Trojan.DownLoader33.8143

Technical Information

Modifies file system

Creates the following files

<Current directory>\d.cab
<Current directory>\$dpx$.tmp\1a21e85e8cc2744795ea4aed114d7425.tmp
<Current directory>\$dpx$.tmp\7a48e46c54247f4da6f5edad207fb32e.tmp
<Current directory>\$dpx$.tmp\53a99811e215c64597142f2e7bf72c03.tmp
<Current directory>\$dpx$.tmp\ed3e8564a07d414cab932c3dbb4cd667.tmp
<Current directory>\$dpx$.tmp\eae31f33869b8c4c873f9acd305118aa.tmp
<Current directory>\$dpx$.tmp\fe7ee063966de7438f4e47036b2bbe81.tmp
<Current directory>\$dpx$.tmp\e38dc783c88449408fabdc807a6b4683.tmp
<Current directory>\$dpx$.tmp\efa81c6c2f291e4a9a17fb535b370295.tmp
<Current directory>\$dpx$.tmp\4dfc172b6478c64fb8922718958969d1.tmp
<Current directory>\$dpx$.tmp\8e8612ed0efe3f42a94ae5b78b9dd1e1.tmp
<Current directory>\$dpx$.tmp\6d87fb2a2f12f144bf04ccaeeeaf4666.tmp
<Current directory>\$dpx$.tmp\e73d2171d5426d43a6d208b5bf2dc7ec.tmp
<Current directory>\$dpx$.tmp\5b8faac032dcba4bad9e5a287d3a4faa.tmp
<Current directory>\$dpx$.tmp\c019ce419e9a824fb7b0bb8c3c3ace97.tmp
<Current directory>\$dpx$.tmp\529775c23558de4f93bc0f9cf29e2a7d.tmp
<Current directory>\$dpx$.tmp\f615fb9b9ad96f45b73050539f9a8eff.tmp
<Current directory>\$dpx$.tmp\d9970a78c0218e4290b3a6a7c99bdc0e.tmp
<Current directory>\$dpx$.tmp\34fe75909de4bf469bca30f30c8f1e81.tmp
<Current directory>\$dpx$.tmp\0de0b4c6528b194096da55caac811f96.tmp
<Current directory>\$dpx$.tmp\a17529524591a44d9417bc5a8f39afb0.tmp
<Current directory>\$dpx$.tmp\d7b20341c434f847bdc150441255edcf.tmp
<Current directory>\$dpx$.tmp\49636ffcb0ea584882ac125afa3e2376.tmp
<Current directory>\$dpx$.tmp\f04ad86f0930104ba3d0dfbe02c06d74.tmp
<Current directory>\$dpx$.tmp\9317f52483ce56488a58a1329772300f.tmp
<Current directory>\$dpx$.tmp\4cdf563089550449a06e66ac6149593f.tmp
<Current directory>\$dpx$.tmp\9b5539aef8e3744d8725b752abcbae8d.tmp
<Current directory>\$dpx$.tmp\19b177679b7cf246ae9baf3617753949.tmp
<Current directory>\$dpx$.tmp\91ddaae9a1281043869bed35c8f59343.tmp
<Current directory>\$dpx$.tmp\619cbc486e8aac4c9b40202ee20e399d.tmp
<Current directory>\$dpx$.tmp\5f9703c4d31f234e8644559ef9aa5875.tmp
<Current directory>\$dpx$.tmp\ebacf69d8291594dad155d190bb9a0da.tmp
<Current directory>\$dpx$.tmp\82478dd2e1bd7b419badde25a97993ce.tmp
<Current directory>\$dpx$.tmp\d45f682b96fb7a44aa34d8f8e3ac5748.tmp
<Current directory>\$dpx$.tmp\6bdd0fb9fbd62040a292702677003ddf.tmp
<Current directory>\$dpx$.tmp\5c4d4712fc11fe4f8328a09bcbff9e01.tmp
<Current directory>\$dpx$.tmp\a5cb1cec9748764b81630d1b633f1449.tmp
<Current directory>\$dpx$.tmp\6e09b0b2245c834185d4866b5b46e5d9.tmp
<Current directory>\$dpx$.tmp\051cd65a5f813642916e7c0f2574bbd9.tmp
<Current directory>\$dpx$.tmp\510c3a14f1f93b42b6193af5fd5cca00.tmp
<Current directory>\$dpx$.tmp\2424c48e7f3cea4d89167d722e1e2022.tmp
<Current directory>\$dpx$.tmp\00d2fe0ff19f7242b8df874492315f2f.tmp
<Current directory>\$dpx$.tmp\47ce0ff1157ae24ab1613dd57a90a5c6.tmp
<Current directory>\$dpx$.tmp\146df3f3ec7f944ca742dc430e9cb0ac.tmp
<Current directory>\$dpx$.tmp\f7ee54cfe1ada949801febe4c1ac732c.tmp

Sets the 'hidden' attribute to the following files

<Current directory>\api-ms-win-core-console-l1-1-0.dll
<Current directory>\api-ms-win-crt-conio-l1-1-0.dll
<Current directory>\api-ms-win-crt-convert-l1-1-0.dll
<Current directory>\api-ms-win-crt-environment-l1-1-0.dll
<Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
<Current directory>\api-ms-win-crt-heap-l1-1-0.dll
<Current directory>\api-ms-win-crt-locale-l1-1-0.dll
<Current directory>\api-ms-win-crt-math-l1-1-0.dll
<Current directory>\api-ms-win-core-timezone-l1-1-0.dll
<Current directory>\api-ms-win-core-util-l1-1-0.dll
<Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
<Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
<Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
<Current directory>\api-ms-win-crt-string-l1-1-0.dll
<Current directory>\api-ms-win-crt-time-l1-1-0.dll
<Current directory>\api-ms-win-crt-utility-l1-1-0.dll
<Current directory>\msvcp140.dll
<Current directory>\opencl.dll
<Current directory>\api-ms-win-crt-private-l1-1-0.dll
<Current directory>\api-ms-win-crt-process-l1-1-0.dll
<Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
<Current directory>\api-ms-win-core-synch-l1-2-0.dll
<Current directory>\api-ms-win-core-synch-l1-1-0.dll
<Current directory>\api-ms-win-core-debug-l1-1-0.dll
<Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-2-0.dll
<Current directory>\api-ms-win-core-file-l2-1-0.dll
<Current directory>\api-ms-win-core-handle-l1-1-0.dll
<Current directory>\api-ms-win-core-heap-l1-1-0.dll
<Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
<Current directory>\api-ms-win-core-datetime-l1-1-0.dll
<Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
<Current directory>\api-ms-win-core-memory-l1-1-0.dll
<Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
<Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
<Current directory>\api-ms-win-core-profile-l1-1-0.dll
<Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
<Current directory>\api-ms-win-core-string-l1-1-0.dll
<Current directory>\api-ms-win-core-localization-l1-2-0.dll
<Current directory>\ucrtbase.dll
<Current directory>\vcruntime140.dll

Deletes the following files

<Current directory>\d.cab

Moves the following files

from <Current directory>\$dpx$.tmp\9317f52483ce56488a58a1329772300f.tmp to <Current directory>\api-ms-win-core-console-l1-1-0.dll
from <Current directory>\$dpx$.tmp\53a99811e215c64597142f2e7bf72c03.tmp to <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\ed3e8564a07d414cab932c3dbb4cd667.tmp to <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
from <Current directory>\$dpx$.tmp\eae31f33869b8c4c873f9acd305118aa.tmp to <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\fe7ee063966de7438f4e47036b2bbe81.tmp to <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
from <Current directory>\$dpx$.tmp\e38dc783c88449408fabdc807a6b4683.tmp to <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\efa81c6c2f291e4a9a17fb535b370295.tmp to <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
from <Current directory>\$dpx$.tmp\4dfc172b6478c64fb8922718958969d1.tmp to <Current directory>\api-ms-win-crt-math-l1-1-0.dll
from <Current directory>\$dpx$.tmp\1a21e85e8cc2744795ea4aed114d7425.tmp to <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
from <Current directory>\$dpx$.tmp\7a48e46c54247f4da6f5edad207fb32e.tmp to <Current directory>\api-ms-win-core-util-l1-1-0.dll
from <Current directory>\$dpx$.tmp\8e8612ed0efe3f42a94ae5b78b9dd1e1.tmp to <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
from <Current directory>\$dpx$.tmp\5b8faac032dcba4bad9e5a287d3a4faa.tmp to <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\c019ce419e9a824fb7b0bb8c3c3ace97.tmp to <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\529775c23558de4f93bc0f9cf29e2a7d.tmp to <Current directory>\api-ms-win-crt-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\f615fb9b9ad96f45b73050539f9a8eff.tmp to <Current directory>\api-ms-win-crt-time-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d9970a78c0218e4290b3a6a7c99bdc0e.tmp to <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
from <Current directory>\$dpx$.tmp\34fe75909de4bf469bca30f30c8f1e81.tmp to <Current directory>\msvcp140.dll
from <Current directory>\$dpx$.tmp\0de0b4c6528b194096da55caac811f96.tmp to <Current directory>\opencl.dll
from <Current directory>\$dpx$.tmp\6d87fb2a2f12f144bf04ccaeeeaf4666.tmp to <Current directory>\api-ms-win-crt-private-l1-1-0.dll
from <Current directory>\$dpx$.tmp\e73d2171d5426d43a6d208b5bf2dc7ec.tmp to <Current directory>\api-ms-win-crt-process-l1-1-0.dll
from <Current directory>\$dpx$.tmp\a17529524591a44d9417bc5a8f39afb0.tmp to <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
from <Current directory>\$dpx$.tmp\49636ffcb0ea584882ac125afa3e2376.tmp to <Current directory>\api-ms-win-core-synch-l1-2-0.dll
from <Current directory>\$dpx$.tmp\146df3f3ec7f944ca742dc430e9cb0ac.tmp to <Current directory>\api-ms-win-core-synch-l1-1-0.dll
from <Current directory>\$dpx$.tmp\9b5539aef8e3744d8725b752abcbae8d.tmp to <Current directory>\api-ms-win-core-debug-l1-1-0.dll
from <Current directory>\$dpx$.tmp\19b177679b7cf246ae9baf3617753949.tmp to <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
from <Current directory>\$dpx$.tmp\91ddaae9a1281043869bed35c8f59343.tmp to <Current directory>\api-ms-win-core-file-l1-1-0.dll
from <Current directory>\$dpx$.tmp\619cbc486e8aac4c9b40202ee20e399d.tmp to <Current directory>\api-ms-win-core-file-l1-2-0.dll
from <Current directory>\$dpx$.tmp\5f9703c4d31f234e8644559ef9aa5875.tmp to <Current directory>\api-ms-win-core-file-l2-1-0.dll
from <Current directory>\$dpx$.tmp\ebacf69d8291594dad155d190bb9a0da.tmp to <Current directory>\api-ms-win-core-handle-l1-1-0.dll
from <Current directory>\$dpx$.tmp\82478dd2e1bd7b419badde25a97993ce.tmp to <Current directory>\api-ms-win-core-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d45f682b96fb7a44aa34d8f8e3ac5748.tmp to <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
from <Current directory>\$dpx$.tmp\4cdf563089550449a06e66ac6149593f.tmp to <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\6bdd0fb9fbd62040a292702677003ddf.tmp to <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
from <Current directory>\$dpx$.tmp\a5cb1cec9748764b81630d1b633f1449.tmp to <Current directory>\api-ms-win-core-memory-l1-1-0.dll
from <Current directory>\$dpx$.tmp\6e09b0b2245c834185d4866b5b46e5d9.tmp to <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
from <Current directory>\$dpx$.tmp\051cd65a5f813642916e7c0f2574bbd9.tmp to <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\510c3a14f1f93b42b6193af5fd5cca00.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
from <Current directory>\$dpx$.tmp\2424c48e7f3cea4d89167d722e1e2022.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
from <Current directory>\$dpx$.tmp\00d2fe0ff19f7242b8df874492315f2f.tmp to <Current directory>\api-ms-win-core-profile-l1-1-0.dll
from <Current directory>\$dpx$.tmp\47ce0ff1157ae24ab1613dd57a90a5c6.tmp to <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
from <Current directory>\$dpx$.tmp\f04ad86f0930104ba3d0dfbe02c06d74.tmp to <Current directory>\api-ms-win-core-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\5c4d4712fc11fe4f8328a09bcbff9e01.tmp to <Current directory>\api-ms-win-core-localization-l1-2-0.dll
from <Current directory>\$dpx$.tmp\d7b20341c434f847bdc150441255edcf.tmp to <Current directory>\ucrtbase.dll
from <Current directory>\$dpx$.tmp\f7ee54cfe1ada949801febe4c1ac732c.tmp to <Current directory>\vcruntime140.dll

Network activity

Connects to

'lp##.haqo.net':443

TCP

'lp##.abbny.com':443

UDP

DNS ASK lp##.beahh.com
DNS ASK lp##.abbny.com
DNS ASK lp##.haqo.net

Miscellaneous

Creates and executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a' (with hidden window)

Executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a
'<SYSTEM32>\expand.exe' d.cab -f:* .

Технології

Терміни

Навчання

Міфи

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней