Trojan.MulDrop11.19320

Technical Information

Modifies file system

Creates the following files

<Current directory>\d.cab
<Current directory>\$dpx$.tmp\75932802201fdd43b86b981bc912a8f8.tmp
<Current directory>\$dpx$.tmp\d495ea3fa8f50249af99246e1b11abf0.tmp
<Current directory>\$dpx$.tmp\4c6ffdaa347d0e45978d2d67da6f5dbe.tmp
<Current directory>\$dpx$.tmp\a78e7b6a91bd88459b5eeb2eb6619773.tmp
<Current directory>\$dpx$.tmp\8c3a2b2a849e7e498cd9e985d11cf38c.tmp
<Current directory>\$dpx$.tmp\aeb22013585bb94d8873ee4045834d4e.tmp
<Current directory>\$dpx$.tmp\581525e26dec844fb1ed58e4b19711c6.tmp
<Current directory>\$dpx$.tmp\8a8de5e00b76e64f962529980a462c8e.tmp
<Current directory>\$dpx$.tmp\8b7cd247d301e64cb57697a5ef66a510.tmp
<Current directory>\$dpx$.tmp\133b574b6f88ca44904bd5ed4567b438.tmp
<Current directory>\$dpx$.tmp\befdb8a17a6bd347938c6e1a1bd6e3fa.tmp
<Current directory>\$dpx$.tmp\f07fec6a63047e44a20449fba76527e1.tmp
<Current directory>\$dpx$.tmp\6f56433604c1244387880574be0ae5d2.tmp
<Current directory>\$dpx$.tmp\e97a83df8e537940a11ea58f0cc7e474.tmp
<Current directory>\$dpx$.tmp\c16eb7556da0184a8802380a95b3d8c6.tmp
<Current directory>\$dpx$.tmp\2ba2dc058a54bf4d9601962165462961.tmp
<Current directory>\$dpx$.tmp\399f0672a6d8a3408f9a685368d65930.tmp
<Current directory>\$dpx$.tmp\4061c6beec0d2d4b95abca74cee501bf.tmp
<Current directory>\$dpx$.tmp\0a470ac0a0e67244b8701a9838e84e18.tmp
<Current directory>\$dpx$.tmp\cc82ad517c1b7f46a513392c79bcd69e.tmp
<Current directory>\$dpx$.tmp\1cd55fd3a5804d43a5f2fa06580a274a.tmp
<Current directory>\$dpx$.tmp\5111cc4679cea442b13557a9074ec415.tmp
<Current directory>\$dpx$.tmp\61702f6361a0184681fa39dd3bd1f6d5.tmp
<Current directory>\$dpx$.tmp\467987c0f435c04aa5653ee8dfb22439.tmp
<Current directory>\$dpx$.tmp\e5fb7ae0b3d33d48a1cb451e99decba0.tmp
<Current directory>\$dpx$.tmp\c29dfd6bc5fd744f850843765a9ac74b.tmp
<Current directory>\$dpx$.tmp\a9b34a515be4c041a73744a98a3a2984.tmp
<Current directory>\$dpx$.tmp\0097317194257445850d4e3f5fc07582.tmp
<Current directory>\$dpx$.tmp\5d3d52296b1f634ea70ee8bb53bbf785.tmp
<Current directory>\$dpx$.tmp\252b1170c825754b865dd6cb1f4852b0.tmp
<Current directory>\$dpx$.tmp\8f73357beef5d44587eafdc717c69ba0.tmp
<Current directory>\$dpx$.tmp\074dccd842d3d342b1e44b645359cc4f.tmp
<Current directory>\$dpx$.tmp\d9c6617fdcd4aa47ad71f3bc25345b73.tmp
<Current directory>\$dpx$.tmp\17a1c5bd068c294aa931ba73c4009a9a.tmp
<Current directory>\$dpx$.tmp\c7356392899f834489ff6f1543cac0f0.tmp
<Current directory>\$dpx$.tmp\4f176870482497448a7c89dbb38736e8.tmp
<Current directory>\$dpx$.tmp\bee3a801fb66d241b6f14938d8e9e1b1.tmp
<Current directory>\$dpx$.tmp\8888430826903548ac4d3bf48020d1f1.tmp
<Current directory>\$dpx$.tmp\a3f240c75cf8dc4c8e8a8c8b3023a544.tmp
<Current directory>\$dpx$.tmp\8461e50d9a1ad249a2262b8b7382e952.tmp
<Current directory>\$dpx$.tmp\2b17dcf832a79646bef88bf8d839716f.tmp
<Current directory>\$dpx$.tmp\65f585712ad8484cada8ca6bdb0bfb3c.tmp
<Current directory>\$dpx$.tmp\9a36b809e6624146a28145864ab72468.tmp
<Current directory>\$dpx$.tmp\da3e4e78c50ab042864e3f9d1b99a4d4.tmp

Sets the 'hidden' attribute to the following files

<Current directory>\api-ms-win-core-console-l1-1-0.dll
<Current directory>\api-ms-win-crt-conio-l1-1-0.dll
<Current directory>\api-ms-win-crt-convert-l1-1-0.dll
<Current directory>\api-ms-win-crt-environment-l1-1-0.dll
<Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
<Current directory>\api-ms-win-crt-heap-l1-1-0.dll
<Current directory>\api-ms-win-crt-locale-l1-1-0.dll
<Current directory>\api-ms-win-crt-math-l1-1-0.dll
<Current directory>\api-ms-win-core-timezone-l1-1-0.dll
<Current directory>\api-ms-win-core-util-l1-1-0.dll
<Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
<Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
<Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
<Current directory>\api-ms-win-crt-string-l1-1-0.dll
<Current directory>\api-ms-win-crt-time-l1-1-0.dll
<Current directory>\api-ms-win-crt-utility-l1-1-0.dll
<Current directory>\msvcp140.dll
<Current directory>\opencl.dll
<Current directory>\api-ms-win-crt-private-l1-1-0.dll
<Current directory>\api-ms-win-crt-process-l1-1-0.dll
<Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
<Current directory>\api-ms-win-core-synch-l1-2-0.dll
<Current directory>\api-ms-win-core-synch-l1-1-0.dll
<Current directory>\api-ms-win-core-debug-l1-1-0.dll
<Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-2-0.dll
<Current directory>\api-ms-win-core-file-l2-1-0.dll
<Current directory>\api-ms-win-core-handle-l1-1-0.dll
<Current directory>\api-ms-win-core-heap-l1-1-0.dll
<Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
<Current directory>\api-ms-win-core-datetime-l1-1-0.dll
<Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
<Current directory>\api-ms-win-core-memory-l1-1-0.dll
<Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
<Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
<Current directory>\api-ms-win-core-profile-l1-1-0.dll
<Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
<Current directory>\api-ms-win-core-string-l1-1-0.dll
<Current directory>\api-ms-win-core-localization-l1-2-0.dll
<Current directory>\ucrtbase.dll
<Current directory>\vcruntime140.dll

Deletes the following files

<Current directory>\d.cab

Moves the following files

from <Current directory>\$dpx$.tmp\467987c0f435c04aa5653ee8dfb22439.tmp to <Current directory>\api-ms-win-core-console-l1-1-0.dll
from <Current directory>\$dpx$.tmp\4c6ffdaa347d0e45978d2d67da6f5dbe.tmp to <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\a78e7b6a91bd88459b5eeb2eb6619773.tmp to <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
from <Current directory>\$dpx$.tmp\8c3a2b2a849e7e498cd9e985d11cf38c.tmp to <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\aeb22013585bb94d8873ee4045834d4e.tmp to <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
from <Current directory>\$dpx$.tmp\581525e26dec844fb1ed58e4b19711c6.tmp to <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\8a8de5e00b76e64f962529980a462c8e.tmp to <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
from <Current directory>\$dpx$.tmp\8b7cd247d301e64cb57697a5ef66a510.tmp to <Current directory>\api-ms-win-crt-math-l1-1-0.dll
from <Current directory>\$dpx$.tmp\75932802201fdd43b86b981bc912a8f8.tmp to <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d495ea3fa8f50249af99246e1b11abf0.tmp to <Current directory>\api-ms-win-core-util-l1-1-0.dll
from <Current directory>\$dpx$.tmp\133b574b6f88ca44904bd5ed4567b438.tmp to <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
from <Current directory>\$dpx$.tmp\6f56433604c1244387880574be0ae5d2.tmp to <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\e97a83df8e537940a11ea58f0cc7e474.tmp to <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\c16eb7556da0184a8802380a95b3d8c6.tmp to <Current directory>\api-ms-win-crt-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\2ba2dc058a54bf4d9601962165462961.tmp to <Current directory>\api-ms-win-crt-time-l1-1-0.dll
from <Current directory>\$dpx$.tmp\399f0672a6d8a3408f9a685368d65930.tmp to <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
from <Current directory>\$dpx$.tmp\4061c6beec0d2d4b95abca74cee501bf.tmp to <Current directory>\msvcp140.dll
from <Current directory>\$dpx$.tmp\0a470ac0a0e67244b8701a9838e84e18.tmp to <Current directory>\opencl.dll
from <Current directory>\$dpx$.tmp\befdb8a17a6bd347938c6e1a1bd6e3fa.tmp to <Current directory>\api-ms-win-crt-private-l1-1-0.dll
from <Current directory>\$dpx$.tmp\f07fec6a63047e44a20449fba76527e1.tmp to <Current directory>\api-ms-win-crt-process-l1-1-0.dll
from <Current directory>\$dpx$.tmp\cc82ad517c1b7f46a513392c79bcd69e.tmp to <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
from <Current directory>\$dpx$.tmp\5111cc4679cea442b13557a9074ec415.tmp to <Current directory>\api-ms-win-core-synch-l1-2-0.dll
from <Current directory>\$dpx$.tmp\9a36b809e6624146a28145864ab72468.tmp to <Current directory>\api-ms-win-core-synch-l1-1-0.dll
from <Current directory>\$dpx$.tmp\c29dfd6bc5fd744f850843765a9ac74b.tmp to <Current directory>\api-ms-win-core-debug-l1-1-0.dll
from <Current directory>\$dpx$.tmp\a9b34a515be4c041a73744a98a3a2984.tmp to <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
from <Current directory>\$dpx$.tmp\0097317194257445850d4e3f5fc07582.tmp to <Current directory>\api-ms-win-core-file-l1-1-0.dll
from <Current directory>\$dpx$.tmp\5d3d52296b1f634ea70ee8bb53bbf785.tmp to <Current directory>\api-ms-win-core-file-l1-2-0.dll
from <Current directory>\$dpx$.tmp\252b1170c825754b865dd6cb1f4852b0.tmp to <Current directory>\api-ms-win-core-file-l2-1-0.dll
from <Current directory>\$dpx$.tmp\8f73357beef5d44587eafdc717c69ba0.tmp to <Current directory>\api-ms-win-core-handle-l1-1-0.dll
from <Current directory>\$dpx$.tmp\074dccd842d3d342b1e44b645359cc4f.tmp to <Current directory>\api-ms-win-core-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d9c6617fdcd4aa47ad71f3bc25345b73.tmp to <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
from <Current directory>\$dpx$.tmp\e5fb7ae0b3d33d48a1cb451e99decba0.tmp to <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\17a1c5bd068c294aa931ba73c4009a9a.tmp to <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
from <Current directory>\$dpx$.tmp\4f176870482497448a7c89dbb38736e8.tmp to <Current directory>\api-ms-win-core-memory-l1-1-0.dll
from <Current directory>\$dpx$.tmp\bee3a801fb66d241b6f14938d8e9e1b1.tmp to <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
from <Current directory>\$dpx$.tmp\8888430826903548ac4d3bf48020d1f1.tmp to <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\a3f240c75cf8dc4c8e8a8c8b3023a544.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
from <Current directory>\$dpx$.tmp\8461e50d9a1ad249a2262b8b7382e952.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
from <Current directory>\$dpx$.tmp\2b17dcf832a79646bef88bf8d839716f.tmp to <Current directory>\api-ms-win-core-profile-l1-1-0.dll
from <Current directory>\$dpx$.tmp\65f585712ad8484cada8ca6bdb0bfb3c.tmp to <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
from <Current directory>\$dpx$.tmp\61702f6361a0184681fa39dd3bd1f6d5.tmp to <Current directory>\api-ms-win-core-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\c7356392899f834489ff6f1543cac0f0.tmp to <Current directory>\api-ms-win-core-localization-l1-2-0.dll
from <Current directory>\$dpx$.tmp\1cd55fd3a5804d43a5f2fa06580a274a.tmp to <Current directory>\ucrtbase.dll
from <Current directory>\$dpx$.tmp\da3e4e78c50ab042864e3f9d1b99a4d4.tmp to <Current directory>\vcruntime140.dll

Network activity

UDP

DNS ASK lp##.beahh.com
DNS ASK lp##.abbny.com
DNS ASK lp##.haqo.net

Miscellaneous

Creates and executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a' (with hidden window)

Executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a
'<SYSTEM32>\expand.exe' d.cab -f:* .

Технології

Терміни

Навчання

Міфи

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней