80%くらい草にしてごめんなさい・・・・
ところでikarusはすげーよく引っかかるので判断基準としてはどうなんですかね?
rainや808も同じひっかかり方してましたよ。
Trojan/Win32.IRCBot.R23264
TypeRemote Control, Information Leakage, Trojan
Update Date2017-03-02 14:05
RiskHigh
Detail Information
* Method of Infection
This malware does not self-propagate. It is likely that the system could be infected when a user downloads an executable file from a spam mail. Another common vector of infection is drive-by download which is exploited by visiting web pages with vulnerabilities.
* Symptoms
[Malicious Activity]
1. Code Injection
- It create child process itself and inject PE
- It inject code to “Explorer.exe”
2. It remote control infected PC using IRC protocol
3. Stealing login accounts(paypal.com)
4. Automatic write & post (Linkedin, twitter, facebook)
5. DoS(Denial of Service) Attack: SYN Flood, UDP Flood
[Network Domain Connection]
twodollarclick.com
craigslist.com
netflix.com
uploading.com
fileserve.com
hotfile.com
megaupload.com
what.cd
thepiratebay.org
naughtyamerica.com
brazzers.com
hackforums.net
moneybookers.com
paypal.com
仮想環境で動かしてみて、上に上がっているドメインと接続しているかどうか確認するしかないんですかね?