버전업 되어 유포되고 있는 ‘GandCrab Ransomware’ 감염 주의 


1. 개요 


최근 취약점 등을 이용해 유포되던 ‘GandCrab Ransomware’가 버전업 되어 악성 메일로 유포 되고 있어 사용자들의 주의를 요한다. 사용자의 실행을 유도하는 악성 메일로 활발히 유포가 되고 있는 ‘GandCrab Ransomware’를 이번 보고서에서 알아보고자 한다.






2. 분석 정보


2-1. 파일 정보

구분

내용

파일명

[임의의 파일명].exe

파일크기

41,472bytes

진단명

Ransom/W32.GandCrab.208904

악성동작

파일 암호화





2-2. 유포 경로

기존 GandCrab 랜섬웨어 2.0와 유사하게 악성 메일로 유포되고 있으며, ‘=지원서=’, ‘입사지원서’ 라는 제목으로 유포되어 첨부파일 실행을 유도한다.


[그림 1] 악성 메일 유포[그림 1] 악성 메일 유포




압축된 첨부파일에는 문서 파일과 그림파일로 위장하는 LNK파일이 있으며, 해당 LNK 파일을 실행 시 ‘James.exe’라는 악성 파일이 실행된다. 해당 파일은 숨김 속성으로 되어 있다.


[그림 2] 이메일 첨부파일[그림 2] 이메일 첨부파일





2-3. 실행 과정

해당 랜섬웨어 실행 시, 사용자의 파일을 암호화하고 암호화한 파일 이름 뒤에는 ‘.CRAB’ 라는 확장자를 덧붙인다. 또한 암호화 된 폴더에 ‘CRAB-DECRYPT.txt’이라는 랜섬노트를 생성한다. 아래와 같이 ‘CRAB-DECRYPT.txt’에서 버전이 v2.1로 바뀐 것을 확인 할 수 있다.


[그림 3] GandCrab v2.1랜섬노트 (txt파일)[그림 3] GandCrab v2.1랜섬노트 (txt파일)




생성된 텍스트 파일의 내용중 Tor 웹 브라우저를 이용하여 개인 ID로 구성된 특성 URL 주소로 접속을 안내한다. 연결된 지불 페이지에서 암호 화폐인DASH와 Bitcoin을 요구하고 있으며, 정해진 기간이 경과 할 시 2배의 가격을 요구한다.


[그림 4] GandCrab v2.1랜섬노트 (Tor웹 브라우저)[그림 4] GandCrab v2.1랜섬노트 (Tor웹 브라우저)



[그림 5] 기간 경과 시 2배의 가격 요구[그림 5] 기간 경과 시 2배의 가격 요구






3. 악성 동작


3-1. 특정 프로세스 종료

해당 랜섬웨어는 2.0 버전과 마찬가지로 아래 [표 1]와 같이 종료 대상 프로세스를 비교하며, 사용자의 PC에서 해당 프로세스가 실행되고 있을 시 종료 한다. 


 

구분

내용

종료 대상 프로세스 목록

‘msftesql.exe’, ‘sqlagent.exe’, ‘sqlbrowser.exe’, ‘sqlservr.exe’, ‘sqlwriter.exe’, oracle.exe’, ocssd.exe’, dbsnmp.exe’, synctime.exe’, mydesktopqos.exe’, agntsvc.exeisqlplussvc.exe’, xfssvccon.exe’, mydesktopservice.exe’, ocautoupds.exe’, agntsvc.exeagntsvc.exe’, agntsvc.exeencsvc.exe’, firefoxconfig.exe’, tbirdconfig.exe’, ocomm.exe’, mysqld.exe’, dbeng50.exe’, sqbcoreservice.exe’, excel.exe’, infopath.exe’, msaccess.exe’, mspub.exe’, onenote.exe’, outlook.exe’, powerpnt.exe’, steam.exe’, sqlservr.exe’, thebat.exe’, thebat64.exe’, thunderbird.exe’, visio.exe’, winword.exe’, wordpad.exe’, mysqld-nt.exe’, mysqld-opt.exe’

[1] 종료 대상 프로세스 목록





3-2. 자동 실행 레지스트리 등록

해당 랜섬웨어 실행 시 ‘C:\Users\[사용자 계정\AppData\Roaming\Microsoft 하위에 [임의의 파일명.exe]’로 자신을 복제하며, 재부팅 시에도 자동 실행이 되기 위해 레지스트리에 등록한다.


[그림 6] 자동 실행 레지스트리 등록[그림 6] 자동 실행 레지스트리 등록






3-3. 화이트 리스트 목록

해당 랜섬웨어는 파일 암호화 시 암호화를 제외하는 화이트 리스트가 존재한다. 아래와 같은 경로 및 파일명 그리고 특정 확장자는 암호화에서 제외한다. 해당 목록은 기존 버전과 동일하다. 

 

구분

내용

화이트 리스트

제외 폴더 목록

제외 파일 목록

제외 확장자 목록

\ProgramData\

\IETldCache\

\Boot\

\Program Files\

\Tor Browser\

Ransomware

\All Users\

\Local Settings\

\Windows\

desktop.ini

ntuser.dat

iconcache.db

bootsect.bak

boot.ini

ntuser.dat.log

thumbs.db

CRAB-DECRYPT.txt

.ani, .cab, .cpl, .cur, .diagcab, .diagpkg, .dll, .drv, .hlp, .ldf, .icl, .icns, .ico, .ics, .lnk, .key, .idx, .mod, .mpa, .msc, .msp, .msstyles, .msu, .nomedia, .ocx, .prf, .rom, .rtp, .scr, .shs, .spl, .sys, .theme, .themepack, .exe, .bat, .cmd, .CRAB, .crab, .GDCB, .gdcb, .gandcrab, .yassine_lemmou

[2] 화이트리스트 목록





3-4. 이동식 드라이브 감염

해당 랜섬웨어는 이동식 드라이브를 검색하여 감염 동작을 수행한다.


[그림 7] 이동식 드라이브 감염[그림 7] 이동식 드라이브 감염






3-5. 암호화 완료 시 재부팅

해당 랜섬웨어는 파일 암호화가 완료된 뒤 시스템을 강제종료 하고 재부팅 한다. 


[그림 8] 암호화 완료 시 재부팅[그림 8] 암호화 완료 시 재부팅






4. 결론

최근 'GandCrab Ransomware' 는 2.0 버전이 유포 된지 얼마 되지 않아 2.1로 버전업 되어 악성 메일로 활발히 유포 되고 있다. 활발히 유포 되고 있는 만큼 랜섬웨어의 피해를 최소한으로 예방하기 위해 수신지가 불분명한 링크나 첨부 파일을 함부로 열어보아서는 안되며, 새로 추가 된 윈도우 보안 업데이트를 확인 할 것을 권고한다. 또한 중요한 자료는 별도로 백업해 보관하여야 한다.

상기 악성코드는 잉카인터넷 안티바이러스 제품 TACHYON Internet Security 5.0 에서 진단 및 치료가 가능하다.

[그림 9] TACHYON Internet Security 5.0 진단 및 치료 화면[그림 9] TACHYON Internet Security 5.0 진단 및 치료 화면







Posted by nProtect & TACHYON

안녕하십니까? 잉카인터넷 TACHYON 입니다.


2018년 04월 26일자 첫번째 업데이트 안내문입니다.


금일 정기 업데이트에서는 총 898개 악성코드에 대한 진단/치료가 안티 바이러스에 업데이트 되었습니다.



1. 안티 바이러스 업데이트 안내


1-1. 안티 바이러스 업데이트 버전 : 2018-04-26.01


1-2. 다음 898개 악성코드에 대한 진단/치료가 자사 엔진에 업데이트 되었습니다.


Backdoor/W32.Agent.1028519
Backdoor/W32.Agent.110592.GJ
Backdoor/W32.Agent.153850
Backdoor/W32.Agent.16060.B
Backdoor/W32.Agent.1675601
Backdoor/W32.Agent.2304512
Backdoor/W32.Agent.266630
Backdoor/W32.Agent.27648.IU
Backdoor/W32.Agent.27648.IV
Backdoor/W32.Agent.27648.IW
Backdoor/W32.Agent.27648.IX
Backdoor/W32.Agent.27648.IY
Backdoor/W32.Agent.27648.IZ
Backdoor/W32.Agent.27648.JA
Backdoor/W32.Agent.344472.B
Backdoor/W32.Agent.40448
Backdoor/W32.Agent.42208
Backdoor/W32.Agent.4399079
Backdoor/W32.Agent.4399129
Backdoor/W32.Agent.490544
Backdoor/W32.Agent.51939
Backdoor/W32.Agent.53432
Backdoor/W32.Agent.542208.O
Backdoor/W32.Agent.569701
Backdoor/W32.Agent.6694912
Backdoor/W32.Agent.7826496
Backdoor/W32.Agent.913408.U
Backdoor/W32.Androm.220160.C
Backdoor/W32.Androm.360448.F
Backdoor/W32.Androm.552960.F
Backdoor/W32.Androm.600064.D
Backdoor/W32.Androm.614400.J
Backdoor/W32.Androm.625152.D
Backdoor/W32.Androm.633344.D
Backdoor/W32.Androm.638976.B
Backdoor/W32.Androm.818688.D
Backdoor/W32.Androm.961168
Backdoor/W32.Bifrose.154718
Backdoor/W32.Bifrose.252157
Backdoor/W32.Bladabindi.546816
Backdoor/W32.DarkKomet.1040384.F
Backdoor/W32.DarkKomet.1292800
Backdoor/W32.DarkKomet.2139651
Backdoor/W32.DarkKomet.2707459
Backdoor/W32.DarkKomet.676704
Backdoor/W32.DarkKomet.858420
Backdoor/W32.Farfli.102400.K
Backdoor/W32.Farfli.2022400
Backdoor/W32.Farfli.266252
Backdoor/W32.Farfli.301568
Backdoor/W32.Hlux.1063992
Backdoor/W32.Hupigon.94208.AL
Backdoor/W32.Mokes.262144
Backdoor/W32.Nuwar.141312
Backdoor/W32.Phpw.7449600
Backdoor/W32.Poison.1619968.B
Backdoor/W32.Poison.1904128
Backdoor/W32.Poison.4516352
Backdoor/W32.Poison.4608
Backdoor/W32.Poison.5598720
Backdoor/W32.Poison.5857280.B
Backdoor/W32.Poison.7765664
Backdoor/W32.Sinowal.81920.EF
Backdoor/W32.Socks.837320
Backdoor/W32.Turkojan.324096.C
Backdoor/W32.UandMe.29184
Backdoor/W32.UandMe.29696
Backdoor/W32.UandMe.29696.B
Backdoor/W32.Wabot.1182302
Backdoor/W32.Wabot.1310720
Backdoor/W32.Wabot.145393
Backdoor/W32.Wabot.2413301
Backdoor/W32.Wabot.241606
Backdoor/W32.Wabot.2420636
Backdoor/W32.Wabot.3555297
Backdoor/W32.Wabot.4583300
Backdoor/W32.Wabot.86220
Backdoor/W32.Wemosis.3735040
Backdoor/W32.Winnti.94208
Banker/W32.BestaFera.13043867
Banker/W32.BestaFera.18522772
Banker/W32.Emotet.10604544.C
Banker/W32.Emotet.11782656.B
Banker/W32.Emotet.12169216
Banker/W32.Emotet.138752
Banker/W32.Emotet.143360.O
Banker/W32.Emotet.14341632
Banker/W32.Emotet.211968.B
Banker/W32.Emotet.212480.C
Banker/W32.Emotet.221184.B
Banker/W32.Emotet.221184.C
Banker/W32.Gozi.562176
Banker/W32.IcedID.567808
Downloader/W32.Agent.18758.C
Downloader/W32.Agent.4096.B
Downloader/W32.Agent.5382144
Ransom/W32.Blocker.105591
Ransom/W32.Blocker.119119
Ransom/W32.Blocker.151390
Ransom/W32.Blocker.152267
Ransom/W32.Blocker.160687
Ransom/W32.Blocker.164678
Ransom/W32.Blocker.167886
Ransom/W32.Blocker.168846
Ransom/W32.Blocker.171333
Ransom/W32.Blocker.182120
Ransom/W32.Blocker.185433
Ransom/W32.Blocker.188753
Ransom/W32.Blocker.193071
Ransom/W32.Blocker.197840
Ransom/W32.Blocker.23251968
Ransom/W32.Blocker.236942
Ransom/W32.Blocker.254026
Ransom/W32.Blocker.257423
Ransom/W32.Blocker.263785
Ransom/W32.Blocker.277238
Ransom/W32.Blocker.279922
Ransom/W32.Blocker.288611
Ransom/W32.Blocker.290163
Ransom/W32.Blocker.290845
Ransom/W32.Blocker.298062
Ransom/W32.Blocker.298467
Ransom/W32.Blocker.302679
Ransom/W32.Blocker.304701
Ransom/W32.Blocker.315481
Ransom/W32.Blocker.319927
Ransom/W32.Blocker.323230
Ransom/W32.Blocker.331537
Ransom/W32.Blocker.338119
Ransom/W32.Blocker.338192
Ransom/W32.Blocker.344480
Ransom/W32.Blocker.362337
Ransom/W32.Blocker.374564
Ransom/W32.Blocker.380292
Ransom/W32.Blocker.380982
Ransom/W32.Blocker.533744
Ransom/W32.Blocker.545860
Ransom/W32.Blocker.555581
Ransom/W32.Blocker.561285
Ransom/W32.Blocker.574954
Ransom/W32.Blocker.611018
Ransom/W32.Blocker.617637
Ransom/W32.Blocker.618203
Ransom/W32.Blocker.621981
Ransom/W32.Blocker.622709
Ransom/W32.Blocker.663164
Ransom/W32.Blocker.681972
Ransom/W32.Blocker.682902
Ransom/W32.Blocker.693962
Ransom/W32.Blocker.765681
Ransom/W32.Blocker.782657
Ransom/W32.Blocker.796428
Ransom/W32.Crypto.20944
Ransom/W32.Crypto.21590.B
Ransom/W32.Crypto.21758
Ransom/W32.Crypto.21862.B
Ransom/W32.Crypto.21894.B
Ransom/W32.Foreign.98304
Ransom/W32.GandCrypt.303625
Ransom/W32.PornoAsset.1225588
Ransom/W32.WannaCry.5267459.AV
Trojan-Clicker/W32.Zlob.27648.D
Trojan-Downloader/W32.Agent.101836
Trojan-Downloader/W32.Agent.1064565
Trojan-Downloader/W32.Agent.1169449
Trojan-Downloader/W32.Agent.1634605
Trojan-Downloader/W32.Agent.1785988
Trojan-Downloader/W32.Agent.180224.IG
Trojan-Downloader/W32.Agent.22796.C
Trojan-Downloader/W32.Agent.22974.B
Trojan-Downloader/W32.Agent.26102.B
Trojan-Downloader/W32.Agent.266752.N
Trojan-Downloader/W32.Agent.3176765
Trojan-Downloader/W32.Agent.3611975
Trojan-Downloader/W32.Agent.3682522
Trojan-Downloader/W32.Agent.3735552.B
Trojan-Downloader/W32.Agent.38842
Trojan-Downloader/W32.Agent.4183554
Trojan-Downloader/W32.Agent.42752
Trojan-Downloader/W32.Agent.5061552
Trojan-Downloader/W32.Agent.6102623
Trojan-Downloader/W32.Agent.934720
Trojan-Downloader/W32.Agent.934784
Trojan-Downloader/W32.Agent.935040
Trojan-Downloader/W32.Agent.935824
Trojan-Downloader/W32.Agent.936632
Trojan-Downloader/W32.Agent.937048
Trojan-Downloader/W32.Andromeda.83968.F
Trojan-Downloader/W32.Aqtemp.20481
Trojan-Downloader/W32.Banload.2678784.D
Trojan-Downloader/W32.Banload.277132
Trojan-Downloader/W32.Banload.2981888.G
Trojan-Downloader/W32.Banload.3588096.D
Trojan-Downloader/W32.Banload.3588096.E
Trojan-Downloader/W32.Geral.11280
Trojan-Downloader/W32.Upatre.212480.B
Trojan-Downloader/W32.Upatre.215552.B
Trojan-Downloader/W32.Upatre.24578
Trojan-Downloader/W32.Upatre.25088.M
Trojan-Downloader/W32.Upatre.25322
Trojan-Downloader/W32.Upatre.25952
Trojan-Downloader/W32.Upatre.28608
Trojan-Downloader/W32.Upatre.30688
Trojan-Downloader/W32.Upatre.40136.C
Trojan-Downloader/W32.Upatre.40272.D
Trojan-Downloader/W32.Upatre.44322.B
Trojan-Downloader/W32.Upatre.47836.B
Trojan-Downloader/W32.Upatre.47972
Trojan-Downloader/W32.Upatre.48004
Trojan-Downloader/W32.Upatre.49520.B
Trojan-Downloader/W32.Upatre.49656.B
Trojan-Downloader/W32.Upatre.50220
Trojan-Downloader/W32.Upatre.69812
Trojan-Downloader/W32.Upatre.70540
Trojan-Downloader/W32.Upatre.70818.B
Trojan-Downloader/W32.Upatre.71550.B
Trojan-Downloader/W32.Upatre.749568
Trojan-Dropper/W32.Agent.103656
Trojan-Dropper/W32.Agent.1117184.AHH
Trojan-Dropper/W32.Agent.1117184.AHI
Trojan-Dropper/W32.Agent.1117184.AHJ
Trojan-Dropper/W32.Agent.1117184.AHK
Trojan-Dropper/W32.Agent.1117184.AHL
Trojan-Dropper/W32.Agent.1117184.AHM
Trojan-Dropper/W32.Agent.1117184.AHN
Trojan-Dropper/W32.Agent.1117184.AHO
Trojan-Dropper/W32.Agent.1117184.AHP
Trojan-Dropper/W32.Agent.1117184.AHQ
Trojan-Dropper/W32.Agent.1117184.AHR
Trojan-Dropper/W32.Agent.1117184.AHS
Trojan-Dropper/W32.Agent.1117184.AHT
Trojan-Dropper/W32.Agent.1117184.AHU
Trojan-Dropper/W32.Agent.1117184.AHV
Trojan-Dropper/W32.Agent.1117184.AHW
Trojan-Dropper/W32.Agent.1117184.AHX
Trojan-Dropper/W32.Agent.1117184.AHY
Trojan-Dropper/W32.Agent.1117184.AHZ
Trojan-Dropper/W32.Agent.1117184.AIA
Trojan-Dropper/W32.Agent.1117184.AIB
Trojan-Dropper/W32.Agent.1117184.AIC
Trojan-Dropper/W32.Agent.1117184.AID
Trojan-Dropper/W32.Agent.1117184.AIE
Trojan-Dropper/W32.Agent.1117184.AIF
Trojan-Dropper/W32.Agent.1117184.AIG
Trojan-Dropper/W32.Agent.1117184.AIH
Trojan-Dropper/W32.Agent.1117184.AII
Trojan-Dropper/W32.Agent.1117184.AIJ
Trojan-Dropper/W32.Agent.1117184.AIK
Trojan-Dropper/W32.Agent.1117184.AIL
Trojan-Dropper/W32.Agent.1117184.AIM
Trojan-Dropper/W32.Agent.1117184.AIN
Trojan-Dropper/W32.Agent.1117184.AIO
Trojan-Dropper/W32.Agent.1117184.AIP
Trojan-Dropper/W32.Agent.1117184.AIQ
Trojan-Dropper/W32.Agent.1117184.AIR
Trojan-Dropper/W32.Agent.1117184.AIS
Trojan-Dropper/W32.Agent.1117184.AIT
Trojan-Dropper/W32.Agent.1117184.AIU
Trojan-Dropper/W32.Agent.1117184.AIV
Trojan-Dropper/W32.Agent.1117184.AIW
Trojan-Dropper/W32.Agent.1117184.AIX
Trojan-Dropper/W32.Agent.1117184.AIY
Trojan-Dropper/W32.Agent.1117184.AIZ
Trojan-Dropper/W32.Agent.1803279
Trojan-Dropper/W32.Agent.2095480
Trojan-Dropper/W32.Agent.3272704.C
Trojan-Dropper/W32.Agent.692224.BM
Trojan-Dropper/W32.Agent.696320.BI
Trojan-Dropper/W32.Agent.8747778
Trojan-Dropper/W32.AutoHK.1275392
Trojan-Dropper/W32.AutoHK.1276928
Trojan-Dropper/W32.AutoHK.479744
Trojan-Dropper/W32.Binder.301729
Trojan-Dropper/W32.Dapato.1014626
Trojan-Dropper/W32.Dapato.1038188
Trojan-Dropper/W32.Dapato.1062665
Trojan-Dropper/W32.Dapato.1077711
Trojan-Dropper/W32.Dapato.161215
Trojan-Dropper/W32.Dapato.177626
Trojan-Dropper/W32.Dapato.179618
Trojan-Dropper/W32.Dapato.182012
Trojan-Dropper/W32.Dapato.182797
