See: http://siteinspector.comodo.com/public/reports/show_log?id=23097
See: http://urlquery.net/report.php?id=13016
See: http://vscan.urlvoid.com/analysis/6617b2d01ef7f928c5c03612030b5a99/cGF0Y2gtZXhl/
See: http://www.virustotal.com/file-scan/report.html?id=d3e26c62d5672f3466b62ab897a233fcddfe42b1ebacdcf9572683fdbae46be5-1324492435
See: http://www.webutation.net/go/review/funad.co.kr
polonus
Activity resembles of sonebot malware…
The DrWeb URL link scan:
Checking: -http://www.funad.co.kr/ipop2/patch.exe
Engine version: 5.0.2.3300
Total virus-finding records: 2955823
File size: 323.57 KB
File MD5: 6617b2d01ef7f928c5c03612030b5a99
-http://www.funad.co.kr/ipop2/patch.exe - archive BINARYRES
-http://www.funad.co.kr/ipop2/patch.exe/data002 - archive INNO SETUP
-http://www.funad.co.kr/ipop2/patch.exe/data002/Script0.bin - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/Script1.bin - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/Install_Script.iss - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/0.object - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/1.object - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/Embedded_Setup.exe - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002/{app}\popsi.exe - Ok
-http://www.funad.co.kr/ipop2/patch.exe/data002 - Ok
-http://www.funad.co.kr/ipop2/patch.exe - Ok
for popsi.exe see:
http://www.threatexpert.com/report.aspx?md5=fbd44adca037e7089596ed722f972531
D