Virus DorkBot.Bx sedang menyebar luas di negeri ini. Berikut ciri-ciri PC yang terinfeksi virus ini:
1. CPU 100%
Sama seperti pendahulunya (BitCoinMiner), DorkBot.Bx juga akan membuat CPU menjadi lamban. Penggunaan CPU menunjukkan persentase 100%. Ini karena aktivitas dari trojan yang berusaha menembus kriptografi blok BitCoin dan mencoba aktif terus untuk melakukan pengiriman data.
2. Boros bandwith
Dengan seringnya melakukan aktivitas kriptografi yang menggunakan sumber daya dari komputer, tentunya akan membuat penggunaan CPU menjadi lambat (100%). Tetapi di balik itu perlu diperhatikan dari aktivitas penggunaan bandwith internet, karena akibat dari trojan DorkBot.Bx justru membuat bandwith anda menjadi boros.
3. Menyembunyikan folder pada drive USB atau removable disk
Sama seperti trojan BitCoinMiner, trojan DorkBot.Bx pun juga melakukan hal yang sama yaitu dengan menyembunyikan folder-folder pada USB atau removable disk dan membuat shortcut palsu yang mirip nama folder tersebut. Sepertinya tren shortcut juga menginspirasi trojan DorkBot.Bx
4. Melakukan koneksi ke Server BitCoin
Trojan DorkBot.Bx berusaha melakukan koneksi ke Server BitCoin untuk melakukan pengiriman kriptografi blok-blok BitCoin menggunakan akun pembuat malware pada BitCoin. Dengan cara tersebut, pembuat malware diuntungkan karena dapat dengan cepat dan mudah melakukan kriptografi blok-blok BitCoin melalui bantuan komputer-komputer yang sudah terinfeksi.
5. Melakukan koneksi ke IRC/Remote Server
Trojan DorkBot.Bx juga berusaha melakukan koneksi ke IRC/Remote Server untuk melakukan pengiriman informasi BitCoin pengguna komputer yang dibutuhkan oleh pembuat malware.
6. Mendownload file malware
Agar mempermudah aksinya, trojan DorkBot.Bx juga melakukan download beberapa file malware tertentu dari IRC/Remote Server agar tetap terupdate dan tidak mudah dikenali oleh antivirus. File malware yang berbeda-beda inilah yang kadang membuat antivirus sulit mendeteksi keberadaan trojan DorkBot.Bx.
7. Mendownload file Certificate Authority (CA)
Pada dasarnya, Certificate Authority (CA) digunakan pada transaksi pembayaran online seperti bank, PayPal, dan ribuan situs lain yang menggunakan protokol SSL. Dengan mendownload file CA, pembuat malware ingin memastikan bahwa komputer korban yang terinfeksi sudah memiliki CA yang terupdate sehingga dapat melakukan transaksi BitCoin dengan aman.
8. Melakukan transfer data yang telah didapatkan
Tujuan utama dari trojan DorkBot.Bx adalah mendapatkan informasi dari pengguna komputer yang sudah terinfeksi.
9. Membuka berbagai port
Trojan DorkBot.Bx juga membuka berbagai port pada komputer korban agar dapat dengan mudah terkoneksi oleh IRC/Remote Server, serta melakukan berbagai aksi dengan leluasa.
10. Mengadopsi Facebook Chat
Metode ini yang mungkin paling sering ditemukan pengguna. DorkBot.Bx memberikan link URL yang telah diubah menjadi singkat, sehingga pengguna akan mudah tertipu. Jika link tersebut dibuka, maka pengguna akan mengunduh file yang menggunakan nama file dan icon yang cukup ‘sexy’.
Ciri lainnya adalah memodifikasi registry dan membuat beberapa file agar menginfeksi komputer. Agar dapat langsung aktif saat pengguna menghubungkan USB atau removable drive, trojan DorkBot.Bx memanfaatkan celah keamanan Windows yaitu Windows Icon handler yang membuat file shortcut dari trojan akan aktif begitu mengakses drive tersebut.
Analisis Virus
Sample yang dikirim ke 2 vendor analisis malware menghasilkan hasil uji sebagai berikut:
1. Menurut McAfee Threat Inteligence
File Properties | Property Values |
---|---|
McAfee Detection | Downloader-CMU.d |
Length | 135681 bytes |
MD5 | 62466ae813448aec7621b25e3102e2c2 |
SHA1 | 02127b7c97893f9fc76c72a46e5690b259bff7d8 |
Other Common Detection Aliases
Company Names | Detection Names |
---|---|
avast | Win32:Malware-gen |
avira | TR/Dropper.Gen |
Kaspersky | Backdoor.Win32.Ruskill.p |
BitDefender | Gen:Heur.IPZ.3 |
Dr.Web | BackDoor.IRC.Bot.835 |
FortiNet | W32/Ruskill.P!tr.bdr |
Microsoft | Worm:Win32/Dorkbot |
Eset | Win32/Injector.FTN trojan (probably variant) |
norman | W32/Suspicious_Gen2.KZIYM |
rising | Trojan.Win32.Generic.128630D2 |
Trend Micro | BKDR_RUSKILL.AA |
vba32 | BScope.FakeAV.xd |
V-Buster | Backdoor.Ruskill!rVOox3DhmwU (trojan) |
Other brands and names may be claimed as the property of others.
Activities | Risk Levels |
---|---|
Attempts to load and execute remote code in explorer process | ![]() |
Attempts to load and execute remote code in a system process. | ![]() |
Attempts to write to a memory location of a protected process. | ![]() |
Attempts to write to a memory location of a Windows system process | ![]() |
Attempts to write to a memory location where winlogon resides | ![]() |
Attempts to load and execute remote code in a previously loaded process | ![]() |
Attempts to write to a memory location of a previously loaded process. | ![]() |
Enumerates many system files and directories. | ![]() |
Enumerates process list | ![]() |
Process attempts to call itself recursively | ![]() |
Attempts to write to a memory location of an unknown process | ![]() |
No digital signature is present | ![]() |
McAfee Scans | Scan Detections |
---|---|
McAfee Beta | Downloader-CMU.d |
McAfee Supported | Downloader-CMU.d |
System Changes
Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files
The following files were analyzed:
1dd.tmp
![]() |
The following files have been added to the system: |
|
![]() |
The following files have been changed: |
|
![]() |
The following files were temporarily written to disk then later removed: |
|
![]() |
The following registry elements have been changed: |
|
![]() |
The applications attempted the following network connection(s): |
|
2. Menurut ThreatExpert
- Submission details:
- Submission received: 30 November 2011, 18:07:02
- Processing time: 14 min 26 sec
- Submitted sample:
- File MD5: 0xE87E6EE3BCB95A9851AE53D46DE583D6
- File SHA-1: 0x8A2239F360D0F3A206D9ABE4550AD44A5343EA1D
- Filesize: 1,903,189 bytes
- Alias:
- Trojan.Gen.2 [Symantec]
- Worm.Win32.Ngrbot.hel [Kaspersky Lab]
- Worm.Win32.Dorkbot [Ikarus]
- Summary of the findings:
What’s been found | Severity Level |
Produces outbound traffic. | ![]() |
Downloads/requests other files from Internet. | ![]() |
Creates a startup registry entry. | ![]() |
Contains characteristics of an identified security risk. | ![]() |
Technical Details:
- The new window was created, as shown below:
NOTICE:Â The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.
![]() |
Possible Security Risk |
- Attention! The following threat categories were identified:
Threat Category | Description |
![]() |
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment |
![]() |
A malicious backdoor trojan that runs in the background and allows remote access to the compromised system |
![]() |
A network-aware worm that attempts to replicate across the existing network(s) |
![]() |
File System Modifications |
- The following files were created in the system:
# | Filename(s) | File Size | File Hash | Alias |
1 | %AppData%\1.tmp %AppData%\2.tmp %AppData%\Fbxaxf.exe |
282,624 bytes | MD5: 0x4419BA71E46C2B6180D8C5FB5F14EFB0 SHA-1: 0x6187916D3C3511B9AE9874A3868B175659D46EC4 |
(not available) |
2 | %AppData%\3.exe![]() |
327,680 bytes | MD5: 0xACB887FE28C2D1206B8835935506E6B8 SHA-1: 0x9E0E8218B3BCAC5931CE448EE8FEFF1333813F2E |
(not available) |
3 | %AppData%\5.exe![]() |
474,829 bytes | MD5: 0x2D04724F3EACF65CB140B8B3F36C5C97 SHA-1: 0xE195798A6F76010673B457B2D8CEADC29E3E22A5 |
(not available) |
4 | %AppData%\6.exe![]() |
388,535 bytes | MD5: 0x7781C1145869CDF87CF61D671247E80E SHA-1: 0xE2F76F546D3E4FF3E748FB6D4B1B3D2890C3B1DA |
(not available) |
5 | %AppData%\7.exe![]() |
398,081 bytes | MD5: 0x37FBCA12ADFF251A3B0BC75EF81CE752 SHA-1: 0x951C62AB205B7CD0C783273170D1DEF56EA25AFE |
Trojan.ADH [PCTools] Trojan.Gen.2 [Symantec] not-a-virus:RiskTool.Win32.HideExec.r [Kaspersky Lab] W32/IRCbot.gen.bc [McAfee] Trojan:Win32/Sisproc ![]() Trojan.BAT.Miner [Ikarus] |
6 | %AppData%\9.tmp %AppData%\Wcxaxw.exe |
294,912 bytes | MD5: 0xDAFF13B10AD87D9F578555B641758FA1 SHA-1: 0x377E0C14DCF65A9B027748775BC7ACD3E06BAB67 |
(not available) |
7 | %AppData%\A.exe![]() |
137,024 bytes | MD5: 0x7DBB979C1CBCFAEBC9792D47E05A841C SHA-1: 0xC73BB9319146F6AD76FFE143685578E51B097587 |
(not available) |
8 | %AppData%\kakao3\fuckHDZSDP.exe %Temp%\fuckHDZSDP.exe |
278,528 bytes | MD5: 0xAE9C07D9B2EA9C1F58E32D3C44B0F33E SHA-1: 0xE1E72AE01919BC8F0BD236AA00EED4D029C7CCE7 |
Trojan.Gen![]() Trojan.Gen ![]() Trojan.Win32.FakeAv.irgx [Kaspersky Lab] BackDoor-DOQ.gen.as [McAfee] Mal/Generic-L ![]() Trojan:Win32/Malagent ![]() Trojan.Win32.Buzus ![]() |
9 | %AppData%\kakao3\new.exe![]() %Temp%\new.exe ![]() |
57,344 bytes | MD5: 0xC31027010355FD8F52FE3640048ACD37 SHA-1: 0x5DD50D63D76B8E1CEFBC019CFD414C57FFFEAA72 |
(not available) |
10 | %AppData%\PickaVamMaterina2\HDZ.exe | 57,344 bytes | MD5: 0x7A8DF56F23106AD0D9D786BAE4ED75BC SHA-1: 0xBD78A2F8FEAA92C5B18BBFFD0EB1399A0644F5BC |
(not available) |
11 | %AppData%\PickaVamMaterina2\Ivo_Sanader.exe | 389,120 bytes | MD5: 0x0A4EB0CB242A27AEC20A281F4293FC5E SHA-1: 0x4BA9C00EAC0317346A0AAC3AE8AFB7D4057863EA |
(not available) |
12 | %AppData%\jqycpqe.exe %Temp%\zxjidmw.exe |
344,576 bytes | MD5: 0x6D6BD4C8256D75B314BDD644C1240917 SHA-1: 0x1ACCD82D27F6511375F5635BDAAC8B3BAFF0E624 |
Trojan.FakeAV![]() Trojan.FakeAV!gen64 [Symantec] Trojan.Win32.FakeAV.dvjc [Kaspersky Lab] FakeAlert-SecurityTool.bt [McAfee] Mal/FakeAV-KL [Sophos] Trojan.Win32.FakeAV ![]() |
13 | %Temp%\about.exe![]() |
