Trojan.Inject4.9311

Technical Information

Malicious functions

Injects code into

the following system processes:

%WINDIR%\syswow64\svchost.exe

Modifies file system

Creates the following files

C:\1.zip
C:\ГВјГ¦В¬\ВёГ§ГўГ—2.bmp
C:\ГВјГ¦В¬\ВёГ§ГўГ—1.bmp
C:\ГВјГ¦В¬\В»ГЄГ—Гі2.bmp
C:\ГВјГ¦В¬\В»ГЄГ—Гі1.bmp
C:\ГВјГ¦В¬\ВµГ§ГўВјГ¬ГЎГЄВѕ.bmp
C:\ГВјГ¦В¬\Г©ВЄГ¬ГЎ2.bmp
C:\ГВјГ¦В¬\Г©ВЄГ¬ГЎ1.bmp
C:\ГВјГ¦В¬\Г¬ГёГ°В§.bmp
C:\ГВјГ¦В¬\ВµГЈГЁВЇ.bmp
C:\ГВјГ¦В¬\ГҐГ©ВїГ«2.bmp
C:\ГВјГ¦В¬\ГҐГ©ВїГ«1.bmp
C:\ГВјГ¦В¬\ГµГЅ.bmp
C:\ГВјГ¦В¬\Г®ВґГ±ВЎГ¶Г°.bmp
C:\ГВјГ¦В¬\ВёГј.bmp
C:\ГВјГ¦В¬\Г°ГўГЄГ¶ВЅВ±Г Гё.bmp
C:\ГВјГ¦В¬\Г°ГўГЄГ¶.bmp
C:\ГВјГ¦В¬\ВµГ°ГіВўГ°Г».bmp
C:\ГВјГ¦В¬\ВµГ°Г«Гѕ2.bmp
C:\ГВјГ¦В¬\ВµГ°Г«Гѕ1.bmp
C:\ГВјГ¦В¬\ВµГ°В±Гё.bmp
C:\ГВјГ¦В¬\Г¬ГЎГЄВѕ.bmp
C:\ГВјГ¦В¬\ГµВЅ.bmp
C:\ГВјГ¦В¬\ГЇВЈГ®В¬В¶Г»2.bmp
C:\ГВјГ¦В¬\В·ГўВєГҐ.bmp
C:\ГВјГ¦В¬\ГЇВЈГ®В¬В¶Г»1.bmp
C:\ГВјГ¦В¬\ГЁВ·В¶ВЁ.bmp
C:\ГВјГ¦В¬\Г Г±ВєГ°.bmp
C:\ГВјГ¦В¬\В¶ВҐВєГҐ2.bmp
C:\ГВјГ¦В¬\В¶ВҐВєГҐ.bmp
C:\ГВјГ¦В¬\В°ВўГ—ГЁВ¶Г»2.bmp
C:\ГВјГ¦В¬\В°ВўГ—ГЁВ¶Г»1.bmp
C:\ГВјГ¦В¬\Г¶ГёГ°ГўГЎВ¬ВЅГі.bmp
C:\ГВјГ¦В¬\Г±ВЎГґГ±ГіВўГ°Г».bmp
C:\ГВјГ¦В¬\Г±ВЎВїГВ»В§В¶Г«.bmp
C:\ГВјГ¦В¬\Г±ВЎГ§Гё.bmp
C:\ГВјГ¦В¬\Г±ВЎГ¶Г°.bmp
C:\ГВјГ¦В¬\ГЄГ¤ГЁГ«ГµГ«ВєГҐ.bmp
C:\ГВјГ¦В¬\В№ВєГўГІВєГі.bmp
C:\ГВјГ¦В¬\В±ВЄГҐВ®2.bmp
C:\ГВјГ¦В¬\ВІГ¦9.bmp
C:\ГВјГ¦В¬\В±ВЄГҐВ®1.bmp
C:\ГВјГ¦В¬\Г¶В©Г¶Г«2.bmp
C:\ГВјГ¦В¬\Г¶В©Г¶Г«1.bmp
C:\ГВјГ¦В¬\ГўГ№ГГµ2.bmp
C:\ГВјГ¦В¬\ГўГ№ГГµ1.bmp
C:\ГВјГ¦В¬\Г®Вµ2.bmp
C:\ГВјГ¦В¬\Г®Вµ1.bmp
C:\ГВјГ¦В¬\ГЄВ¤.bmp
C:\ГВјГ¦В¬\ГЈГ«ГГ«.bmp
C:\ГВјГ¦В¬\ВЅГ»Г±Гґ.bmp
C:\ГВјГ¦В¬\ВЅГ»Г¶В№.bmp
C:\ГВјГ¦В¬\В¶ГґВѕГ¶ГІГ¬ВіВЈ.bmp
C:\ГВјГ¦В¬\В¶ГґВєГҐ2.bmp
C:\ГВјГ¦В¬\В¶ГґВєГҐ.bmp
C:\ГВјГ¦В¬\ВјГіВіГ©.bmp
C:\ГВјГ¦В¬\ВЅВЈГ¤В§2.bmp
C:\ГВјГ¦В¬\ВЅВЈГ¤В§1.bmp
C:\ГВјГ¦В¬\ВїВГ¤ГЇ2.bmp
C:\ГВјГ¦В¬\ВїВГ¤ГЇ1.bmp
C:\ГВјГ¦В¬\В¶ВіВЅГЎ.bmp
C:\ГВјГ¦В¬\В№ГєВѕГј.bmp
C:\ГВјГ¦В¬\В№ГёВ±Гµ.bmp
C:\ГВјГ¦В¬\ГЁГ«ГЈГҐ.bmp
C:\ГВјГ¦В¬\ГВЈГ¶В№В№В¤Г—Г·.bmp
C:\ГВјГ¦В¬\ГґГ¦В¶ВҐГҐГҐГ®В».bmp
C:\ГВјГ¦В¬\ГґГ¦В¶ВҐГ¶В®ГѕГ¤.bmp
C:\ГВјГ¦В¬\ГґГ¦В¶ВҐ.bmp
C:\ГВјГ¦В¬\ГґГ¦.bmp
C:\ГВјГ¦В¬\ГЎГ«ВЅГўВёГјВ¶Г .bmp
C:\ГВјГ¦В¬\Г¶Г·.bmp
C:\ГВјГ¦В¬\qqВµГ§ГўВј.bmp
C:\ГВјГ¦В¬\esc.bmp
C:\ГВјГ¦В¬\8ВјВ¶.bmp
C:\ГВјГ¦В¬\7ВјВ¶.bmp
C:\ГВјГ¦В¬\2ВјВ¶.bmp
C:\ГВјГ¦В¬\1ВјВ¶.bmp
C:\ГВјГ¦В¬\ВїВЁГҐГ¦2.bmp
C:\ГВјГ¦В¬\ВїВЁГ¬Гё1.bmp
C:\ГВјГ¦В¬\ВїВЁГҐГ¦1.bmp
C:\ГВјГ¦В¬\ВїВЁГ¬Гё2.bmp
C:\ГВјГ¦В¬\ГЈГјГўГ«ВґГГ®Гі2.bmp
C:\ГВјГ¦В¬\ВїВЁГ ГІГ«В№Г«Гѕ1.bmp
C:\ГВјГ¦В¬\ГЈГјГўГ«ВґГГ®Гі.bmp
C:\ГВјГ¦В¬\В±В¦ВµГ¤.bmp
C:\ГВјГ¦В¬\В»Г№Г Вј2.bmp
C:\ГВјГ¦В¬\В»Г№Г Вј1.bmp
C:\ГВјГ¦В¬\Г©Г¬ВµГЄВІГ¦.bmp
C:\ГВјГ¦В¬\Г®ГјГ±ВЄВ№Г2.bmp
C:\ГВјГ¦В¬\Г®ГјГ±ВЄВ№Г1.bmp
C:\ГВјГ¦В¬\ГіГ±ГіВўГ°Г».bmp
C:\ГВјГ¦В¬\ГіГ±Г«Гѕ2.bmp
C:\ГВјГ¦В¬\ГіГ±Г«Гѕ1.bmp
C:\ГВјГ¦В¬\В№ВєГўГІ.bmp
C:\ГВјГ¦В¬\Г±Г©Г¶В¤ГўГ«.bmp
C:\ГВјГ¦В¬\ВІГ¦8.bmp
C:\ГВјГ¦В¬\ВІГ¦7.bmp
C:\ГВјГ¦В¬\ВІГ¦6.bmp
C:\ГВјГ¦В¬\ВІГ¦5.bmp
C:\ГВјГ¦В¬\ВІГ¦4.bmp
C:\ГВјГ¦В¬\ВІГ¦3.bmp
C:\ГВјГ¦В¬\ВІГ¦2.bmp
C:\ГВјГ¦В¬\ВІГ¦1.bmp
C:\ГВјГ¦В¬\ВІГ¦.bmp
C:\ГВјГ¦В¬\ВїВЁГ©ВЇ.bmp
C:\ГВјГ¦В¬\ВїВЁГ ГІГ«В№Г«Гѕ2.bmp
C:\ГВјГ¦В¬\ГіГ±В±Гё.bmp
C:\zk.txt

Deletes the following files

C:\1.zip

Miscellaneous

Executes the following

'%WINDIR%\syswow64\svchost.exe'
'%WINDIR%\syswow64\regsvr32.exe' dm.dll -s

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта

Скачать с Google Play

Скачайте
Dr.Web для Android

Бесплатно на 3 месяца
Все компоненты защиты
Продление демо через
AppGallery/Google Pay

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней