher….: n/a
copyright….: n/a
product……: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments…..: n/a
signers……: –
signing date.: –
verified…..: Unsigned
PEiD: BobSoft Mini Delphi -> BoB / BobSoft
packers (F-Prot): UPX
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x48C70
timedatestamp….: 0x2A425E19 (Fri Jun 19 22:22:17 1992)
machinetype……: 0x14c (I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
CODE, 0x1000, 0x47CA0, 0x47E00, 6.58, a75a54d97d7ad69a4c4a3202560c67b9
DATA, 0x49000, 0x3FF4, 0x4000, 6.93, 4f0ed6dd9df20fe6396173980a775261
BSS, 0x4D000, 0xCB9, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.idata, 0x4E000, 0x1ADE, 0x1C00, 4.81, 87088691dbdf41d67fe844e4d4bc4812
.tls, 0x50000, 0xC, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rdata, 0x51000, 0x18, 0x200, 0.17, 426ce299494a3d863d66285169c20d55
.reloc, 0x52000, 0x39F4, 0x3A00, 6.72, 3193cc585f7e4019748b117b763c7b42
.rsrc, 0x56000, 0x3DD73, 0x3DE00, 7.53, 9f691cdea0fd3afcdb010351b04c6c6b

[[ 19 import(s) ]]
kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, CreateDirectoryA, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCreateKeyA, RegCloseKey
kernel32.dll: lstrlenA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, SizeofResource, SetThreadPriority, SetFileTime, SetFilePointer, SetFileAttributesA, SetEvent, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetVersionExA, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileAttributesA, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCommandLineA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateProcessA, CreateFileA, CreateEventA, CompareStringA, CloseHandle
gdi32.dll: UnrealizeObject, StretchBlt, SetWinMetaFileBits, SetTextColor, SetStretchBltMode, SetROP2, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, GetWinMetaFileBits, GetTextMetricsA, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetBrushOrgEx, GetBitmapBits, GdiFlush, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
user32.dll: wvsprintfA, WaitMessage, TranslateMessage, ShowWindow, SetWindowTextA, SetWindowPos, SetWindowLongA, SetTimer, SetParent, SetFocus, SetCursor, SendMessageA, ReleaseDC, RegisterClassA, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, LoadIconA, LoadCursorA, KillTimer, IsWindowEnabled, IsWindow, InvalidateRect, GetWindowThreadProcessId, GetWindowRect, GetWindowLongA, GetSystemMetrics, GetSysColor, GetKeyState, GetIconInfo, GetForegroundWindow, GetFocus, GetDC, GetCursor, GetClipboardData, GetClientRect, GetClassInfoA, GetCapture, FindWindowExA, FindWindowA, FillRect, DrawIconEx, DispatchMessageA, DestroyWindow, DestroyIcon, DestroyAcceleratorTable, DefWindowProcA, CreateIcon, CopyImage, CopyIcon, ClientToScreen, CallWindowProcA, CharNextA, CharLowerBuffA, CharUpperBuffA, CharToOemA
ole32.dll: CoUninitialize, CoInitialize
oleaut32.dll: GetErrorInfo
wininet.dll: InternetGetConnectedState
shell32.dll: SHGetSpecialFolderLocation, SHGetPathFromIDListA
oleaut32.dll: SysFreeString, SysAllocStringLen
user32.dll: CreateWindowExA
kernel32.dll: Sleep
oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
winmm.dll: timeSetEvent, timeKillEvent
user32.dll: DdeCmpStringHandles, DdeFreeStringHandle, DdeQueryStringA, DdeCreateStringHandleA, DdeGetLastError, DdeFreeDataHandle, DdeUnaccessData, DdeAccessData, DdeCreateDataHandle, DdeClientTransaction, DdeNameService, DdePostAdvise, DdeSetUserHandle, DdeQueryConvInfo, DdeDisconnect, DdeConnect, DdeUninitialize, DdeInitializeA

Symantec reputation:Suspicious.Insight

Loading