Trojan-Dropper/W32.Dapato.183721
Trojan-Dropper/W32.Dapato.190608
Trojan-Dropper/W32.Dapato.191162
Trojan-Dropper/W32.Dapato.195676
Trojan-Dropper/W32.Dapato.208792
Trojan-Dropper/W32.Dapato.209968
Trojan-Dropper/W32.Dapato.212269
Trojan-Dropper/W32.Dapato.266146
Trojan-Dropper/W32.Dapato.324914
Trojan-Dropper/W32.Dapato.328044
Trojan-Dropper/W32.Dapato.340709
Trojan-Dropper/W32.Dapato.342676
Trojan-Dropper/W32.Dapato.353092
Trojan-Dropper/W32.Dapato.353713
Trojan-Dropper/W32.Dapato.356483
Trojan-Dropper/W32.Dapato.362930
Trojan-Dropper/W32.Dapato.374163
Trojan-Dropper/W32.Dapato.375549
Trojan-Dropper/W32.Dapato.376901
Trojan-Dropper/W32.Dapato.377341
Trojan-Dropper/W32.Dapato.377974
Trojan-Dropper/W32.Dapato.392652
Trojan-Dropper/W32.Dapato.395033
Trojan-Dropper/W32.Dapato.400618
Trojan-Dropper/W32.Dapato.413064
Trojan-Dropper/W32.Dapato.427093
Trojan-Dropper/W32.Dapato.429419
Trojan-Dropper/W32.Dapato.436340
Trojan-Dropper/W32.Dapato.437999
Trojan-Dropper/W32.Dapato.439797
Trojan-Dropper/W32.Dapato.445442
Trojan-Dropper/W32.Dapato.447352
Trojan-Dropper/W32.Dapato.458066
Trojan-Dropper/W32.Dapato.460595
Trojan-Dropper/W32.Dapato.465230
Trojan-Dropper/W32.Dapato.471730
Trojan-Dropper/W32.Dapato.475564
Trojan-Dropper/W32.Dapato.480265
Trojan-Dropper/W32.Dapato.483893
Trojan-Dropper/W32.Dapato.486016
Trojan-Dropper/W32.Dapato.488539
Trojan-Dropper/W32.Dapato.500386
Trojan-Dropper/W32.Dapato.501842
Trojan-Dropper/W32.Dapato.510498
Trojan-Dropper/W32.Dapato.521020
Trojan-Dropper/W32.Dapato.521213
Trojan-Dropper/W32.Dapato.539623
Trojan-Dropper/W32.Dapato.545677
Trojan-Dropper/W32.Dapato.549141
Trojan-Dropper/W32.Dapato.550429
Trojan-Dropper/W32.Dapato.552811
Trojan-Dropper/W32.Dapato.560618
Trojan-Dropper/W32.Dapato.563543
Trojan-Dropper/W32.Dapato.571828
Trojan-Dropper/W32.Dapato.571844
Trojan-Dropper/W32.Dapato.594055
Trojan-Dropper/W32.Dapato.595585
Trojan-Dropper/W32.Dapato.602929
Trojan-Dropper/W32.Dapato.604008
Trojan-Dropper/W32.Dapato.607789
Trojan-Dropper/W32.Dapato.608857
Trojan-Dropper/W32.Dapato.610710
Trojan-Dropper/W32.Dapato.619143
Trojan-Dropper/W32.Dapato.623755
Trojan-Dropper/W32.Dapato.627816
Trojan-Dropper/W32.Dapato.627878
Trojan-Dropper/W32.Dapato.635948
Trojan-Dropper/W32.Dapato.637214
Trojan-Dropper/W32.Dapato.640636
Trojan-Dropper/W32.Dapato.643083
Trojan-Dropper/W32.Dapato.646662
Trojan-Dropper/W32.Dapato.648494
Trojan-Dropper/W32.Dapato.656015
Trojan-Dropper/W32.Dapato.659229
Trojan-Dropper/W32.Dapato.665905
Trojan-Dropper/W32.Dapato.667616
Trojan-Dropper/W32.Dapato.677293
Trojan-Dropper/W32.Dapato.682500
Trojan-Dropper/W32.Dapato.694984
Trojan-Dropper/W32.Dapato.697935
Trojan-Dropper/W32.Dapato.699327
Trojan-Dropper/W32.Dapato.727251
Trojan-Dropper/W32.Dapato.731859
Trojan-Dropper/W32.Dapato.732311
Trojan-Dropper/W32.Dapato.738336
Trojan-Dropper/W32.Dapato.748091
Trojan-Dropper/W32.Dapato.751376
Trojan-Dropper/W32.Dapato.771185
Trojan-Dropper/W32.Dapato.775393
Trojan-Dropper/W32.Dapato.779312
Trojan-Dropper/W32.Dapato.787017
Trojan-Dropper/W32.Dapato.791993
Trojan-Dropper/W32.Dapato.799920
Trojan-Dropper/W32.Dapato.804697
Trojan-Dropper/W32.Dapato.815337
Trojan-Dropper/W32.Dapato.830708
Trojan-Dropper/W32.Dapato.836400
Trojan-Dropper/W32.Dapato.842802
Trojan-Dropper/W32.Dapato.867755
Trojan-Dropper/W32.Dapato.873675
Trojan-Dropper/W32.Dapato.951446
Trojan-Dropper/W32.Dapato.982973
Trojan-Dropper/W32.Dapato.983265
Trojan-Dropper/W32.Dapato.985339
Trojan-Dropper/W32.Dapato.992465
Trojan-Dropper/W32.Dapato.998952
Trojan-Dropper/W32.Dorifel.65536.C
Trojan-Dropper/W32.Inject.1059559
Trojan-Dropper/W32.Inject.1217239
Trojan-Dropper/W32.Inject.1672662
Trojan-Dropper/W32.Inject.4171776
Trojan-Dropper/W32.Keylogger.1058847
Trojan-Dropper/W32.Scrop.1408512
Trojan-Dropper/W32.Sramler.773632
Trojan-PWS/W32.Agent.851968.I
Trojan-PWS/W32.Coins.1042432
Trojan-PWS/W32.Coins.1043456
Trojan-PWS/W32.Latot.28672.M
Trojan-PWS/W32.OnLineGames.13391
Trojan-PWS/W32.Sinowal.64512.D
Trojan-PWS/W32.Staem.176128
Trojan-PWS/W32.Tepfer.13976
Trojan-PWS/W32.Tepfer.759296.BH
Trojan-PWS/W32.Tepfer.819712.PP
Trojan-Spy/W32.Downeks.4590696
Trojan-Spy/W32.SpyEyes.812544
Trojan-Spy/W32.Ursnif.1130496
Trojan-Spy/W32.ZBot.121856.BW
Trojan-Spy/W32.ZBot.121856.BX
Trojan-Spy/W32.ZBot.147456.CK
Trojan-Spy/W32.ZBot.18882.B
Trojan-Spy/W32.ZBot.19244.E
Trojan-Spy/W32.ZBot.19842.C
Trojan-Spy/W32.ZBot.20216.F
Trojan-Spy/W32.ZBot.20346.D
Trojan-Spy/W32.ZBot.20926.C
Trojan-Spy/W32.ZBot.21808.D
Trojan-Spy/W32.ZBot.22746.C
Trojan-Spy/W32.ZBot.22786.D
Trojan-Spy/W32.ZBot.22884.D
Trojan-Spy/W32.ZBot.23310.C
Trojan-Spy/W32.ZBot.23816783
Trojan-Spy/W32.ZBot.23843741
Trojan-Spy/W32.ZBot.24190.D
Trojan-Spy/W32.ZBot.24386.B
Trojan-Spy/W32.ZBot.25325840
Trojan-Spy/W32.ZBot.27080.D
Trojan-Spy/W32.ZBot.28428.B
Trojan-Spy/W32.ZBot.28566.B
Trojan-Spy/W32.ZBot.28806.B
Trojan-Spy/W32.ZBot.28944.B
Trojan-Spy/W32.ZBot.2979840
Trojan-Spy/W32.ZBot.304128.EB
Trojan-Spy/W32.ZBot.30504.C
Trojan-Spy/W32.ZBot.30642.C
Trojan-Spy/W32.ZBot.31604.C
Trojan-Spy/W32.ZBot.31778.B
Trojan-Spy/W32.ZBot.31882.B
Trojan-Spy/W32.ZBot.32034.C
Trojan-Spy/W32.ZBot.32494
Trojan-Spy/W32.ZBot.32632.C
Trojan-Spy/W32.ZBot.47105.C
Trojan-Spy/W32.ZBot.66048.EL
Trojan-Spy/W32.ZBot.761856.Q
Trojan/W32.Agent.1011712.FQ
Trojan/W32.Agent.1048576.MM
Trojan/W32.Agent.1058304.AD
Trojan/W32.Agent.1059831
Trojan/W32.Agent.1087488.BHT
Trojan/W32.Agent.1087488.BHU
Trojan/W32.Agent.1087488.BHV
Trojan/W32.Agent.1087488.BHW
Trojan/W32.Agent.1087488.BHX
Trojan/W32.Agent.1087488.BHY
Trojan/W32.Agent.1087488.BHZ
Trojan/W32.Agent.1087488.BIA
Trojan/W32.Agent.1087488.BIB
Trojan/W32.Agent.1087488.BIC
Trojan/W32.Agent.1087488.BID
Trojan/W32.Agent.1087488.BIE
Trojan/W32.Agent.1087488.BIF
Trojan/W32.Agent.1087488.BIG
Trojan/W32.Agent.1087488.BIH
Trojan/W32.Agent.1087488.BII
Trojan/W32.Agent.1087488.BIJ
Trojan/W32.Agent.1087488.BIK
Trojan/W32.Agent.1087488.BIL
Trojan/W32.Agent.1087488.BIM
Trojan/W32.Agent.1087488.BIN
Trojan/W32.Agent.1087488.BIO
Trojan/W32.Agent.1087488.BIP
Trojan/W32.Agent.1087488.BIQ
Trojan/W32.Agent.1087488.BIR
Trojan/W32.Agent.1087488.BIS
Trojan/W32.Agent.1087488.BIT
Trojan/W32.Agent.1087488.BIU
Trojan/W32.Agent.1087488.BIV
Trojan/W32.Agent.1087488.BIW
Trojan/W32.Agent.1087488.BIX
Trojan/W32.Agent.1087488.BIY
Trojan/W32.Agent.1087488.BIZ
Trojan/W32.Agent.1087488.BJA
Trojan/W32.Agent.1087488.BJB
Trojan/W32.Agent.1087488.BJC
Trojan/W32.Agent.1087488.BJD
Trojan/W32.Agent.1087488.BJE
Trojan/W32.Agent.1087488.BJF
Trojan/W32.Agent.1087488.BJG
Trojan/W32.Agent.1087488.BJH
Trojan/W32.Agent.1087488.BJI
Trojan/W32.Agent.1087488.BJJ
Trojan/W32.Agent.1087488.BJK
Trojan/W32.Agent.1087488.BJL
Trojan/W32.Agent.1087488.BJM
Trojan/W32.Agent.1087488.BJN
Trojan/W32.Agent.1087488.BJO
Trojan/W32.Agent.1087488.BJP
Trojan/W32.Agent.1087488.BJQ
Trojan/W32.Agent.1087488.BJR
Trojan/W32.Agent.1087488.BJS
Trojan/W32.Agent.1087488.BJT
Trojan/W32.Agent.1087488.BJU
Trojan/W32.Agent.1087488.BJV
Trojan/W32.Agent.1087488.BJW
Trojan/W32.Agent.1087488.BJX
Trojan/W32.Agent.1087488.BJY
Trojan/W32.Agent.1087488.BJZ
Trojan/W32.Agent.1087488.BKA
Trojan/W32.Agent.1087488.BKB
Trojan/W32.Agent.1087488.BKC
Trojan/W32.Agent.1087488.BKD
Trojan/W32.Agent.1087488.BKE
Trojan/W32.Agent.1087488.BKF
Trojan/W32.Agent.1087488.BKG
Trojan/W32.Agent.1087488.BKH
Trojan/W32.Agent.1087488.BKI
Trojan/W32.Agent.1087488.BKJ
Trojan/W32.Agent.1087488.BKK
Trojan/W32.Agent.1087488.BKL
Trojan/W32.Agent.1087488.BKM
Trojan/W32.Agent.1087488.BKN
Trojan/W32.Agent.1087488.BKO
Trojan/W32.Agent.1087488.BKP
Trojan/W32.Agent.1087488.BKQ
Trojan/W32.Agent.1087488.BKR
Trojan/W32.Agent.1087488.BKS
Trojan/W32.Agent.1087488.BKT
Trojan/W32.Agent.1087488.BKU
Trojan/W32.Agent.1087488.BKV
Trojan/W32.Agent.1087488.BKW
Trojan/W32.Agent.1087488.BKX
Trojan/W32.Agent.1087488.BKY
Trojan/W32.Agent.1087488.BKZ
Trojan/W32.Agent.1087488.BLA
Trojan/W32.Agent.1087488.BLB
Trojan/W32.Agent.1087488.BLC
Trojan/W32.Agent.1087488.BLD
Trojan/W32.Agent.1087488.BLE
Trojan/W32.Agent.1087488.BLF
Trojan/W32.Agent.1087488.BLG
Trojan/W32.Agent.1087488.BLH
Trojan/W32.Agent.1087488.BLI
Trojan/W32.Agent.1087488.BLJ
Trojan/W32.Agent.1087488.BLK
Trojan/W32.Agent.1087488.BLL
Trojan/W32.Agent.1087488.BLM
Trojan/W32.Agent.1087488.BLN
Trojan/W32.Agent.1087488.BLO
Trojan/W32.Agent.1087488.BLP
Trojan/W32.Agent.1087488.BLQ
Trojan/W32.Agent.1087488.BLR
Trojan/W32.Agent.1087488.BLS
Trojan/W32.Agent.1087488.BLT
Trojan/W32.Agent.1087488.BLU
Trojan/W32.Agent.1087488.BLV
Trojan/W32.Agent.1087488.BLW
Trojan/W32.Agent.1087488.BLX
Trojan/W32.Agent.1087488.BLY
Trojan/W32.Agent.1087488.BLZ
Trojan/W32.Agent.1087488.BMA
Trojan/W32.Agent.1087488.BMB
Trojan/W32.Agent.1087488.BMC
Trojan/W32.Agent.1087488.BMD
Trojan/W32.Agent.1087488.BME
Trojan/W32.Agent.1087488.BMF
Trojan/W32.Agent.1087488.BMG