57,344 bytes | MD5: 0xC52F6C51034FD72CB65483DAB4E51438 SHA-1: 0xB0039E980891438B76419E0CEF9040FA1C413E93 |
(not available) |
14 | %Temp%\del.exe![]() |
159,232 bytes | MD5: 0x99D3FD2985012D43C3D532CF1F70B342 SHA-1: 0xD0018933F627CD668DFEBC1B3AAD8D4C25D2D82B |
Malware.W95-CIH [PCTools] W95.CIH.damaged ![]() Generic.dx!xon [McAfee] Mal/Generic-L ![]() Trojan:Win32/Dynamer!dtc [Microsoft] Virus.Win9x.CIH ![]() |
15 | %Temp%\hid.exe![]() |
44,040 bytes | MD5: 0xC1C769D742F88E441DED76BF57A5A45C SHA-1: 0x06872DABD41E70DC4EF8FD5131B334BE8A17DB3C |
Net-Worm.SillyFDC![]() not-a-virus:RiskTool.Win32.HideExec.r [Kaspersky Lab] |
16 | %Temp%\HRSearchC.exe | 287,744 bytes | MD5: 0x5E03A535C8BEF1AB056074D68CE7A5E0 SHA-1: 0x689974AE94DF135E21F5711C06B5DC72DA3F9128 |
Trojan.Gen![]() Trojan.Gen.2 [Symantec] Generic.dx!banc [McAfee] Trojan.ATRAPS ![]() packed with PE_Patch.PECompact [Kaspersky Lab] |
17 | %Temp%\Jttetn.exe | 139,264 bytes | MD5: 0x585F2F27EF6D87CD4CC9A8501EAAA6FE SHA-1: 0x0AB77FD8C68025F4E579C4C58C05874108F20F5A |
Trojan.Gen![]() Trojan.Gen ![]() Backdoor.Win32.Ruskill.g [Kaspersky Lab] Downloader-CMU.d [McAfee] Mal/Generic-L ![]() Worm:Win32/Dorkbot.A [Microsoft] Worm.Win32.Dorkbot [Ikarus] |
18 | %Temp%\Mstetq.exe | 143,360 bytes | MD5: 0x167F4EF7C1225451EF69DB10D3B16611 SHA-1: 0xE5D356E142ED28AB5A0748CD04BB792C9514192A |
Worm.Win32.Ngrbot.hdy [Kaspersky Lab] BackDoor-DOQ.gen.as [McAfee] Mal/EncPk-AAQ [Sophos] Worm:Win32/Dorkbot.A [Microsoft] Worm.Win32.Dorkbot [Ikarus] |
19 | %Temp%\newmoon17.exe | 367,889 bytes | MD5: 0x1CE65C3C14F7F09C08C50FBB6A8C1CC4 SHA-1: 0x46E4FD565736FF96A94F5B762C1F875C32585A1B |
Trojan.Win32.FakeAv.irgx [Kaspersky Lab] Generic FakeAlert!tz [McAfee] Mal/Generic-L ![]() Trojan.Win32.Buzus ![]() |
20 | %Temp%\x30811.exe | 1,012,224 bytes | MD5: 0x4BC19BC59EC9C4A987079A618CF18C68 SHA-1: 0xC4EC15672E96CEC3411CCE377BFFEAB55BA8C88D |
Trojan.Gen![]() Trojan.Gen.2 [Symantec] Generic.tfr!r [McAfee] Trojan:Win32/Orsam!rts ![]() Win32.SuspectCrc ![]() |
21 | %Temp%\yz.bat | 180 bytes | MD5: 0xD6C231471750C153641E292D746814B5 SHA-1: 0x16EC0A913564D18A6D03711415B272FDECC3E867 |
Trojan.BAT.Miner.i [Kaspersky Lab] Trojan.BAT.Miner [Ikarus] |
22 | %Programs%\Startup\Demokratska2.exe | 418,008 bytes | MD5: 0xCF4C9FA0F9B2AB5CA96C7C2AF8B26C75 SHA-1: 0x6B9F44527B91AD9DAC7AD1D396787496DBE37BEE |
(not available) |
23 | %Programs%\Startup\dxdiag.exe![]() |
23,552 bytes | MD5: 0x9EA5BEFAB3FAB1D19D70F8D917463D13 SHA-1: 0xBCABE617AF58EFB8B0E759111044BDBB8F3F6152 |
Trojan.Gen![]() Trojan.Gen ![]() Trojan.Win32.Jorik.Aspxor.y [Kaspersky Lab] Generic Downloader.z ![]() Troj/Bredo-IK [Sophos] Trojan.Agent_r ![]() |
24 | %Programs%\Startup\stepx2.exe | 348,530 bytes | MD5: 0x0764BEF5D967DCE3784E18D204BB90E6 SHA-1: 0x896A45B21C554B723503BC5865677733C025FC23 |
Trojan.ADH [PCTools] Trojan.Gen.2 [Symantec] Trojan.BAT.Miner.i, not-a-virus:RiskTool.Win32.HideExec.r [Kaspersky Lab] Generic.tfr!r [McAfee] Trojan.BAT.Miner [Ikarus] |
25 | %Programs%\Startup\taskmgr.exe![]() |
826,184 bytes | MD5: 0x47CFDF331A80B2028A1B8ACA61BD191B SHA-1: 0xD10BD40A735C6EFBFA4FBFA6C842B4DB5DBA9445 |
(not available) |
26 | [file and pathname of the sample #1] | 1,903,189 bytes | MD5: 0xE87E6EE3BCB95A9851AE53D46DE583D6 SHA-1: 0x8A2239F360D0F3A206D9ABE4550AD44A5343EA1D |
Trojan.Gen.2 [Symantec] Backdoor.Win32.Ruskill.g, Worm.Win32.Ngrbot.hdy, Trojan.Win32.Jorik.Aspxor.y, Trojan.Win32.FakeAv.irgx, Trojan.Win32.FakeAV.dvjc, Worm.Win32.Ngrbot.hel [Kaspersky Lab] Worm.Win32.Dorkbot [Ikarus] |
- Notes:
- %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
- %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
- %Programs% is a variable that refers to the file system directory that contains the user’s program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
- The following directories were created:
- %AppData%\kakao3
- %AppData%\PickaVamMaterina2
![]() |
Memory Modifications |
- There was a new process created in the system:
Process Name | Process Filename | Main Module Size |
del.exe![]() |
%Temp%\del.exe![]() |
184,320 bytes |
![]() |
Registry Modifications |
- The following Registry Keys were created:
- HKEY_LOCAL_MACHINE\SOFTWARE\HRSearch
- HKEY_LOCAL_MACHINE\SOFTWARE\HRSearch\Data
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\gnzyyfavskozwffiqimedkeykicvah
- HKEY_CURRENT_USER\Software\jnbsjxsrphezdokcyofecvybrkjlrh
- HKEY_CURRENT_USER\Software\WinRAR SFX
- The newly created Registry Values are:
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Scxaxs = “%AppData%\Scxaxs.exe”
- Lcxaxl = “%AppData%\Lcxaxl.exe”
- Wcxaxw = “%AppData%\Wcxaxw.exe”
- Fbxaxf = “%AppData%\Fbxaxf.exe”
so that Wcxaxw.exe runs every time Windows starts
so that Fbxaxf.exe runs every time Windows starts
- [HKEY_CURRENT_USER\Software\gnzyyfavskozwffiqimedkeykicvah]
- wfdijwaopfddvmieihccsyrbpsbqhy = “”
- [HKEY_CURRENT_USER\Software\jnbsjxsrphezdokcyofecvybrkjlrh]
- dncirhudbpmysvlqkzovzmfcsemsko = “”
- [HKEY_CURRENT_USER\Software\WinRAR SFX]
- C%%Documents and Settings%%UserName%%Application Data%kakao3 = “%AppData%\kakao3”
- C%%Documents and Settings%%UserName%%Start Menu%Programs%Startup = “%Programs%\Startup”
- C%%Documents and Settings%%UserName%%Application Data%PickaVamMaterina2 = “%AppData%\PickaVamMaterina2”
- C%%DOCUME~1%%UserName%%LOCALS~1%Temp = “%UserProfile%\LOCALS~1\Temp”
![]() |
Other details |
- There were registered attempts to establish connection with the remote hosts. The connection details are:
Remote Host | Port Number |
199.15.234.7 | 80 |
70.38.98.239 | 80 |
92.243.20.57 | 3212 |
- The data identified by the following URLs was then requested from the remote web server:
- http://api.wipmania.com/
- http://img105.herosh.com/2011/11/30/745759013.gif
![]() |
Outbound traffic (potentially malicious) |
- There was an outbound traffic produced on port 3212:
00000000 | 1703 0000 1DAB E65A 5272 636E 2145 D536 | …….ZRrcn!E.6
00000010 | DE93 29D5 30B1 C61D 332C 9A67 949A BC7A | ..).0…3,.g…z
00000020 | 9E5B 1703 0000 274F ADFB BF5C 4E3A FB4E | .[….’O…\N:.N
00000030 | D8CC C0CA 0050 D50D 9575 5A23 C707 EC0B | …..P…uZ#….
00000040 | 7581 0719 F6AE 5AD5 F944 AE93 A1AA 1703 | u…..Z..D……
00000050 | 0000 2BD7 208A C1F7 256B F9F6 9CDE A553 | ..+. …%k…..S
00000060 | 9E96 B39D A07E 1DAD B1C6 97A4 3724 EC7E | …..~……7$.~
00000070 | 3C85 F623 B80B 6153 9522 16E0 3A10 1703 | <..#..aS."..:...
00000080 | 0000 2B17 0300 0021 DA71 8326 C5E8 AA2A | ..+....!.q.&...*
00000090 | 9569 1FB6 841A 28FF 3CFD E0B3 CAED 2701 | .i....(.<.....'.
000000A0 | 1E3B 92FF EAA9 C7EA F58C F1E4 D1DA 5265 | .;............Re
000000B0 | 3174 9F17 0300 002B B706 D784 55DF CA99 | 1t.....+....U...
000000C0 | F14D 26E9 7B04 A824 A720 6035 1958 3851 | .M&.{..$. `5.X8Q
000000D0 | 62B7 EF3D D371 4100 05A9 261E 9405 6B9A | b..=.qA...&...k.
000000E0 | 391E C3A9 1497 5C92 EE8B FF97 4DC9 F64B | 9.....\.....M..K
000000F0 | 0686 843D 1503 0000 12C0 9AF5 9FE9 9F49 | ...=...........I
00000100 | D9E3 B6AD 3696 8DE8 80F7 AA16 0300 0041 | ....6..........A
00000110 | 0100 003D 0300 4ED6 E189 B267 390E FDB0 | ...=..N....g9...
00000120 | F1DE 8842 4A95 84E3 FB81 300E 64F0 39B7 | ...BJ.....0.d.9.
00000130 | A36E 5D63 987C 0000 1600 0400 0500 0A00 | .n]c.|..........
00000140 | 0900 6400 6200 0300 0600 1300 1200 6301 | ..d.b.........c.
00000150 | 0015 0300 0002 0129 1603 0000 8410 0000 | .......)........
00000160 | 807F CF33 A19D 39EE 435D ED5D 92EF 7B8E | ...3..9.C].]..{.
00000170 | 5BCF AB87 2357 E0F2 1505 1282 6EE9 A547 | [...#W......n..G
00000180 | 4E1F 9858 939A 5769 3956 3625 8F42 893B | N..X..Wi9V6%.B.;
00000190 | 1E8B 4CF4 FD81 33EA B29E F34C 60CE 341B | ..L...3....L`.4.
000001A0 | 1C77 896E 6C8B E959 F873 F09A 1E96 DB05 | .w.nl..Y.s......
000001B0 | 9A35 3ABB 0986 976E 5283 1942 1B35 58DC | .5:....nR..B.5X.
000001C0 | 1452 FBA5 76CA FEED 54E9 CD6D 3C4D FA84 | .R..v...T..m
3. VirusTotal
Berikut hasil sample yang diperiksa dengan VirusTotal dengan 43 antivirusnya.
Antivirus | Version | Last Update | Result |
---|---|---|---|
AhnLab-V3 | 2011.05.11.01 | 2011.05.11 | Win-Trojan/Injector.135681.C |
AntiVir | 7.11.7.216 | 2011.05.11 | TR/Dropper.Gen |
Antiy-AVL | 2.0.3.7 | 2011.05.11 | Backdoor/Win32.Ruskill.gen |
Avast | 4.8.1351.0 | 2011.05.11 | Win32:Malware-gen |
Avast5 | 5.0.677.0 | 2011.05.11 | Win32:Malware-gen |
AVG | 10.0.0.1190 | 2011.05.10 | Dropper.Generic3.BCMM |
BitDefender | 7.2 | 2011.05.11 | Gen:Trojan.Heur.JP.iu1@aOHdEdmi |
CAT-QuickHeal | 11.00 | 2011.05.11 | Backdoor.Ruskill.p |
ClamAV | 0.97.0.0 | 2011.05.11 | – |
Commtouch | 5.3.2.6 | 2011.05.11 | – |
Comodo | 8659 | 2011.05.11 | UnclassifiedMalware |
DrWeb | 5.0.2.03300 | 2011.05.11 | BackDoor.IRC.Bot.835 |
Emsisoft | 5.1.0.5 | 2011.05.11 | Gen.Trojan.Heur!IK |
eSafe | 7.0.17.0 | 2011.05.09 | – |
eTrust-Vet | 36.1.8320 | 2011.05.11 | – |
F-Prot | 4.6.2.117 | 2011.05.11 | – |
F-Secure | 9.0.16440.0 | 2011.05.11 | Gen:Trojan.Heur.JP.iu1@aOHdEdmi |
Fortinet | 4.2.257.0 | 2011.05.11 | W32/Ruskill.P!tr.bdr |
GData | 22 | 2011.05.11 | Gen:Trojan.Heur.JP.iu1@aOHdEdmi |
Ikarus | T3.1.1.103.0 | 2011.05.11 | Gen.Trojan.Heur |
Jiangmin | 13.0.900 | 2011.05.11 | – |
K7AntiVirus | 9.103.4614 | 2011.05.10 | Backdoor |
Kaspersky | 9.0.0.837 | 2011.05.11 | Backdoor.Win32.Ruskill.p |
McAfee | 5.400.0.1158 | 2011.05.11 | Generic PWS.bfr!c |
McAfee-GW-Edition | 2010.1D | 2011.05.10 | Heuristic.BehavesLike.Win32.Suspicious.D |
Microsoft | 1.6802 | 2011.05.11 | Worm:Win32/Dorkbot |
NOD32 | 6111 | 2011.05.11 | probably a variant of Win32/Injector.FTN |
Norman | 6.07.07 | 2011.05.10 | W32/Suspicious_Gen2.KZIYM |
nProtect | 2011-05-10.01 | 2011.05.10 | – |
Panda | 10.0.3.5 | 2011.05.10 | Generic Malware |
PCTools | 7.0.3.5 | 2011.05.11 | – |
Prevx | 3.0 | 2011.05.11 | – |
Rising | 23.57.01.05 | 2011.05.10 | Trojan.Win32.Generic.128630D2 |
Sophos | 4.65.0 | 2011.05.11 | Mal/Behav-103 |
SUPERAntiSpyware | 4.40.0.1006 | 2011.05.11 | – |
Symantec | 20101.3.2.89 | 2011.05.11 | – |
TheHacker | 6.7.0.1.195 | 2011.05.11 | – |
TrendMicro | 9.200.0.1012 | 2011.05.11 | BKDR_RUSKILL.AA |
TrendMicro-HouseCall | 9.200.0.1012 | 2011.05.11 | BKDR_RUSKILL.AA |
VBA32 | 3.12.16.0 | 2011.05.11 | BScope.FakeAV.xd |
VIPRE | 9250 | 2011.05.11 | Trojan.Win32.Generic!BT |
ViRobot | 2011.5.11.4452 | 2011.05.11 | – |
VirusBuster | 13.6.347.2 | 2011.05.10 | Backdoor.Ruskill!rVOox3DhmwU |
Additional information
|
---|
MD5Â Â Â :Â 62466ae813448aec7621b25e3102e2c2 |
SHA1Â Â :Â 02127b7c97893f9fc76c72a46e5690b259bff7d8 |
SHA256:Â 0e3c6dc183696540c724a848b3f142338d046099c9efc460e9ab4ad67df51299 |
Sumber: detikINET, ThreatExpert, McAfee ThreatInteligence, dan VirusTotal