Trojan.PWS.Siggen2.3556

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{D9B1D445-AEFE-5B83-BCB50F636B53C270}' = '%ALLUSERSPROFILE%\Application Data\wepizup.exe'

Modifies file system:

Creates the following files:

%ALLUSERSPROFILE%\Application Data\wepizup.exe

Sets the 'hidden' attribute to the following files:

%ALLUSERSPROFILE%\Application Data\wepizup.exe

Network activity:

Connects to:

'18#.#1.100.50':9030
'<LOCALNET>.0.150':445
'18#.#94.121.193':445
'<LOCALNET>.0.149':445
'20#.#54.99.167':445
'<LOCALNET>.0.148':445
'<LOCALNET>.0.147':445
'19#.#7.135.75':445
'<LOCALNET>.0.146':445
'76.#6.5.125':445
'<LOCALNET>.0.145':445
'12#.#27.78.217':445
'<LOCALNET>.0.144':445
'16#.#21.74.96':445
'27.##1.163.70':445
'<LOCALNET>.0.143':445
'17#.7.14.8':445
'52.##8.25.190':445
'14#.#04.78.26':445
'78.##0.146.27':445
'94.##3.36.97':445
'<LOCALNET>.0.142':445
'18#.#81.62.70':445
'91.##3.102.79':445
'16#.#87.180.176':445
'<LOCALNET>.0.151':445
'94.##.141.236':445
'<LOCALNET>.0.167':445
'<LOCALNET>.0.166':445
'18#.#1.29.27':445
'<LOCALNET>.0.165':445
'<LOCALNET>.0.164':445
'15#.#02.133.157':445
'<LOCALNET>.0.163':445
'<LOCALNET>.0.162':445
'43.##5.45.60':445
'<LOCALNET>.0.161':445
'<LOCALNET>.0.152':445
'32.##0.89.107':445
'<LOCALNET>.0.159':445
'<LOCALNET>.0.158':445
'<LOCALNET>.0.157':445
'87.#0.19.58':445
'<LOCALNET>.0.156':445
'71.##9.184.208':445
'<LOCALNET>.0.155':445
'<LOCALNET>.0.154':445
'39.##8.58.39':445
'<LOCALNET>.0.153':445
'<LOCALNET>.0.160':445
'<LOCALNET>.0.168':445
'43.##.202.52':445
'95.##.100.138':445
'32.##.188.211':445
'13.##.121.239':445
'<LOCALNET>.0.137':445
'44.##8.101.136':445
'17#.#9.159.194':445
'12#.#68.237.106':445
'19#.#42.45.159':445
'16#.#44.5.129':445
'<LOCALNET>.0.136':445
'50.#6.65.32':445
'62.##7.75.80':445
'16#.#.128.129':445
'<LOCALNET>.0.141':445
'16#.#65.31.212':445
'82.##.97.207':445
'<LOCALNET>.0.135':445
'2.##.232.74':445
'16#.#41.93.103':445
'19#.#0.191.95':80
'18#.#71.16.204':445
'13#.#90.209.68':445
'15#.#01.171.31':445
'5.##.12.209':445
'po##.#inexmr.com':4444
'21#.#3.156.42':445
'<LOCALNET>.0.139':445
'77.##2.59.198':445
'13#.#29.121.124':445
'52.##0.159.214':445
'<LOCALNET>.0.140':445
'18#.#5.185.224':445
'10#.#75.128.244':445
'20#.#31.211.28':445
'16#.#8.62.99':445
'18#.#34.137.246':445
'14#.#.30.214':445
'14#.#32.252.100':445
'99.##.104.146':445
'11#.#31.28.52':445
'12#.#62.174.209':445
'94.##9.187.146':445
'<LOCALNET>.0.138':445
'70.##9.145.244':445
'82.#.130.99':445
'63.##9.210.173':445
'18#.0.96.9':445
'41.##.169.39':445
'64.##1.197.148':445
'16#.#82.115.169':445
'<LOCALNET>.0.87':445
'73.##3.13.230':445
'<LOCALNET>.0.218':445
'<LOCALNET>.0.212':445
'16#.#59.202.153':445
'<LOCALNET>.0.217':445
'14.##.50.133':445
'<LOCALNET>.0.216':445
'<LOCALNET>.0.215':445
'<LOCALNET>.0.214':445
'19#.#04.176.169':445
'<LOCALNET>.0.213':445
'13.##.196.246':445
'11#.#40.54.91':445
'<LOCALNET>.0.219':445
'<LOCALNET>.0.204':445
'<LOCALNET>.0.210':445
'<LOCALNET>.0.209':445
'15#.#1.19.94':445
'<LOCALNET>.0.208':445
'<LOCALNET>.0.207':445
'<LOCALNET>.0.206':445
'14#.#7.78.209':445
'<LOCALNET>.0.205':445
'20#.#.225.120':445
'52.#0.2.179':445
'<LOCALNET>.0.211':445
'20#.#2.6.106':445
'<LOCALNET>.0.203':445
'<LOCALNET>.0.234':445
'12#.#22.79.131':445
'<LOCALNET>.0.233':445
'17#.#5.115.32':445
'<LOCALNET>.0.232':445
'<LOCALNET>.0.231':445
'17.##.255.98':445
'<LOCALNET>.0.230':445
'<LOCALNET>.0.229':445
'<LOCALNET>.0.220':445
'<LOCALNET>.0.235':445
'16#.#86.68.255':445
'20#.#47.47.113':445
'<LOCALNET>.0.226':445
'<LOCALNET>.0.225':445
'19#.#2.126.124':445
'<LOCALNET>.0.224':445
'<LOCALNET>.0.223':445
'24.##.197.177':445
'<LOCALNET>.0.222':445
'<LOCALNET>.0.221':445
'<LOCALNET>.0.228':445
'<LOCALNET>.0.227':445
'13#.#1.29.43':445
'<LOCALNET>.0.202':445
'16#.#9.247.3':445
'<LOCALNET>.0.182':445
'16#.#4.255.53':445
'<LOCALNET>.0.181':445
'<LOCALNET>.0.180':445
'15#.#63.221.84':445
'<LOCALNET>.0.179':445
'<LOCALNET>.0.178':445
'53.##.110.157':445
'<LOCALNET>.0.184':445
'<LOCALNET>.0.177':445
'<LOCALNET>.0.176':445
'<LOCALNET>.0.175':445
'17#.#.138.198':445
'<LOCALNET>.0.174':445
'<LOCALNET>.0.173':445
'<LOCALNET>.0.172':445
'12#.#3.10.102':445
'<LOCALNET>.0.171':445
'18.##9.24.174':445
'<LOCALNET>.0.170':445
'11#.#0.191.138':445
'<LOCALNET>.0.185':445
'13#.#2.165.135':445
'<LOCALNET>.0.183':445
'<LOCALNET>.0.186':445
'<LOCALNET>.0.201':445
'19#.#4.107.210':445
'<LOCALNET>.0.200':445
'<LOCALNET>.0.199':445
'16#.#8.85.51':445
'<LOCALNET>.0.198':445
'47.##8.186.208':445
'<LOCALNET>.0.197':445
'<LOCALNET>.0.196':445
'<LOCALNET>.0.195':445
'10#.#31.103.5':445
'<LOCALNET>.0.194':445
'<LOCALNET>.0.193':445
'17#.#04.143.255':445
'<LOCALNET>.0.192':445
'15#.#28.130.100':445
'<LOCALNET>.0.191':445
'<LOCALNET>.0.190':445
'81.#9.84.2':445
'<LOCALNET>.0.189':445
'<LOCALNET>.0.188':445
'22#.#07.130.36':445
'<LOCALNET>.0.187':445
'73.##5.86.58':445
'15#.#0.150.86':445
'18.##9.147.82':445
'<LOCALNET>.0.134':445
'1.##.96.125':445
'13#.#06.52.157':445
'<LOCALNET>.0.59':445
'<LOCALNET>.0.58':445
'<LOCALNET>.0.57':445
'<LOCALNET>.0.56':445
'<LOCALNET>.0.55':445
'<LOCALNET>.0.54':445
'<LOCALNET>.0.53':445
'<LOCALNET>.0.52':445
'<LOCALNET>.0.51':445
'<LOCALNET>.0.39':445
'<LOCALNET>.0.61':445
'<LOCALNET>.0.41':445
'<LOCALNET>.0.48':445
'19#.#45.244.151':445
'15#.#06.106.212':445
'<LOCALNET>.0.47':445
'<LOCALNET>.0.46':445
'<LOCALNET>.0.45':445
'<LOCALNET>.0.44':445
'<LOCALNET>.0.43':445
'<LOCALNET>.0.42':445
'<LOCALNET>.0.49':445
'<LOCALNET>.0.50':445
'20#.#3.120.14':445
'<LOCALNET>.0.73':445
'<LOCALNET>.0.74':445
'<LOCALNET>.0.83':445
'<LOCALNET>.0.82':445
'<LOCALNET>.0.81':445
'<LOCALNET>.0.80':445
'<LOCALNET>.0.79':445
'<LOCALNET>.0.78':445
'<LOCALNET>.0.77':445
'<LOCALNET>.0.76':445
'<LOCALNET>.0.75':445
'<LOCALNET>.0.84':445
'<LOCALNET>.0.62':445
'<LOCALNET>.0.63':445
'<LOCALNET>.0.71':445
'<LOCALNET>.0.70':445
'<LOCALNET>.0.69':445
'<LOCALNET>.0.68':445
'<LOCALNET>.0.67':445
'<LOCALNET>.0.66':445
'<LOCALNET>.0.65':445
'<LOCALNET>.0.64':445
'17#.#7.0.249':445
'<LOCALNET>.0.72':445
'<LOCALNET>.0.40':445
'<LOCALNET>.0.38':445
'<LOCALNET>.0.85':445
'<LOCALNET>.0.13':445
'4.###.231.53':445
'<LOCALNET>.0.12':445
'68.##7.221.166':445
'<LOCALNET>.0.11':445
'11#.#52.135.12':445
'<LOCALNET>.0.10':445
'<LOCALNET>.0.9':445
'17#.#23.21.117':445
'16#.#.135.15':445
'<LOCALNET>.0.8':445
'49.##.195.134':445
'<LOCALNET>.0.6':445
'20#.#61.54.169':445
'<LOCALNET>.0.5':445
'<LOCALNET>.0.4':445
'<LOCALNET>.0.3':445
'16#.#46.199.14':445
'<LOCALNET_GATEWAY>':445
'77.##6.116.10':445
'<LOCALNET>.0.0':445
'<LOCALNET>.0.7':445
'<LOCALNET>.0.15':445
'<LOCALNET>.0.14':445
'<LOCALNET>.0.16':445
'<LOCALNET>.0.37':445
'<LOCALNET>.0.28':445
'<LOCALNET>.0.36':445
'41.##5.181.57':445
'<LOCALNET>.0.35':445
'<LOCALNET>.0.34':445
'<LOCALNET>.0.33':445
'75.##.69.237':445
'<LOCALNET>.0.32':445
'<LOCALNET>.0.31':445
'<LOCALNET>.0.30':445
'<LOCALNET>.0.29':445
'<LOCALNET>.0.27':445
'<LOCALNET>.0.17':445
'<LOCALNET>.0.26':445
'<LOCALNET>.0.25':445
'<LOCALNET>.0.24':445
'94.##8.248.252':445
'<LOCALNET>.0.23':445
'<LOCALNET>.0.22':445
'<LOCALNET>.0.21':445
'<LOCALNET>.0.20':445
'<LOCALNET>.0.19':445
'<LOCALNET>.0.18':445
'14#.#2.141.85':445
'<LOCALNET>.0.169':445
'<LOCALNET>.0.86':445
'<LOCALNET>.0.98':445
'<LOCALNET>.0.129':445
'22#.#8.249.18':445
'<LOCALNET>.0.131':445
'24.##2.178.1':445
'14#.#20.204.103':445
'13#.#62.134.92':445
'71.##5.168.107':445
'18#.#77.204.53':445
'16#.#72.194.53':9030
'10#.#96.39.104':445
'37.#1.15.46':445
'20#.#32.61.91':445
'14#.#1.80.207':445
'17#.#48.154.107':445
'10#.#95.80.101':445
'74.##6.87.181':445
'<LOCALNET>.0.130':445
'18#.#98.244.201':445
'12#.#05.1.131':445
'4.##8.89.44':445
'16#.#06.150.40':445
'79.##2.8.229':445
'13#.#7.96.141':445
'19#.#87.71.226':445
'17#.#24.62.152':445
'14#.#8.145.205':445
'<LOCALNET>.0.60':445
'39.##3.221.32':445
'23.##6.237.233':445
'10#.#35.35.122':445
'32.##0.247.240':445
'25.##.235.148':445
'81.##4.175.69':445
'82.##8.244.222':445
'34.##.176.207':445
'<LOCALNET>.0.133':445
'92.##5.48.16':445
'75.##8.127.51':445
'17#.#74.156.148':445
'63.##9.115.128':445
'66.##5.183.126':445
'19#.#42.233.223':445
'74.##2.215.75':445
'19.##0.129.13':445
'57.##.166.221':445
'<LOCALNET>.0.132':445
'62.##.67.237':445
'37.##.41.120':445
'14#.#13.109.147':445
'97.##.111.231':445
'19#.#30.80.13':445
'12.##4.41.218':445
'<LOCALNET>.0.99':445
'<LOCALNET>.0.108':445
'<LOCALNET>.0.107':445
'<LOCALNET>.0.106':445
'<LOCALNET>.0.105':445
'<LOCALNET>.0.104':445
'<LOCALNET>.0.103':445
'<LOCALNET>.0.102':445
'<LOCALNET>.0.101':445
'<LOCALNET>.0.100':445
'<LOCALNET>.0.109':445
'<LOCALNET>.0.110':445
'<LOCALNET>.0.111':445
'<LOCALNET>.0.96':445
'<LOCALNET>.0.95':445
'<LOCALNET>.0.94':445
'18#.#69.57.248':445
'<LOCALNET>.0.93':445
'<LOCALNET>.0.92':445
'<LOCALNET>.0.91':445
'<LOCALNET>.0.90':445
'<LOCALNET>.0.89':445
'<LOCALNET>.0.97':445
'<LOCALNET>.0.112':445
'97.##7.217.221':445
'18#.#6.209.96':445
'17#.#05.81.142':445
'<LOCALNET>.0.122':445
'51.##7.254.121':445
'73.##9.220.87':445
'17#.#2.202.90':445
'59.##8.137.163':445
'<LOCALNET>.0.128':445
'<LOCALNET>.0.127':445
'<LOCALNET>.0.126':445
'<LOCALNET>.0.125':445
'<LOCALNET>.0.124':445
'<LOCALNET>.0.123':445
'<LOCALNET>.0.121':445
'<LOCALNET>.0.113':445
'11#.#52.143.61':445
'<LOCALNET>.0.120':445
'<LOCALNET>.0.119':445
'<LOCALNET>.0.118':445
'<LOCALNET>.0.117':445
'<LOCALNET>.0.116':445
'22#.#.158.205':445
'<LOCALNET>.0.115':445
'<LOCALNET>.0.114':445
'<LOCALNET>.0.88':445
'<LOCALNET>.0.236':445

TCP:

HTTP GET requests:

http://19#.#0.191.95/tor/status-vote/current/consensus

UDP:

DNS ASK po##.#inexmr.com

Miscellaneous:

Creates and executes the following:

'%ALLUSERSPROFILE%\Application Data\wepizup.exe'

Технології

Терміни

Навчання

Міфи

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней