Trojan.DownLoader10.9361

Добавлен в вирусную базу Dr.Web: 2013-08-25

Описание добавлено: 2013-08-26

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Google Update ‮❤' = '"<LS_APPDATA>\Google\Desktop\Install\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\GoogleUpdate.exe" >'

Создает следующие сервисы:

[<HKLM>\SYSTEM\ControlSet001\Services\‮etadpug] 'ImagePath' = '"%PROGRAM_FILES%\Google\Desktop\Install\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\ \ \‮ﯹ๛\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\GoogleUpdate.exe" <'
[<HKLM>\SYSTEM\ControlSet001\Services\‮etadpug] 'Start' = '00000002'

Вредоносные функции:

Внедряет код в

следующие системные процессы:

<SYSTEM32>\cmd.exe
<SYSTEM32>\services.exe

Изменения в файловой системе:

Создает следующие файлы:

%PROGRAM_FILES%\Google\Desktop\Install\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\ \ \‮ﯹ๛\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\GoogleUpdate.exe
%PROGRAM_FILES%\Google\Desktop\Install\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\ \ \‮ﯹ๛\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\@
<LS_APPDATA>\Google\Desktop\Install\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\GoogleUpdate.exe
<LS_APPDATA>\Google\Desktop\Install\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{2ebe1c2e-2a38-cb36-436c-4d1cb8c2630c}\@

Самоудаляется.

Сетевая активность:

Подключается к:

'j.###mind.com':80

TCP:

Запросы HTTP GET:

j.###mind.com/app/geoip.js

UDP:

DNS ASK qz#Qi.
DNS ASK qz#�z]
DNS ASK qz#�g�
DNS ASK qz#qo�)
DNS ASK qz#2>ɩ
DNS ASK qz#J0�
DNS ASK qz#!۠
DNS ASK qz#�lo
DNS ASK j.###mind.com
DNS ASK qz#�Y
DNS ASK qz#B� �
DNS ASK qz#b��
'72.##3.103.99':16464
'88.##.117.113':16464
'74.##.163.109':16464
'69.#7.82.59':16464
'11#.#7.211.88':16464
'71.##3.98.104':16464
'70.#.19.105':16464
'89.##0.111.41':16464
'21#.#9.32.20':16464
'11#.#63.221.1':16464
'46.##.57.115':16464
'11#.#7.91.194':16464
'12#.#3.71.60':16464
'90.##2.108.60':16464
'86.##2.225.72':16464
'66.##.202.54':16464
'88.##1.146.7':16464
'24.##4.88.111':16464
'79.##4.28.94':16464
'19#.#8.10.72':16464
'11#.#9.170.113':16464
'11#.#87.35.189':16464
'22#.#41.78.102':16464
'19#.#8.140.102':16464
'77.##6.36.200':16464
'81.##1.33.104':16464
'84.##5.152.85':16464
'79.##2.136.249':16464
'24.#.205.15':16464
'21#.#70.128.17':16464
'11#.#76.27.14':16464
'12#.#38.122.15':16464
'5.##.84.249':16464
'79.##9.165.17':16464
'61.#.226.21':16464
'67.##9.32.245':16464
'24.#0.7.19':16464
'21#.#40.199.6':16464
'18#.#3.229.25':16464
'10#.#40.249.21':16464
'5.##.97.247':16464
'77.##5.225.18':16464
'74.##.178.46':16464
'11#.#12.150.46':16464
'96.##.38.253':16464
'18#.#4.85.54':16464
'86.##2.232.47':16464
'82.##0.170.37':16464
'71.##9.218.37':16464
'88.##9.119.14':16464
'76.##9.72.121':16464
'12#.#0.50.44':16464
'16#.#28.105.42':16464
'68.##2.77.42':16464
'69.##3.11.49':16464
'24.#3.83.18':16464
'78.##.230.28':16464
'99.#2.166.8':16464
'67.##4.131.19':16464
'11#.#19.98.243':16464
'68.##.16.245':16464
'24.##8.45.245':16464
'17#.#23.197.251':16464
'5.##.119.243':16464
'2.##.175.246':16464
'96.##.51.163':16464
'79.##1.109.25':16464
'21#.#8.251.249':16464
'83.#6.87.4':16464
'24.##6.221.13':16464
'12#.#38.232.12':16464
'98.##9.183.10':16464
'71.#38.72.5':16464
'24.##2.186.3':16464
'19#.#27.0.14':16464
'18#.#7.144.6':16464
'18#.#92.4.243':16464
'17#.#2.138.17':16464
'98.##7.103.252':16464
'70.#4.206.5':16464
'79.#5.140.9':16464
'94.##6.49.12':16464
'95.##.94.137':16464
'71.##4.110.162':16464
'18#.#5.218.127':16464
'27.#51.64.4':16464
'19#.#91.249.146':16464
'5.##.121.137':16464
'95.##.100.171':16464
'11#.#6.170.30':16464
'89.##5.95.140':16464
'17#.#08.78.50':16464
'71.##.246.247':16464
'14.#6.2.242':16464
'20#.#6.198.30':16464
'18#.#4.239.2':16464
'21#.#5.2.246':16464
'12#.#13.80.250':16464
'66.##5.88.243':16464
'66.##.88.248':16464
'22#.#29.32.246':16464
'75.##2.216.252':16464
'80.##7.231.244':16464
'75.##1.37.250':16464
'14.##8.30.245':16464
'67.##7.151.133':16464
'11#.#0.173.247':16464
'78.##.30.247':16464
'12#.#52.227.250':16464
'18#.#61.75.26':16464
'16#.#54.253.254':16464
'18#.#54.253.254':16464
'19#.#54.253.254':16464
'23#.#54.253.254':16464
'13#.#54.253.254':16464
'15#.#54.253.254':16464
'20#.#54.253.254':16464
'17#.#9.48.57':16464
'18#.#9.60.40':16464
'87.##7.96.38':16464
'22#.#54.253.254':16464
'11#.#54.253.254':16464
'11#.#41.210.52':16464
'5.##.86.126':16464
'84.#.107.68':16464
'50.##5.123.68':16464
'86.##2.234.137':16464
'74.##1.154.67':16464
'10#.#2.66.137':16464
'96.##.252.86':16464
'11#.#7.102.113':16464
'20#.#99.227.103':16464
'72.##5.40.119':16464
'21#.#50.127.56':16464
'17#.#4.117.134':16464
'49.#.193.75':16464
'12#.#5.89.111':16464
'11#.#3.49.90':16464
'18#.#7.166.94':16464
'10#.#02.186.102':16464
'84.##6.14.87':16464
'46.#0.96.88':16464
'36.##4.126.89':16464
'17#.#8.49.111':16464
'20#.#5.91.126':16464
'17#.#76.177.119':16464
'89.##9.69.120':16464
'98.##.245.111':16464
'14#.#62.87.112':16464
'5.###.181.115':16464
'96.#1.56.85':16464
'95.##.202.120':16464
'5.##.168.64':16464
'74.##.107.28':16464
'21#.#0.27.59':16464
'78.##5.106.62':16464
'49.##0.203.62':16464
'75.##4.171.74':16464
'82.#43.94.4':16464
'78.##9.43.168':16464
'71.##.237.82':16464
'95.##.197.77':16464
'87.##2.173.82':16464
'13#.#8.160.10':16464
'11#.#79.243.58':16464
'21#.#20.74.14':16464
'27.##.208.51':16464
'77.#0.41.48':16464
'88.##.103.30':16464
'14#.106.5.3':16464
'67.##7.170.6':16464
'76.##3.112.46':16464
'66.##7.94.30':16464
'71.#35.3.26':16464
'50.##1.132.161':16464
'18#.#20.19.39':16464
'79.##2.201.38':16464
'11#.#11.215.21':16464
'24.##.139.84':16464
'94.##.36.136':16464
'64.##.138.163':16464
'10#.#02.138.40':16464
'98.##.72.163':16464
'17#.#08.102.57':16464
'72.##6.97.157':16464
'70.##.116.152':16464
'12#.#23.122.123':16464
'81.##2.31.141':16464
'18#.#3.75.56':16464
'83.#.243.139':16464
'11#.#61.162.101':16464
'19#.#6.101.47':16464
'18#.#30.192.30':16464
'18#.#4.18.33':16464
'98.##2.221.33':16464
'11#.#92.249.20':16464
'69.##8.159.67':16464
'84.##.170.57':16464
'68.##5.242.36':16464
'91.##.207.177':16464
'11#.#46.65.2':16464
'68.##9.112.104':16464
'76.#0.56.89':16464
'12#.#.101.53':16464
'19#.#18.241.184':16464
'17#.#17.169.21':16464
'67.##0.129.7':16464
'76.#7.32.6':16464
'11#.#68.122.1':16464
'12#.#15.165.215':16464
'86.##2.145.68':16464
'11#.#3.132.203':16464
'11#.#65.195.51':16464
'5.##.179.25':16464
'17#.#22.49.75':16464
'67.##8.204.41':16464
'71.##5.106.45':16464
'46.##.109.74':16464
'17#.50.9.32':16464

Другое:

Ищет следующие окна:

ClassName: 'Indicator' WindowName: '(null)'

Технології

Терміни

Навчання

Міфи

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней