twixz.exe

테스트를 실시한 환경은 Windows XP SP2 Professional 입니다 .

파일 정보

twixz.exe

File size: 66560 bytes MD5...: 5b012d459d7e129826f82a223991a44e

바이러스 토탈 검사 결과

검사 파일: twixz.exe 전송 시각: 2009.02.12 21:29:15 (CET)
안티바이러스	엔진 버전	정의 날짜	검사 결과
a-squared	4.0.0.93	2009.02.12	Trojan-Spy.Win32.Zbot!IK
AhnLab-V3	5.0.0.2	2009.02.12	-
AntiVir	7.9.0.76	2009.02.12	TR/Spy.ZBot.mpr
Authentium	5.1.0.4	2009.02.12	-
Avast	4.8.1335.0	2009.02.12	Win32:Zbot-BAI
AVG	8.0.0.229	2009.02.12	Pakes.AZB
BitDefender	7.2	2009.02.12	Trojan.Spy.Zbot.PS
CAT-QuickHeal	10.00	2009.02.11	-
ClamAV	0.94.1	2009.02.12	-
Comodo	975	2009.02.12	-
DrWeb	4.44.0.09170	2009.02.12	-
eSafe	7.0.17.0	2009.02.12	-
eTrust-Vet	31.6.6353	2009.02.12	-
F-Prot	4.4.4.56	2009.02.11	-
F-Secure	8.0.14470.0	2009.02.12	Trojan-Spy.Win32.Zbot.mpr
Fortinet	3.117.0.0	2009.02.12	-
GData	19	2009.02.12	Trojan.Spy.Zbot.PS
Ikarus	T3.1.1.45.0	2009.02.12	Trojan-Spy.Win32.Zbot
K7AntiVirus	7.10.628	2009.02.12	-
Kaspersky	7.0.0.125	2009.02.12	Trojan-Spy.Win32.Zbot.mpr
McAfee	5524	2009.02.12	-
McAfee+Artemis	5524	2009.02.12	Generic!Artemis
Microsoft	1.4306	2009.02.12	PWS:Win32/Zbot.G
NOD32	3849	2009.02.12	a variant of Win32/Spy.Zbot.IB
Norman	6.00.02	2009.02.12	-
nProtect	2009.1.8.0	2009.02.12	-
Panda	10.0.0.10	2009.02.12	Suspicious file
PCTools	4.4.2.0	2009.02.12	-
Prevx1	V2	2009.02.12	-
Rising	21.16.32.00	2009.02.12	-
SecureWeb-Gateway	6.7.6	2009.02.12	Trojan.Spy.ZBot.mpr
Sophos	4.38.0	2009.02.12	-
Sunbelt	3.2.1851.2	2009.02.12	RiskTool.Win32.ProcessPatcher.Nor!cobra (v)
Symantec	10	2009.02.12	-
TheHacker	6.3.1.9.254	2009.02.12	-
TrendMicro	8.700.0.1004	2009.02.12	-
VBA32	3.12.8.12	2009.02.11	-
ViRobot	2009.2.12.1603	2009.02.12	-
VirusBuster	4.5.11.0	2009.02.12	-
추가 정보
File size: 66560 bytes
MD5...: 5b012d459d7e129826f82a223991a44e
SHA1..: bb643fcd59b612c1dbf99c4663d08e73866df31c
SHA256: c4a75a84ee2da84a79a03e6d635a1102f3dedf12eeda8c9d2e575dd937829a29
SHA512: 3f72c020a4d35d6d337997d308eb8e0dd904110dfe43b87d19c0287a73213eed c33d31c409bf7beba67dab9f6a58b32866a38f0024d0ccfcd8bd46f4d0f3a70a
ssdeep: 1536:UKAxFsP/ehMfOkkda6R9Z/To56Xc/vo3x:JAxFE/AOb63s/vUx
PEiD..: -
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) VXD Driver (0.1%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x203e timedatestamp.....: 0x47c9c662 (Sat Mar 01 21:10:58 2008) machinetype.......: 0x14c (I386) ( 2 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xfc78 0xfe00 6.77 058c43c684806a4644dbf5d713961492 .data 0x11000 0x40cb 0x200 1.10 38deaf2e8e855664778106e822ab2eb2 ( 4 imports ) > USER32.dll: CloseDesktop, PeekMessageA, DrawIcon, GetKeyState, OpenDesktopA, GetCursorPos, CloseWindowStation, GetIconInfo, CharLowerBuffA, ToUnicode, SendMessageA, GetMessageA, FindWindowExA, ExitWindowsEx, LoadCursorA, GetClipboardData, GetDlgItemTextA > KERNEL32.dll: VirtualAlloc, GetLastError, GetVersionExW, CreateFileA, GlobalLock, lstrcatW, GetTickCount, GetCommandLineA, GetProcAddress, FindFirstFileW, VirtualProtect, GetFileAttributesA, lstrcpyA, HeapReAlloc, GetSystemTime, MulDiv, OpenMutexW, SetFilePointer, ReleaseMutex, GlobalUnlock > SHLWAPI.dll: wvnsprintfA, wnsprintfW, PathMatchSpecW, wvnsprintfW, StrCmpNIA, StrStrW, PathRemoveFileSpecW, SHDeleteKeyA, PathCombineW, PathFileExistsW > ADVAPI32.dll: RegQueryValueExA, CryptGetHashParam, CryptCreateHash, RegSetValueExA, RegDeleteValueA, RegEnumKeyExA, CryptHashData, CryptReleaseContext, CryptAcquireContextW ( 0 exports )

twixz.exe 실행이 시스템에 준 변화입니다 .

파일 생성

C:\WINDOWS\system32\twex.exe  (283136bytes)

레지스트리 변경

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "userinit"="C:\WINDOWS\system32\userinit.exe," 위 정상 값이 아래처럼 바뀜 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,"

삭제되지 않는 악성코드 파일 삭제에 도움이 될 수 잇는 관련 글

2009/02/04 - [유용한 팁들] - movefile 활용