Trojan/W32.Agent.1087488.BMH
Trojan/W32.Agent.1087488.BMI
Trojan/W32.Agent.1087488.BMJ
Trojan/W32.Agent.1087488.BMK
Trojan/W32.Agent.1087488.BML
Trojan/W32.Agent.1087488.BMM
Trojan/W32.Agent.1087488.BMN
Trojan/W32.Agent.1087488.BMO
Trojan/W32.Agent.1087488.BMP
Trojan/W32.Agent.1087488.BMQ
Trojan/W32.Agent.1087488.BMR
Trojan/W32.Agent.1117184.NQ
Trojan/W32.Agent.1117184.NR
Trojan/W32.Agent.1117184.NS
Trojan/W32.Agent.1117184.NT
Trojan/W32.Agent.1117184.NU
Trojan/W32.Agent.1117184.NV
Trojan/W32.Agent.1117184.NW
Trojan/W32.Agent.1117184.NX
Trojan/W32.Agent.1117184.NY
Trojan/W32.Agent.1117184.NZ
Trojan/W32.Agent.1117184.OA
Trojan/W32.Agent.1117184.OB
Trojan/W32.Agent.1117184.OC
Trojan/W32.Agent.1117184.OD
Trojan/W32.Agent.1117184.OE
Trojan/W32.Agent.1117184.OF
Trojan/W32.Agent.1117184.OG
Trojan/W32.Agent.11293184
Trojan/W32.Agent.114194.C
Trojan/W32.Agent.1165972
Trojan/W32.Agent.1186816.W
Trojan/W32.Agent.121856.UY
Trojan/W32.Agent.1238528
Trojan/W32.Agent.12582912.V
Trojan/W32.Agent.132736.E
Trojan/W32.Agent.13312.APT
Trojan/W32.Agent.134584.C
Trojan/W32.Agent.135910.B
Trojan/W32.Agent.136480
Trojan/W32.Agent.142892.B
Trojan/W32.Agent.1431552
Trojan/W32.Agent.1451008
Trojan/W32.Agent.146656.E
Trojan/W32.Agent.1471703
Trojan/W32.Agent.14849.C
Trojan/W32.Agent.156752.F
Trojan/W32.Agent.157176.T
Trojan/W32.Agent.157208.C
Trojan/W32.Agent.16763.B
Trojan/W32.Agent.180877
Trojan/W32.Agent.184320.BMT
Trojan/W32.Agent.1860123
Trojan/W32.Agent.1932865.B
Trojan/W32.Agent.1933312.BL
Trojan/W32.Agent.196096.OO
Trojan/W32.Agent.197980.B
Trojan/W32.Agent.20046.E
Trojan/W32.Agent.212992.GVJ
Trojan/W32.Agent.212992.GVK
Trojan/W32.Agent.212992.GVL
Trojan/W32.Agent.212992.GVM
Trojan/W32.Agent.212992.GVN
Trojan/W32.Agent.212992.GVO
Trojan/W32.Agent.212992.GVP
Trojan/W32.Agent.21760.AW
Trojan/W32.Agent.2269924.B
Trojan/W32.Agent.2305326
Trojan/W32.Agent.2347008.AK
Trojan/W32.Agent.27466900
Trojan/W32.Agent.29310.C
Trojan/W32.Agent.29470.D
Trojan/W32.Agent.29790.D
Trojan/W32.Agent.30614.E
Trojan/W32.Agent.30808.F
Trojan/W32.Agent.30998.D
Trojan/W32.Agent.312320.LJ
Trojan/W32.Agent.31636.D
Trojan/W32.Agent.32438
Trojan/W32.Agent.32472.F
Trojan/W32.Agent.3254554
Trojan/W32.Agent.3264000.C
Trojan/W32.Agent.32768.EQS
Trojan/W32.Agent.3276800.P
Trojan/W32.Agent.33280.YR
Trojan/W32.Agent.3347288.AA
Trojan/W32.Agent.3347288.V
Trojan/W32.Agent.3347288.W
Trojan/W32.Agent.3347288.X
Trojan/W32.Agent.3347288.Y
Trojan/W32.Agent.3347288.Z
Trojan/W32.Agent.33660.D
Trojan/W32.Agent.34516.C
Trojan/W32.Agent.3568480
Trojan/W32.Agent.359588
Trojan/W32.Agent.368640.ADZ
Trojan/W32.Agent.377832
Trojan/W32.Agent.382653
Trojan/W32.Agent.39272.B
Trojan/W32.Agent.3933461.X
Trojan/W32.Agent.3933461.Y
Trojan/W32.Agent.3933461.Z
Trojan/W32.Agent.3933568.AY
Trojan/W32.Agent.394752.GB
Trojan/W32.Agent.405504.AEE
Trojan/W32.Agent.4168175
Trojan/W32.Agent.442368.ZA
Trojan/W32.Agent.44760.D
Trojan/W32.Agent.448512.EB
Trojan/W32.Agent.449046.D
Trojan/W32.Agent.47731.B
Trojan/W32.Agent.493194.B
Trojan/W32.Agent.500224.DS
Trojan/W32.Agent.520555
Trojan/W32.Agent.524288.AJO
Trojan/W32.Agent.524288.AJP
Trojan/W32.Agent.524288.AJQ
Trojan/W32.Agent.526336.CW
Trojan/W32.Agent.528384.SF
Trojan/W32.Agent.540467
Trojan/W32.Agent.548268
Trojan/W32.Agent.549292
Trojan/W32.Agent.573952.CN
Trojan/W32.Agent.6270036
Trojan/W32.Agent.655872.DA
Trojan/W32.Agent.655872.DB
Trojan/W32.Agent.656896.CO
Trojan/W32.Agent.675840.PA
Trojan/W32.Agent.7168.ACO
Trojan/W32.Agent.73728.FPK
Trojan/W32.Agent.73802.AUR
Trojan/W32.Agent.73802.AUS
Trojan/W32.Agent.75643.B
Trojan/W32.Agent.7580.B
Trojan/W32.Agent.833552.E
Trojan/W32.Agent.89750.D
Trojan/W32.Agent.94644.B
Trojan/W32.Agent.94720.AFN
Trojan/W32.Agent.968368
Trojan/W32.Agent.987648
Trojan/W32.Androm.352256
Trojan/W32.APosT.3072.B
Trojan/W32.Bladabindi.229888
Trojan/W32.Bublik.18032
Trojan/W32.Bublik.21876.B
Trojan/W32.Bublik.26136
Trojan/W32.Bublik.296458
Trojan/W32.Bublik.30024
Trojan/W32.Chapak.1087488.K
Trojan/W32.Chapak.1087488.L
Trojan/W32.Chapak.1087488.M
Trojan/W32.Chapak.185864
Trojan/W32.Chapak.257024
Trojan/W32.Chapak.279561
Trojan/W32.Chydo.2957312
Trojan/W32.Cobalt.42504
Trojan/W32.Cometer.373716
Trojan/W32.Crypt.1029632.C
Trojan/W32.Crypt.21978
Trojan/W32.Crypt.963584
Trojan/W32.Cryptos.841728
Trojan/W32.DNSChanger.63150
Trojan/W32.DNSChanger.7861
Trojan/W32.DNSChanger.8053
Trojan/W32.EquationDrug.3514368.B
Trojan/W32.FakeAV.33163.B
Trojan/W32.FakeAV.65466
Trojan/W32.Fakeoff.2254336
Trojan/W32.Fakeoff.23782912
Trojan/W32.Favadd.44544
Trojan/W32.GoBot.2019952
Trojan/W32.Gofot.16384.E
Trojan/W32.Hesv.718336
Trojan/W32.Hesv.763392
Trojan/W32.Ideach.59392
Trojan/W32.InfoStealer.568832.C
Trojan/W32.InfoStealer.576000.D
Trojan/W32.InfoStealer.589824
Trojan/W32.InfoStealer.610488
Trojan/W32.InfoStealer.614890
Trojan/W32.InfoStealer.847308
Trojan/W32.Inject.106496.BZ
Trojan/W32.Inject.151625
Trojan/W32.Inject.27648.PAI
Trojan/W32.Inject.27648.PAJ
Trojan/W32.Inject.27648.PAK
Trojan/W32.Inject.27648.PAL
Trojan/W32.Inject.27648.PAM
Trojan/W32.Inject.27648.PAN
Trojan/W32.Inject.27648.PAO
Trojan/W32.Inject.27648.PAP
Trojan/W32.Inject.27648.PAQ
Trojan/W32.Inject.29097984
Trojan/W32.Inject.348672.H
Trojan/W32.Inject.352768.C
Trojan/W32.Inject.3867871
Trojan/W32.Inject.40960.CFL
Trojan/W32.Inject.5767168.B
Trojan/W32.Inject.66560.Gen
Trojan/W32.Inject.742423
Trojan/W32.Inject.9097216.B
Trojan/W32.Kasidet.116736
Trojan/W32.Kasidet.138240.C
Trojan/W32.Kasidet.139264.X
Trojan/W32.Kasidet.157696
Trojan/W32.Khalesi.8284672
Trojan/W32.Kolovorot.2260992
Trojan/W32.Kovter.327982
Trojan/W32.Monder.58369.B
Trojan/W32.Mucc.124100
Trojan/W32.Mucc.3121152
Trojan/W32.Nisloder.77824.B
Trojan/W32.Nymaim.528896.C
Trojan/W32.Nymaim.541696
Trojan/W32.OnlineGameHack.103114
Trojan/W32.Phpw.2659328
Trojan/W32.Phpw.31416832
Trojan/W32.Pincav.235244
Trojan/W32.Quasar.1645568
Trojan/W32.Reconyc.1822619
Trojan/W32.Reconyc.1994752
Trojan/W32.Reconyc.2533002
Trojan/W32.Reconyc.3026432.B
Trojan/W32.Reconyc.3702784.B
Trojan/W32.Regsup.694272
Trojan/W32.Scarsi.1040896
Trojan/W32.Scarsi.1525239
Trojan/W32.Scarsi.635904
Trojan/W32.SchoolBoy.120170
Trojan/W32.ServStart.22750
Trojan/W32.Shelma.2411520
Trojan/W32.Shelma.2412544
Trojan/W32.Shelma.2769920
Trojan/W32.ShipUp.179743
Trojan/W32.ShipUp.179759
Trojan/W32.ShipUp.243936.B
Trojan/W32.ShipUp.537056
Trojan/W32.ShipUp.646696
Trojan/W32.Snojan.1732608
Trojan/W32.Sofacy.74240.B
Trojan/W32.Swizzor.700416.MO
Trojan/W32.Swizzor.733184.ZH
Trojan/W32.Swrort.438272
Trojan/W32.Upatre.34728
Trojan/W32.Upatre.42690
Trojan/W32.Upatre.42888
Trojan/W32.VBKrypt.460800.N
Trojan/W32.VBKrypt.465667
Trojan/W32.Vilsel.213949
Trojan/W32.Vilsel.649216
Trojan/W32.Waldek.6700416
Trojan/W32.Wauchos.24626688
Trojan/W32.Zapchast.93696.B
Trojan/W32.ZBot.19326
Trojan/W32.ZBot.20650
Trojan/W32.ZBot.25902
Trojan/W32.ZBot.313344.B
Trojan/W32.ZBot.3498840.E
Trojan/W32.ZBot.4085013.D
Trojan/W32.ZBot.43688
Trojan/W32.ZBot.49940
Trojan/W32.ZBot.51780
Trojan/W32.ZBot.57738
Trojan/W32.ZBot.7144
Trojan/W32.Zebrocy.937472
Trojan/W64.Inject.391855
Trojan/W64.Shelma.7168.AET
Trojan/W64.Shelma.7168.AEU
Trojan/W64.Shelma.7168.AEV
Trojan/W64.Shelma.7168.AEW
Worm/W32.Agent.161712
Worm/W32.Agent.2117120
Worm/W32.Agent.250761
Worm/W32.Agent.436736.C
Worm/W32.Agent.464816
Worm/W32.Agent.48475
Worm/W32.Agent.48786
Worm/W32.Agent.48825
Worm/W32.Agent.49070
Worm/W32.Agent.49345
Worm/W32.Agent.49600
Worm/W32.AutoRun.352256.C
Worm/W32.AutoRun.475178
Worm/W32.Cridex.92160
Worm/W32.Eggnog.41603
Worm/W32.Eggnog.48425
Worm/W32.Eggnog.48456
Worm/W32.Eggnog.48841
Worm/W32.Eggnog.49016
Worm/W32.Eggnog.49161
Worm/W32.Eggnog.49169
Worm/W32.Eggnog.49309
Worm/W32.Eggnog.49821
Worm/W32.Eggnog.50588
Worm/W32.Eggnog.50616
Worm/W32.Febipos.6523064
Worm/W32.IRCBot.3679208
Worm/W32.Juched.193918.B
Worm/W32.Juched.219379
Worm/W32.Juched.315637
Worm/W32.NgrBot.464992
Worm/W32.NgrBot.502280
Worm/W32.Nuwar.135168.H
Worm/W32.Socks.326498
Worm/W32.Yah.10153984
Worm/W32.Yah.10256384
Worm/W32.Yah.10379264
Worm/W32.Yah.10522624
Worm/W32.Yah.11509760
Worm/W32.Yah.12013568
Worm/W32.Yah.2068480
Worm/W32.Yah.3067904.B
Worm/W32.Yah.3231744
Worm/W32.Yah.4161536
Worm/W32.Yah.4378624
Worm/W32.Yah.4407296
Worm/W32.Yah.4567040
Worm/W32.Yah.4608000
Worm/W32.Yah.5632000
Worm/W32.Yah.5672960
Worm/W32.Yah.5894144.B
Worm/W32.Yah.5910528
Worm/W32.Yah.5943296.E
Worm/W32.Yah.6004736
Worm/W32.Yah.6074368.B
Worm/W32.Yah.7581696
Worm/W32.Yah.8151040.B
Worm/W32.Yah.8151040.C
Worm/W32.Yah.9674752
Worm/W32.Yah.9719808



--------------------------------------------------------------------------------------

       Copyright ⓒ, (주) 잉카인터넷, 2000-2018, All rights reserved.

--------------------------------------------------------------------------------------

Posted by Erteam