Trojan.DownLoader33.7417

Technical Information

Modifies file system

Creates the following files

<Current directory>\d.cab
<Current directory>\$dpx$.tmp\d7d8088742915544bb2f3f5c9da2ecaf.tmp
<Current directory>\$dpx$.tmp\3f1c4db6e671a04496f27b13220cacd2.tmp
<Current directory>\$dpx$.tmp\d946725f3e0e6b46aaac68e73cac4cf2.tmp
<Current directory>\$dpx$.tmp\c98c1b19e171094384dae1b6b7578ebe.tmp
<Current directory>\$dpx$.tmp\d9372ac453d0b940b074fe75b670f685.tmp
<Current directory>\$dpx$.tmp\756e7253e740284dbb4b1c6d29564cf5.tmp
<Current directory>\$dpx$.tmp\8bc7bc23a326df42927e2e7729793000.tmp
<Current directory>\$dpx$.tmp\595c60476d3c21419c26014702e63474.tmp
<Current directory>\$dpx$.tmp\f3a60288a9c143458183388fe3b36209.tmp
<Current directory>\$dpx$.tmp\eb350e64dff5644aaa44980320450aff.tmp
<Current directory>\$dpx$.tmp\f48c8afdd369e64b8560d6be34ac37f4.tmp
<Current directory>\$dpx$.tmp\b4b23851ef3d754fb90633c337c5afde.tmp
<Current directory>\$dpx$.tmp\9fe35cb2c9d9e54e980b0353f338d2a2.tmp
<Current directory>\$dpx$.tmp\a04f8c7d8c8e574286bf30b811ee5b86.tmp
<Current directory>\$dpx$.tmp\6e0a2cddcc6d5f4fb18e03d5ce2f9c26.tmp
<Current directory>\$dpx$.tmp\98714752e6decf458425fa354e2934bb.tmp
<Current directory>\$dpx$.tmp\66cdfb0c41f64a478dda56d137a7e128.tmp
<Current directory>\$dpx$.tmp\a8bf4b4b6327dc4c9f977e594b3dd8a3.tmp
<Current directory>\$dpx$.tmp\5c03bbdc6d8b8d46a5b9f43f1f894c23.tmp
<Current directory>\$dpx$.tmp\db2ee74f6fb4534e8b1298549972e65b.tmp
<Current directory>\$dpx$.tmp\43b30f69fb353944a410462b94ac6637.tmp
<Current directory>\$dpx$.tmp\5699cdabee7d7d4f97e23202953f342e.tmp
<Current directory>\$dpx$.tmp\738eae7652d88c42bc3915755447fbaa.tmp
<Current directory>\$dpx$.tmp\e5048ec72d647549bbac50a68283180a.tmp
<Current directory>\$dpx$.tmp\69cfedc507f36a4eb78283a1f3913301.tmp
<Current directory>\$dpx$.tmp\b9b6ddf3c3e9914f9bcf64cba460626c.tmp
<Current directory>\$dpx$.tmp\15744d2e42edc345ace11a98398b307d.tmp
<Current directory>\$dpx$.tmp\30b97ed0b296c342aee89f9889539bf7.tmp
<Current directory>\$dpx$.tmp\06387dfebea7104387ff73a7186d28d9.tmp
<Current directory>\$dpx$.tmp\8b886b8a5fb7b84e8421dfbb3e00f784.tmp
<Current directory>\$dpx$.tmp\385d18e0f8791740a97151c792f211a8.tmp
<Current directory>\$dpx$.tmp\576086667e1ed94db62e2636da5bc21e.tmp
<Current directory>\$dpx$.tmp\70f75b4822cc054eb78e96aed28828ce.tmp
<Current directory>\$dpx$.tmp\79903db8625e624ab6083d92a5b46d76.tmp
<Current directory>\$dpx$.tmp\3174e16dbf67fe45802979422df86b89.tmp
<Current directory>\$dpx$.tmp\9cd8e89bb0980b4b88e0d51518bbfc61.tmp
<Current directory>\$dpx$.tmp\255d312bb070584186fcaa2a2d7f5b5b.tmp
<Current directory>\$dpx$.tmp\4a1c293f1b20634382e4985ee11b85eb.tmp
<Current directory>\$dpx$.tmp\9da7953c67b45d42a46276c040de8e0f.tmp
<Current directory>\$dpx$.tmp\cd4d44794f3a044687ea79824544d56f.tmp
<Current directory>\$dpx$.tmp\e2214c7c485fef41868385417871e0d0.tmp
<Current directory>\$dpx$.tmp\f37c79a63513cf4e829807fb6eeff1ad.tmp
<Current directory>\$dpx$.tmp\29ed12c2c788d145b6d09c13f343afc6.tmp
<Current directory>\$dpx$.tmp\5be554f4ad92e946aaaf95986efa3865.tmp

Sets the 'hidden' attribute to the following files

<Current directory>\api-ms-win-core-console-l1-1-0.dll
<Current directory>\api-ms-win-crt-conio-l1-1-0.dll
<Current directory>\api-ms-win-crt-convert-l1-1-0.dll
<Current directory>\api-ms-win-crt-environment-l1-1-0.dll
<Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
<Current directory>\api-ms-win-crt-heap-l1-1-0.dll
<Current directory>\api-ms-win-crt-locale-l1-1-0.dll
<Current directory>\api-ms-win-crt-math-l1-1-0.dll
<Current directory>\api-ms-win-core-timezone-l1-1-0.dll
<Current directory>\api-ms-win-core-util-l1-1-0.dll
<Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
<Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
<Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
<Current directory>\api-ms-win-crt-string-l1-1-0.dll
<Current directory>\api-ms-win-crt-time-l1-1-0.dll
<Current directory>\api-ms-win-crt-utility-l1-1-0.dll
<Current directory>\msvcp140.dll
<Current directory>\opencl.dll
<Current directory>\api-ms-win-crt-private-l1-1-0.dll
<Current directory>\api-ms-win-crt-process-l1-1-0.dll
<Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
<Current directory>\api-ms-win-core-synch-l1-2-0.dll
<Current directory>\api-ms-win-core-synch-l1-1-0.dll
<Current directory>\api-ms-win-core-debug-l1-1-0.dll
<Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-2-0.dll
<Current directory>\api-ms-win-core-file-l2-1-0.dll
<Current directory>\api-ms-win-core-handle-l1-1-0.dll
<Current directory>\api-ms-win-core-heap-l1-1-0.dll
<Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
<Current directory>\api-ms-win-core-datetime-l1-1-0.dll
<Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
<Current directory>\api-ms-win-core-memory-l1-1-0.dll
<Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
<Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
<Current directory>\api-ms-win-core-profile-l1-1-0.dll
<Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
<Current directory>\api-ms-win-core-string-l1-1-0.dll
<Current directory>\api-ms-win-core-localization-l1-2-0.dll
<Current directory>\ucrtbase.dll
<Current directory>\vcruntime140.dll

Deletes the following files

<Current directory>\d.cab

Moves the following files

from <Current directory>\$dpx$.tmp\e5048ec72d647549bbac50a68283180a.tmp to <Current directory>\api-ms-win-core-console-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d946725f3e0e6b46aaac68e73cac4cf2.tmp to <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\c98c1b19e171094384dae1b6b7578ebe.tmp to <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d9372ac453d0b940b074fe75b670f685.tmp to <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\756e7253e740284dbb4b1c6d29564cf5.tmp to <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
from <Current directory>\$dpx$.tmp\8bc7bc23a326df42927e2e7729793000.tmp to <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\595c60476d3c21419c26014702e63474.tmp to <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
from <Current directory>\$dpx$.tmp\f3a60288a9c143458183388fe3b36209.tmp to <Current directory>\api-ms-win-crt-math-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d7d8088742915544bb2f3f5c9da2ecaf.tmp to <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
from <Current directory>\$dpx$.tmp\3f1c4db6e671a04496f27b13220cacd2.tmp to <Current directory>\api-ms-win-core-util-l1-1-0.dll
from <Current directory>\$dpx$.tmp\eb350e64dff5644aaa44980320450aff.tmp to <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
from <Current directory>\$dpx$.tmp\9fe35cb2c9d9e54e980b0353f338d2a2.tmp to <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\a04f8c7d8c8e574286bf30b811ee5b86.tmp to <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\6e0a2cddcc6d5f4fb18e03d5ce2f9c26.tmp to <Current directory>\api-ms-win-crt-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\98714752e6decf458425fa354e2934bb.tmp to <Current directory>\api-ms-win-crt-time-l1-1-0.dll
from <Current directory>\$dpx$.tmp\66cdfb0c41f64a478dda56d137a7e128.tmp to <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
from <Current directory>\$dpx$.tmp\a8bf4b4b6327dc4c9f977e594b3dd8a3.tmp to <Current directory>\msvcp140.dll
from <Current directory>\$dpx$.tmp\5c03bbdc6d8b8d46a5b9f43f1f894c23.tmp to <Current directory>\opencl.dll
from <Current directory>\$dpx$.tmp\f48c8afdd369e64b8560d6be34ac37f4.tmp to <Current directory>\api-ms-win-crt-private-l1-1-0.dll
from <Current directory>\$dpx$.tmp\b4b23851ef3d754fb90633c337c5afde.tmp to <Current directory>\api-ms-win-crt-process-l1-1-0.dll
from <Current directory>\$dpx$.tmp\db2ee74f6fb4534e8b1298549972e65b.tmp to <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
from <Current directory>\$dpx$.tmp\5699cdabee7d7d4f97e23202953f342e.tmp to <Current directory>\api-ms-win-core-synch-l1-2-0.dll
from <Current directory>\$dpx$.tmp\29ed12c2c788d145b6d09c13f343afc6.tmp to <Current directory>\api-ms-win-core-synch-l1-1-0.dll
from <Current directory>\$dpx$.tmp\b9b6ddf3c3e9914f9bcf64cba460626c.tmp to <Current directory>\api-ms-win-core-debug-l1-1-0.dll
from <Current directory>\$dpx$.tmp\15744d2e42edc345ace11a98398b307d.tmp to <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
from <Current directory>\$dpx$.tmp\30b97ed0b296c342aee89f9889539bf7.tmp to <Current directory>\api-ms-win-core-file-l1-1-0.dll
from <Current directory>\$dpx$.tmp\06387dfebea7104387ff73a7186d28d9.tmp to <Current directory>\api-ms-win-core-file-l1-2-0.dll
from <Current directory>\$dpx$.tmp\8b886b8a5fb7b84e8421dfbb3e00f784.tmp to <Current directory>\api-ms-win-core-file-l2-1-0.dll
from <Current directory>\$dpx$.tmp\385d18e0f8791740a97151c792f211a8.tmp to <Current directory>\api-ms-win-core-handle-l1-1-0.dll
from <Current directory>\$dpx$.tmp\576086667e1ed94db62e2636da5bc21e.tmp to <Current directory>\api-ms-win-core-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\70f75b4822cc054eb78e96aed28828ce.tmp to <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
from <Current directory>\$dpx$.tmp\69cfedc507f36a4eb78283a1f3913301.tmp to <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\79903db8625e624ab6083d92a5b46d76.tmp to <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
from <Current directory>\$dpx$.tmp\9cd8e89bb0980b4b88e0d51518bbfc61.tmp to <Current directory>\api-ms-win-core-memory-l1-1-0.dll
from <Current directory>\$dpx$.tmp\255d312bb070584186fcaa2a2d7f5b5b.tmp to <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
from <Current directory>\$dpx$.tmp\4a1c293f1b20634382e4985ee11b85eb.tmp to <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\9da7953c67b45d42a46276c040de8e0f.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
from <Current directory>\$dpx$.tmp\cd4d44794f3a044687ea79824544d56f.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
from <Current directory>\$dpx$.tmp\e2214c7c485fef41868385417871e0d0.tmp to <Current directory>\api-ms-win-core-profile-l1-1-0.dll
from <Current directory>\$dpx$.tmp\f37c79a63513cf4e829807fb6eeff1ad.tmp to <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
from <Current directory>\$dpx$.tmp\738eae7652d88c42bc3915755447fbaa.tmp to <Current directory>\api-ms-win-core-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\3174e16dbf67fe45802979422df86b89.tmp to <Current directory>\api-ms-win-core-localization-l1-2-0.dll
from <Current directory>\$dpx$.tmp\43b30f69fb353944a410462b94ac6637.tmp to <Current directory>\ucrtbase.dll
from <Current directory>\$dpx$.tmp\5be554f4ad92e946aaaf95986efa3865.tmp to <Current directory>\vcruntime140.dll

Network activity

Connects to

'lp##.beahh.com':443
'lp##.haqo.net':443

TCP

'lp##.abbny.com':443

UDP

DNS ASK lp##.beahh.com
DNS ASK lp##.abbny.com
DNS ASK lp##.haqo.net

Miscellaneous

Creates and executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a' (with hidden window)

Executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a
'<SYSTEM32>\expand.exe' d.cab -f:* .

Технології

Терміни

Навчання

Міфи

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней