Техническая информация
Для обеспечения автозапуска и распространения:
Создает или изменяет следующие файлы:
- %WINDIR%\Tasks\SA.DAT
Создает следующие сервисы:
- [<HKLM>\SYSTEM\ControlSet001\Services\MSWindows] 'Start' = '00000002'
Вредоносные функции:
Создает и запускает на исполнение:
- '<SYSTEM32>\urdvxc.exe' /service
- '<SYSTEM32>\urdvxc.exe' /uninstallservice patch:<Полный путь к вирусу>
- '<SYSTEM32>\urdvxc.exe' /installservice
- '<SYSTEM32>\urdvxc.exe' /start
Запускает на исполнение:
- '<SYSTEM32>\svchost.exe' -k netsvcs
- '<SYSTEM32>\dumprep.exe' 1124 -dm 7 7 %TEMP%\WER579c.dir00\svchost.exe.mdmp 16325836412032408
Изменения в файловой системе:
Создает следующие файлы:
- %CommonProgramFiles%\Microsoft Shared\Stationery\vkjljzrn.exe
- %TEMP%\WER579c.dir00\svchost.exe.mdmp
- <SYSTEM32>\urdvxc.exe
Самоудаляется.
Сетевая активность:
Подключается к:
- '13#.#38.137.28':139
- '13#.#38.21.137':139
- '13#.#38.146.11':139
- '13#.#38.0.216':139
- '13#.#38.78.95':139
- '13#.#38.88.11':139
- '13#.#38.185.21':139
- '13#.#38.22.185':139
- '13#.#38.133.57':139
- '13#.#38.175.132':139
- '13#.#38.15.233':139
- '13#.#38.74.52':139
- '13#.#38.127.132':139
- '13#.#38.127.132':445
- '13#.#38.73.53':139
- '13#.#38.4.21':139
- '13#.#38.0.104':139
- '13#.#38.11.55':139
- '13#.#38.1.153':139
- '13#.#38.72.80':139
- '13#.#38.187.241':139
- '13#.#38.199.244':445
- '13#.#38.199.244':139
- '13#.#38.241.37':139
- '13#.#38.21.254':139
- '13#.#38.235.207':139
- '13#.#38.167.207':139
- '13#.#38.140.167':139
- '13#.#38.159.190':139
- '13#.#38.206.159':139
- '13#.#38.102.82':139
- '13#.#38.184.230':139
- '13#.#38.92.168':139
- '14.##.146.71':139
- '14.##.82.146':139
- '14.#0.71.4':139
- '14.#0.4.254':139
- '13#.#38.212.3':139
- '13#.#38.144.14':139
- '13#.#38.16.185':445
- '13#.#38.170.226':445
- '14.##.95.110':139
- '14.##.123.59':139
- '14.##.189.123':139
- '14.#0.58.95':139
- '14.##.167.38':139
- '14.##.254.67':139
- '14.#0.101.9':139
- '14.##.191.225':139
- '13#.#38.110.131':139
- '13#.#38.130.15':139
- '13#.#38.88.45':139
- '13#.#38.1.212':139
- '13#.#38.244.248':139
- '13#.#38.46.142':139
- '13#.#38.225.29':139
- '13#.#38.40.225':139
- '13#.#38.170.226':139
- '13#.#38.114.78':139
- '13#.#38.114.78':445
- '13#.#38.218.32':139
- '13#.#38.158.241':139
- '13#.#38.12.194':139
- '13#.#38.16.185':139
- '13#.#38.75.44':139
- '13#.#38.17.247':139
- '13#.#38.129.137':139
- '13#.#38.3.247':139
- '13#.#38.76.65':139
- '13#.#38.72.8':139
- '13#.#38.66.28':139
- '13#.#38.129.137':445
- '13#.#38.55.104':139
- '13#.#38.187.241':445
- '13#.#38.110.188':139
- '13#.#38.11.55':445
- '13#.#38.241.37':445
- '13#.#38.31.24':445
- '13#.#38.7.57':445
- '13#.#38.31.24':139
- '13#.#38.7.57':139
- '13#.#38.77.198':139
- '13#.#38.3.32':139
- '13#.#38.217.73':139
- '13#.#38.42.100':139
- '13#.#38.189.201':139
- '13#.#38.104.203':139
- '13#.#38.76.167':139
- '13#.#38.104.14':139
- '13#.#38.188.126':139
- '13#.#38.17.119':139
- '13#.#38.46.182':139
- '13#.#38.147.206':139
- '13#.#38.85.130':139
- '13#.#38.7.246':139
- '13#.#38.96.239':139
- '13#.#38.233.182':139
- '13#.#38.0.104':445
- '13#.#38.40.225':445
- '13#.#38.92.168':445
- '13#.#38.46.142':445
- '13#.#38.130.15':445
- '13#.#38.146.11':445
- '13#.#38.133.57':445
- '13#.#38.15.233':445
- '13#.#38.0.216':445
- '13#.#38.218.32':445
- '13#.#38.12.194':445
- '13#.#38.144.14':445
- '13#.#38.212.3':445
- '13#.#38.110.131':445
- '13#.#38.225.29':445
- '13#.#38.88.45':445
- '13#.#38.1.212':445
- '13#.#38.159.190':445
- '13#.#38.235.207':445
- '13#.#38.72.80':445
- '13#.#38.1.153':445
- '13#.#38.102.82':445
- '13#.#38.140.167':445
- '13#.#38.184.230':445
- '13#.#38.206.159':445
- '13#.#38.4.21':445
- '13#.#38.185.21':445
- '13#.#38.137.28':445
- '13#.#38.175.132':445
- '13#.#38.21.254':445
- '13#.#38.22.185':445
- '13#.#38.78.95':445
- '13#.#38.167.207':445
- '14.##.14.238':445
- '14.##.117.144':139
- '14.#0.39.53':139
- '14.##.206.139':139
- '14.##.228.200':139
- '14.#0.56.14':139
- '14.##.201.42':139
- '14.##.248.46':139
- '14.##.14.156':139
- '14.##.31.244':139
- '14.##.217.159':139
- '14.#0.81.76':139
- '14.##.232.109':139
- '14.##.186.36':139
- '14.##.223.41':139
- '14.##.69.237':139
- '14.#0.36.70':139
- '14.##.101.196':445
- '14.##.185.47':445
- '14.#0.47.10':445
- '14.##.170.49':445
- '14.##.151.145':445
- '14.##.143.151':445
- '14.#0.6.223':445
- '14.#0.200.9':445
- '14.#0.16.11':445
- '14.##.22.163':445
- '14.##.203.145':139
- '14.##.159.242':139
- '14.##.179.145':445
- '14.##.87.195':445
- '14.##.21.113':445
- '14.#0.60.40':445
- '14.##.192.162':139
- '14.#0.6.223':139
- '14.#0.200.9':139
- '14.##.185.47':139
- '14.##.101.196':139
- '14.##.166.45':139
- '14.##.248.225':139
- '14.##.151.145':139
- '14.##.143.151':139
- '14.#0.16.11':139
- '14.##.21.113':139
- '14.##.22.163':139
- '14.##.179.145':139
- '14.#0.47.10':139
- '14.##.170.49':139
- '14.#0.60.40':139
- '14.##.87.195':139
- '14.#0.79.66':139
- '14.##.199.16':139
- '14.#0.88.53':139
- '14.#0.33.87':139
- '14.##.233.30':139
- '14.#0.154.2':139
- '14.##.197.43':139
- '14.#0.80.29':139
- '14.##.170.236':139
- '14.##.78.107':139
- '14.##.230.51':139
- '14.##.11.222':139
- '14.##.115.77':139
- '14.##.127.225':139
- '14.##.195.194':139
- '14.##.232.21':139
- '14.##.179.145':9988
- '14.#0.6.223':9988
- '14.#0.200.9':9988
- '14.##.87.195':9988
- '14.#0.60.40':9988
- '14.##.11.222':9988
- '14.##.185.47':9988
- '14.#0.16.11':9988
- '14.##.203.145':445
- '14.##.159.242':445
- '14.#0.56.14':445
- '14.##.201.42':445
- '14.##.166.45':9988
- '14.##.143.151':9988
- '14.##.22.163':9988
- '14.##.21.113':9988
- '14.##.217.159':9988
- '14.##.195.194':9988
- '14.##.117.144':9988
- '14.##.186.36':9988
- '14.#0.80.40':139
- '14.##.14.238':139
- '14.#0.222.4':139
- '14.##.28.133':139
- '14.##.206.139':9988
- '14.##.248.225':9988
- '14.##.78.107':9988
- '14.#0.80.29':9988
- '14.#0.33.87':9988
- '14.#0.36.70':9988
- '14.#0.88.53':9988
- '14.##.127.225':9988
- '14.##.14.156':445
- '14.#0.88.53':445
- '14.##.197.43':445
- '14.##.232.21':445
- '14.##.127.225':445
- '14.#0.33.87':445
- '14.##.233.30':445
- '14.#0.80.29':445
- '14.##.199.16':445
- '14.##.248.225':445
- '14.##.230.51':445
- '14.##.166.45':445
- '14.##.11.222':445
- '14.##.115.77':445
- '14.##.195.194':445
- '14.##.170.236':445
- '14.##.78.107':445
- '14.#0.36.70':445
- '14.##.117.144':445
- '14.##.186.36':445
- '14.##.232.109':445
- '14.##.206.139':445
- '14.#0.39.53':445
- '14.##.223.41':445
- '14.##.248.46':445
- '14.#0.81.76':445
- '14.##.192.162':445
- '14.#0.79.66':445
- '14.#0.154.2':445
- '14.##.228.200':445
- '14.##.69.237':445
- '14.##.31.244':445
- '14.##.217.159':445
