Trojan.DownLoader5.15160

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] 'LibraryPath' = 'mswsock.dll'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] 'LibraryPath' = 'mswsock.dll'
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = ''
[<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = ''

Создает следующие сервисы:

[<HKLM>\SYSTEM\ControlSet001\Services\.netbt] 'ImagePath' = '\*'

Вредоносные функции:

Запускает на исполнение:

%WINDIR%\explorer.exe

Внедряет код в

следующие системные процессы:

<SYSTEM32>\winlogon.exe

Изменения в файловой системе:

Создает следующие файлы:

%WINDIR%\$NtUninstallKB48617$\2804554435\cfg.ini
%WINDIR%\$NtUninstallKB48617$\2804554435\@
%WINDIR%\$NtUninstallKB48617$\2804554435\Desktop.ini
%WINDIR%\$NtUninstallKB48617$\2804554435\L\acbrwqkz

Самоудаляется.

Сетевая активность:

Подключается к:

'31.#69.5.54':34354
'18#.#.158.156':34354
'10#.#.210.170':34354
'71.##2.191.125':34354
'71.##5.132.73':34354
'86.##.216.149':34354
'97.##.145.43':34354
'18#.#0.197.33':34354
'20#.#04.152.26':34354
'50.##5.173.225':34354
'12#.#11.209.99':34354
'85.##8.38.83':34354
'96.##.168.190':34354
'98.##.34.125':34354
'18#.#27.118.84':34354
'67.##2.63.10':34354
'99.##5.147.52':34354
'82.##2.128.251':34354
'68.##3.84.119':34354
'64.##9.73.67':34354
'24.##.126.209':34354
'69.##4.45.191':34354
'72.##5.166.138':34354
'98.##9.113.253':34354
'17#.#29.62.235':34354
'18#.#7.2.184':34354
'10#.#7.34.210':34354
'76.##.225.152':34354
'69.##8.184.237':34354
'96.#9.191.7':34354
'95.##2.190.124':34354
'95.##.88.241':34354
'99.##5.146.39':34354
'17#.#7.77.237':34354
'98.##.132.69':34354
'95.##.162.71':34354
'98.##2.253.218':34354
'67.##.78.169':34354
'70.##7.88.21':34354
'14.##9.187.116':34354
'96.##.107.53':34354
'24.##2.17.15':34354
'62.##1.116.91':34354
'18#.#91.213.129':34354
'18#.#26.227.216':34354
'17#.#9.37.81':34354
'70.##4.200.240':34354
'10#.#38.131.67':34354
'67.##7.66.210':34354
'18#.#8.223.97':34354
'82.##8.156.5':34354
'17#.#1.33.46':34354
'20#.#21.37.183':34354
'67.##.129.235':34354
'69.##5.140.54':34354
'20#.#04.210.98':34354
'67.##7.95.160':34354
'98.##6.127.245':34354
'24.##8.121.35':34354
'21#.#4.129.57':34354
'89.##0.185.103':34354
'98.##1.115.215':34354
'24.##0.124.142':34354
'93.##.162.42':34354
'89.##6.60.226':34354
'24.##9.154.51':34354
'41.##.201.178':34354
'10#.#43.226.66':34354
'71.#7.76.11':34354
'68.##3.142.61':34354
'10#.#16.29.239':34354
'10#.#37.182.99':34354
'18#.#21.203.84':34354
'19#.#60.150.73':34354
'95.##.230.30':34354
'71.##.59.251':34354
'68.##.183.242':34354
'20#.#05.110.67':34354
'68.##5.65.140':34354
'75.##1.17.155':34354
'39.##9.51.176':34354
'17#.92.3.39':34354
'17#.#59.19.208':34354
'76.##.134.218':34354
'82.##2.174.252':34354
'98.##9.139.191':34354
'99.##.32.101':34354
'24.##.102.235':34354
'17#.#3.52.157':34354
'18#.#8.26.47':34354
'1.##.73.98':34354
'76.##.230.125':34354
'95.##.238.214':34354
'41.##2.33.153':34354
'76.##9.250.70':34354
'41.##7.138.249':34354
'17#.#13.81.18':34354
'82.##2.251.190':34354
'71.##9.190.129':34354
'17#.#77.206.3':34354
'92.##.57.148':34354
'21#.#83.247.103':34354
'71.##5.161.176':34354
'68.##5.96.141':34354
'20#.#3.113.172':34354
'68.##.77.164':34354
'17#.#.171.168':34354
'61.##.135.48':34354
'76.##0.176.212':34354
'17#.#36.88.66':34354
'18#.#5.28.182':34354
'18#.#94.153.200':34354
'66.##5.136.48':34354
'95.##.117.170':34354
'46.##.12.170':34354
'11#.#34.57.70':34354
'19#.#74.166.90':34354
'81.##1.246.141':34354
'70.##0.202.158':34354
'70.##1.75.107':34354
'17#.#9.78.251':34354
'66.##.247.14':34354
'20#.#4.227.108':34354
'97.##.173.218':34354
'46.##2.189.234':34354
'69.##5.1.232':34354
'67.##6.185.43':34354
'11#.#87.37.160':34354
'92.#1.5.107':34354
'41.#43.0.45':34354
'74.##8.110.234':34354
'21#.#2.199.65':34354
'67.##9.239.12':34354
'50.##.44.227':34354
'17#.#02.54.97':34354
'98.##9.210.124':34354
'19#.#6.189.219':34354
'74.##.81.175':34354
'76.##1.59.190':34354
'96.#7.41.3':34354
'79.##7.12.195':34354
'76.##0.26.187':34354
'83.##8.76.184':34354
'76.##1.189.10':34354
'50.##5.158.55':34354
'17#.#0.50.243':34354
'72.##6.35.154':34354
'69.##3.217.249':34354
'95.##.192.222':34354
'65.##.224.213':34354
'24.##9.183.236':34354
'76.##5.236.182':34354
'74.##.13.124':34354
'46.##9.52.29':34354
'21#.#.136.160':34354
'12#.#22.5.130':34354
'17#.#9.175.117':34354
'11#.#8.38.186':34354
'20#.#43.108.245':34354
'24.#.199.12':34354
'95.##.253.196':34354
'67.##3.61.88':34354
'10#.#01.171.134':34354
'92.#6.12.26':34354
'69.##7.17.214':34354
'68.##8.241.60':34354
'65.##.79.136':34354
'76.##.172.37':34354
'24.##7.88.18':34354
'11#.#00.66.151':34354
'91.##.191.53':34354
'localhost':80
'46.#2.235.2':34354
'76.##9.96.118':34354
'50.##5.89.254':34354
'98.##3.8.190':34354
'88.##7.86.144':34354
'18#.#62.164.101':34354
'10#.#37.34.201':34354
'67.##.181.21':34354
'31.#.106.2':34354
'97.##.123.227':34354
'17#.#18.148.178':34354
'93.##7.241.112':34354
'69.##0.70.38':34354
'24.##.108.111':34354
'71.##.224.240':34354
'18#.#91.81.236':34354
'68.##5.71.206':34354
'10#.#34.224.1':34354
'41.##.185.45':34354
'18#.#4.0.130':34354
'65.#.164.118':34354
'18#.0.16.68':34354
'74.##9.133.224':34354
'11#.#18.172.86':34354
'67.#8.40.18':34354
'92.#3.23.11':34354
'10#.#07.166.32':34354
'17#.#.59.217':34354
'18#.#84.44.33':34354
'24.##5.205.149':34354
'31.#7.240.6':34354
'11#.#95.21.145':34354
'20#.#65.226.3':34354
'18#.#1.49.200':34354
'20#.#42.186.230':34354
'94.##7.100.69':34354
'70.#2.83.92':34354
'98.#8.7.199':34354
'71.##8.215.46':34354
'75.##8.188.181':34354
'24.##2.71.50':34354
'11#.39.90.9':34354
'19#.#17.225.161':34354
'46.##3.144.244':34354
'24.##8.62.184':34354
'62.##1.145.93':34354
'24.#0.46.97':34354
'11#.#17.170.175':34354
'10#.#01.16.186':34354
'81.##.195.54':34354
'10#.#31.10.144':34354
'18#.#97.129.115':34354
'17#.#17.123.28':34354
'71.#2.8.112':34354
'12#.#47.16.99':34354
'24.##0.92.91':34354
'15#.#24.149.190':34354
'19#.#4.119.22':34354
'46.##2.195.86':34354
'46.##4.242.199':34354
'2.##.133.255':34354
'71.##5.104.253':34354
'67.#3.25.19':34354
'79.##2.57.163':34354
'20#.83.9.54':34354
'24.##0.205.53':34354
'91.##7.60.22':34354
'21#.#7.176.171':34354
'17#.#24.47.203':34354
'69.##7.48.159':34354
'18#.#5.61.254':34354
'82.##.102.228':34354
'78.##1.204.234':34354
'71.##.240.161':34354
'97.##.81.246':34354
'19#.#06.103.2':34354
'18#.#6.101.224':34354
'50.##.164.62':34354
'76.##.106.127':34354
'20#.#66.92.183':34354
'93.##0.65.84':34354
'11#.#92.197.33':34354
'18#.#6.145.152':34354
'65.##.212.213':34354
'19#.#01.251.52':34354

TCP:

Запросы HTTP GET:

localhost/stat2.php?w=#################################################
localhost/stat2.php?w=################################################

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней