Trojan.DownLoader33.8155

Technical Information

Modifies file system

Creates the following files

<Current directory>\d.cab
<Current directory>\$dpx$.tmp\27a92b68beefc74e881aab595b96b164.tmp
<Current directory>\$dpx$.tmp\333320adb050fc4cb56f6de884a9e283.tmp
<Current directory>\$dpx$.tmp\29a5584ff43ab74ba58085a18a30c8b8.tmp
<Current directory>\$dpx$.tmp\52be5495aa3b5f4f96190030ed1cf82c.tmp
<Current directory>\$dpx$.tmp\b289199618cb8543a8b528a87c9aa221.tmp
<Current directory>\$dpx$.tmp\9a7085512feffc4c9b0146d5964801a7.tmp
<Current directory>\$dpx$.tmp\47dc8ef9ed29284e8840bc0f928ae23c.tmp
<Current directory>\$dpx$.tmp\364817b2f4791e4c88852ab7f3509ad8.tmp
<Current directory>\$dpx$.tmp\d75580b841c310408b0005bbdf393498.tmp
<Current directory>\$dpx$.tmp\916fc7d1d60f82469c92039008bc966d.tmp
<Current directory>\$dpx$.tmp\6933cbea8073fc43be32b4173d8d7abc.tmp
<Current directory>\$dpx$.tmp\250cdb62f42f1847a7a3e8c30eb2e4ad.tmp
<Current directory>\$dpx$.tmp\143ba31d27a99f4ca7d4df690edfac40.tmp
<Current directory>\$dpx$.tmp\b4738c8098472c4d8cb84355a0151d87.tmp
<Current directory>\$dpx$.tmp\4c6e9e043501d14fb0d8289f78b21cec.tmp
<Current directory>\$dpx$.tmp\9dd41bcd27eb7244aa7434d7fe2f780d.tmp
<Current directory>\$dpx$.tmp\823a37f1c540574b96b8620d053fe8ad.tmp
<Current directory>\$dpx$.tmp\399be277dbf78143b0288c7f1dd894bd.tmp
<Current directory>\$dpx$.tmp\2d9f0620b4c6ee4b998b58e7a015603e.tmp
<Current directory>\$dpx$.tmp\98f8649073abb446876fa7c82f53cf21.tmp
<Current directory>\$dpx$.tmp\98d2b16c09611b459f306b19d59cbc8d.tmp
<Current directory>\$dpx$.tmp\2808a6c4ebc6524c8bd9be7b9d0447fc.tmp
<Current directory>\$dpx$.tmp\123e3d3c5ecdca4dbc2a2b0062606e08.tmp
<Current directory>\$dpx$.tmp\eaacfc20613ffe43acb7953bc137e7ac.tmp
<Current directory>\$dpx$.tmp\3dc77c2a8592b142a25653d2fcb9924e.tmp
<Current directory>\$dpx$.tmp\dff5e7df4ced3149b18be93cd7fad812.tmp
<Current directory>\$dpx$.tmp\cdbd4f6367e0404d99218876636a79d6.tmp
<Current directory>\$dpx$.tmp\ad0803e1da1fb64bbd8b8692fc4060dc.tmp
<Current directory>\$dpx$.tmp\3d2eda3cdf48fc4fb5bedd8ab658781e.tmp
<Current directory>\$dpx$.tmp\bca2ce300d9c5442b36f3ef8fe16fbdf.tmp
<Current directory>\$dpx$.tmp\2b95b6415d83984da38dfda62b1ff3dd.tmp
<Current directory>\$dpx$.tmp\62253a098c4e0f4b88bb77e68dff37f6.tmp
<Current directory>\$dpx$.tmp\08089a2b8a65e24b90135a91bc15d91b.tmp
<Current directory>\$dpx$.tmp\016d429252461848bb8b815425708dde.tmp
<Current directory>\$dpx$.tmp\5278e43911caa145800e5f36b5e1ba9c.tmp
<Current directory>\$dpx$.tmp\b3b1e792d5cbc7488e283f5d3b56cf7b.tmp
<Current directory>\$dpx$.tmp\ec74a7493f5fae408dfeb6794efda6ac.tmp
<Current directory>\$dpx$.tmp\5b296b7ffe42e04f8f24335db9bf6223.tmp
<Current directory>\$dpx$.tmp\7c5c754b7de4cc4bb6f0d373807dbee3.tmp
<Current directory>\$dpx$.tmp\16dbb128cb36254fadf42ce206c9b539.tmp
<Current directory>\$dpx$.tmp\9ca70cfaf5b21f4ba1bb58564a07d75e.tmp
<Current directory>\$dpx$.tmp\684434e94a90a14e8ab0e19b60d0f2b7.tmp
<Current directory>\$dpx$.tmp\4b53f1f60eb3554b847bc74586ae209d.tmp
<Current directory>\$dpx$.tmp\37e0766d585abb4ab10ff4c5756c6eb9.tmp

Sets the 'hidden' attribute to the following files

<Current directory>\api-ms-win-core-console-l1-1-0.dll
<Current directory>\api-ms-win-crt-conio-l1-1-0.dll
<Current directory>\api-ms-win-crt-convert-l1-1-0.dll
<Current directory>\api-ms-win-crt-environment-l1-1-0.dll
<Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
<Current directory>\api-ms-win-crt-heap-l1-1-0.dll
<Current directory>\api-ms-win-crt-locale-l1-1-0.dll
<Current directory>\api-ms-win-crt-math-l1-1-0.dll
<Current directory>\api-ms-win-core-timezone-l1-1-0.dll
<Current directory>\api-ms-win-core-util-l1-1-0.dll
<Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
<Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
<Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
<Current directory>\api-ms-win-crt-string-l1-1-0.dll
<Current directory>\api-ms-win-crt-time-l1-1-0.dll
<Current directory>\api-ms-win-crt-utility-l1-1-0.dll
<Current directory>\msvcp140.dll
<Current directory>\opencl.dll
<Current directory>\api-ms-win-crt-private-l1-1-0.dll
<Current directory>\api-ms-win-crt-process-l1-1-0.dll
<Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
<Current directory>\api-ms-win-core-synch-l1-2-0.dll
<Current directory>\api-ms-win-core-synch-l1-1-0.dll
<Current directory>\api-ms-win-core-debug-l1-1-0.dll
<Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-2-0.dll
<Current directory>\api-ms-win-core-file-l2-1-0.dll
<Current directory>\api-ms-win-core-handle-l1-1-0.dll
<Current directory>\api-ms-win-core-heap-l1-1-0.dll
<Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
<Current directory>\api-ms-win-core-datetime-l1-1-0.dll
<Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
<Current directory>\api-ms-win-core-memory-l1-1-0.dll
<Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
<Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
<Current directory>\api-ms-win-core-profile-l1-1-0.dll
<Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
<Current directory>\api-ms-win-core-string-l1-1-0.dll
<Current directory>\api-ms-win-core-localization-l1-2-0.dll
<Current directory>\ucrtbase.dll
<Current directory>\vcruntime140.dll

Deletes the following files

<Current directory>\d.cab

Moves the following files

from <Current directory>\$dpx$.tmp\eaacfc20613ffe43acb7953bc137e7ac.tmp to <Current directory>\api-ms-win-core-console-l1-1-0.dll
from <Current directory>\$dpx$.tmp\29a5584ff43ab74ba58085a18a30c8b8.tmp to <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\52be5495aa3b5f4f96190030ed1cf82c.tmp to <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
from <Current directory>\$dpx$.tmp\b289199618cb8543a8b528a87c9aa221.tmp to <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\9a7085512feffc4c9b0146d5964801a7.tmp to <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
from <Current directory>\$dpx$.tmp\47dc8ef9ed29284e8840bc0f928ae23c.tmp to <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\364817b2f4791e4c88852ab7f3509ad8.tmp to <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d75580b841c310408b0005bbdf393498.tmp to <Current directory>\api-ms-win-crt-math-l1-1-0.dll
from <Current directory>\$dpx$.tmp\27a92b68beefc74e881aab595b96b164.tmp to <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
from <Current directory>\$dpx$.tmp\333320adb050fc4cb56f6de884a9e283.tmp to <Current directory>\api-ms-win-core-util-l1-1-0.dll
from <Current directory>\$dpx$.tmp\916fc7d1d60f82469c92039008bc966d.tmp to <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
from <Current directory>\$dpx$.tmp\143ba31d27a99f4ca7d4df690edfac40.tmp to <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\b4738c8098472c4d8cb84355a0151d87.tmp to <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\4c6e9e043501d14fb0d8289f78b21cec.tmp to <Current directory>\api-ms-win-crt-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\9dd41bcd27eb7244aa7434d7fe2f780d.tmp to <Current directory>\api-ms-win-crt-time-l1-1-0.dll
from <Current directory>\$dpx$.tmp\823a37f1c540574b96b8620d053fe8ad.tmp to <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
from <Current directory>\$dpx$.tmp\399be277dbf78143b0288c7f1dd894bd.tmp to <Current directory>\msvcp140.dll
from <Current directory>\$dpx$.tmp\2d9f0620b4c6ee4b998b58e7a015603e.tmp to <Current directory>\opencl.dll
from <Current directory>\$dpx$.tmp\6933cbea8073fc43be32b4173d8d7abc.tmp to <Current directory>\api-ms-win-crt-private-l1-1-0.dll
from <Current directory>\$dpx$.tmp\250cdb62f42f1847a7a3e8c30eb2e4ad.tmp to <Current directory>\api-ms-win-crt-process-l1-1-0.dll
from <Current directory>\$dpx$.tmp\98f8649073abb446876fa7c82f53cf21.tmp to <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
from <Current directory>\$dpx$.tmp\2808a6c4ebc6524c8bd9be7b9d0447fc.tmp to <Current directory>\api-ms-win-core-synch-l1-2-0.dll
from <Current directory>\$dpx$.tmp\4b53f1f60eb3554b847bc74586ae209d.tmp to <Current directory>\api-ms-win-core-synch-l1-1-0.dll
from <Current directory>\$dpx$.tmp\dff5e7df4ced3149b18be93cd7fad812.tmp to <Current directory>\api-ms-win-core-debug-l1-1-0.dll
from <Current directory>\$dpx$.tmp\cdbd4f6367e0404d99218876636a79d6.tmp to <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
from <Current directory>\$dpx$.tmp\ad0803e1da1fb64bbd8b8692fc4060dc.tmp to <Current directory>\api-ms-win-core-file-l1-1-0.dll
from <Current directory>\$dpx$.tmp\3d2eda3cdf48fc4fb5bedd8ab658781e.tmp to <Current directory>\api-ms-win-core-file-l1-2-0.dll
from <Current directory>\$dpx$.tmp\bca2ce300d9c5442b36f3ef8fe16fbdf.tmp to <Current directory>\api-ms-win-core-file-l2-1-0.dll
from <Current directory>\$dpx$.tmp\2b95b6415d83984da38dfda62b1ff3dd.tmp to <Current directory>\api-ms-win-core-handle-l1-1-0.dll
from <Current directory>\$dpx$.tmp\62253a098c4e0f4b88bb77e68dff37f6.tmp to <Current directory>\api-ms-win-core-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\08089a2b8a65e24b90135a91bc15d91b.tmp to <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
from <Current directory>\$dpx$.tmp\3dc77c2a8592b142a25653d2fcb9924e.tmp to <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\016d429252461848bb8b815425708dde.tmp to <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
from <Current directory>\$dpx$.tmp\b3b1e792d5cbc7488e283f5d3b56cf7b.tmp to <Current directory>\api-ms-win-core-memory-l1-1-0.dll
from <Current directory>\$dpx$.tmp\ec74a7493f5fae408dfeb6794efda6ac.tmp to <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
from <Current directory>\$dpx$.tmp\5b296b7ffe42e04f8f24335db9bf6223.tmp to <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\7c5c754b7de4cc4bb6f0d373807dbee3.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
from <Current directory>\$dpx$.tmp\16dbb128cb36254fadf42ce206c9b539.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
from <Current directory>\$dpx$.tmp\9ca70cfaf5b21f4ba1bb58564a07d75e.tmp to <Current directory>\api-ms-win-core-profile-l1-1-0.dll
from <Current directory>\$dpx$.tmp\684434e94a90a14e8ab0e19b60d0f2b7.tmp to <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
from <Current directory>\$dpx$.tmp\123e3d3c5ecdca4dbc2a2b0062606e08.tmp to <Current directory>\api-ms-win-core-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\5278e43911caa145800e5f36b5e1ba9c.tmp to <Current directory>\api-ms-win-core-localization-l1-2-0.dll
from <Current directory>\$dpx$.tmp\98d2b16c09611b459f306b19d59cbc8d.tmp to <Current directory>\ucrtbase.dll
from <Current directory>\$dpx$.tmp\37e0766d585abb4ab10ff4c5756c6eb9.tmp to <Current directory>\vcruntime140.dll

Network activity

TCP

'lp##.abbny.com':443

UDP

DNS ASK lp##.beahh.com
DNS ASK lp##.abbny.com
DNS ASK lp##.haqo.net

Miscellaneous

Creates and executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a' (with hidden window)

Executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a
'<SYSTEM32>\expand.exe' d.cab -f:* .

Технології

Терміни

Навчання

Міфи

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней