Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Classes\KuGoo.KFS\Shell\Open\Command] '' = '"%PROGRAM_FILES%\KuGou\KuGou2011\KuGoo.exe" /ApplySkin "%1"'
- [<HKLM>\SOFTWARE\Classes\PROTOCOLS\Handler\KuGoo] 'CLSID' = '{6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}'
- [<HKLM>\SOFTWARE\Classes\PROTOCOLS\Handler\KuGoo3] 'CLSID' = '{6AC4FBC7-AA38-45EC-9634-D6D20B679EFC}'
Вредоносные функции:
Создает и запускает на исполнение:
- '%PROGRAM_FILES%\KuGou\KuGou2011\KuGoo.exe' RegFileType
- '%PROGRAM_FILES%\KuGou\KuGou2011\KuGoo.exe' Import
- '%TEMP%\is-EQB51.tmp\<Имя вируса>.tmp' /SL5="$30130,8508496,334336,<Полный путь к вирусу>"
Запускает на исполнение:
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\KuGoo3DownXControl.ocx"
Изменения в файловой системе:
Создает следующие файлы:
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-7T0P9.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-4OK22.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-H15MM.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-D3PTI.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-QSH5A.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-LU07I.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\Skins\Subject\is-M84NO.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-EGQ9N.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-PM64V.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-5K53N.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-U2FA0.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-MB5J6.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-JBNLT.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\DSPPlugins\is-68DFK.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-OPGQH.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-IJ1DB.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-AC4B4.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-Q3UGQ.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\ver.ini
- %PROGRAM_FILES%\KuGou\KuGou2011\Install.ini
- %PROGRAM_FILES%\KuGou\KuGou2011\unins000.dat
- %PROGRAM_FILES%\KuGou\KuGou2011\config.ini
- %PROGRAM_FILES%\KuGou\KuGou2011\LastStatus.dat
- \Device\Mup\BVNSEUHJ*\MAILSLOT\NET\NETLOGON
- %PROGRAM_FILES%\KuGou\KuGou2011\KuGoo.xml
- %PROGRAM_FILES%\KuGou\KuGou2011\KGData.db-journal
- %PROGRAM_FILES%\KuGou\KuGou2011\KGData.db
- %PROGRAM_FILES%\KuGou\KuGou2011\is-ITMRI.tmp
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\їб№·ТфАЦ\їб№·ТфАЦ2011\їб№·ТфАЦ2011.lnk
- %PROGRAM_FILES%\KuGou\KuGou2011\is-GLDP0.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-NKVGC.tmp
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\їб№·ТфАЦ\їб№·ТфАЦ2011\Р¶ФШїб№·ТфАЦ2011.lnk
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\їб№·ТфАЦ2011.lnk
- %APPDATA%\Roaming\Microsoft\Internet Explorer\Quick Launch\їб№·ТфАЦ2011.lnk
- %HOMEPATH%\Desktop\їб№·ТфАЦ2011.lnk
- C:\ProgramData\Microsoft\Windows\Start Menu\їб№·ТфАЦ2011.lnk
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-ELMST.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-19BQS.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-L4TKS.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-P14KH.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-ICSBH.tmp
- <SYSTEM32>\is-D5KP3.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-Q38F0.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-OOPMN.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-H66PF.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-UD0JG.tmp
- %TEMP%\is-77VJ6.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-77VJ6.tmp\isx.dll
- %TEMP%\is-EQB51.tmp\<Имя вируса>.tmp
- %TEMP%\is-77VJ6.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-77VJ6.tmp\Title.bmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-1N1JT.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-QBC2V.tmp
- %TEMP%\is-77VJ6.tmp\Highlight.txt
- %TEMP%\is-77VJ6.tmp\WhatsNew.txt
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-RN3R3.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-QTDVE.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\HotImages\is-NQNON.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-T2G63.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-BSFTD.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-FJCU8.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-A4NQG.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-55DSG.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-B7H68.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-8AEG2.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-45L72.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-3A9KF.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-IU1TH.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-A25TA.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-0LF7V.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-THR8N.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-J2CSM.tmp
- %PROGRAM_FILES%\KuGou\KuGou2011\is-1JPAR.tmp
Удаляет следующие файлы:
- %TEMP%\is-77VJ6.tmp\WhatsNew.txt
- %TEMP%\is-77VJ6.tmp\Title.bmp
- %TEMP%\is-77VJ6.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-EQB51.tmp\<Имя вируса>.tmp
- %TEMP%\is-77VJ6.tmp\_isetup\_shfoldr.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\KGData.db-journal
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\їб№·ТфАЦ2011.lnk
- %PROGRAM_FILES%\KuGou\KuGou2011\LastStatus.dat
- %TEMP%\is-77VJ6.tmp\isx.dll
- %TEMP%\is-77VJ6.tmp\Highlight.txt
Перемещает следующие файлы:
- %PROGRAM_FILES%\KuGou\KuGou2011\DSPPlugins\is-68DFK.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\DSPPlugins\dsp_DEE.DLL
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-U2FA0.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_mpc.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-5K53N.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_rm.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-OPGQH.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20100628194735144.png
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-Q3UGQ.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20100628191540898.png
- %PROGRAM_FILES%\KuGou\KuGou2011\is-AC4B4.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\KGData.db
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-A4NQG.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_flac.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-FJCU8.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_dmo.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-B7H68.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_asf.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-JBNLT.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_ogg.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-MB5J6.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_mp4.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-ELMST.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_lame.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-IJ1DB.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20101103165555266.png
- %PROGRAM_FILES%\KuGou\KuGou2011\Skins\Subject\is-M84NO.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\Skins\Subject\Template.skn
- %PROGRAM_FILES%\KuGou\KuGou2011\is-LU07I.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\MPCVideoDec.ax
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-PM64V.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20110323175900176.png
- %PROGRAM_FILES%\KuGou\KuGou2011\is-ITMRI.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\RunGame.exe
- %PROGRAM_FILES%\KuGou\KuGou2011\is-NKVGC.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\KuGouMusic.ico
- %PROGRAM_FILES%\KuGou\KuGou2011\is-GLDP0.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\isx.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-7T0P9.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20110228174604197.gif
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-D3PTI.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20110224102604698.png
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-H15MM.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20110221134045686.png
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-EGQ9N.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20110311153319553.png
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-QSH5A.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20110311152925448.png
- %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\is-4OK22.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AddIns\20110311152311829.png
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-55DSG.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_ape.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\is-UD0JG.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\login.wav
- %PROGRAM_FILES%\KuGou\KuGou2011\is-H66PF.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\Perfect.SVC
- <SYSTEM32>\is-D5KP3.tmp в <SYSTEM32>\KuGoo3DownXControl.ocx
- %PROGRAM_FILES%\KuGou\KuGou2011\is-3A9KF.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AppStore.ini
- %PROGRAM_FILES%\KuGou\KuGou2011\is-OOPMN.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\optionv5.inicfg
- %PROGRAM_FILES%\KuGou\KuGou2011\is-Q38F0.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\optionv5.ini
- %PROGRAM_FILES%\KuGou\KuGou2011\is-P14KH.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\MobileAssist.exe
- %PROGRAM_FILES%\KuGou\KuGou2011\is-QBC2V.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\KuGoo.exe
- %PROGRAM_FILES%\KuGou\KuGou2011\is-1N1JT.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\unins000.exe
- %PROGRAM_FILES%\KuGou\KuGou2011\is-L4TKS.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\KuGoo3DownXControl.ocx
- %PROGRAM_FILES%\KuGou\KuGou2011\is-19BQS.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\SkinRes.skn
- %PROGRAM_FILES%\KuGou\KuGou2011\is-ICSBH.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\KGPlayer.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\is-IU1TH.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AppStore.inicfg
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-T2G63.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_aac.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\HotImages\is-NQNON.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\HotImages\kugou2010.jpg
- %PROGRAM_FILES%\KuGou\KuGou2011\is-THR8N.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\KGDaemon.exe
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-BSFTD.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_aiff.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-QTDVE.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_adpcm.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\is-RN3R3.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\AudioPlugins\kg_ac3dts.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\is-A25TA.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\TopSinger.bin
- %PROGRAM_FILES%\KuGou\KuGou2011\is-45L72.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\SingerList.bin
- %PROGRAM_FILES%\KuGou\KuGou2011\is-8AEG2.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\SingerRes.zip
- %PROGRAM_FILES%\KuGou\KuGou2011\is-0LF7V.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\msdmo.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\is-1JPAR.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\wmadmod.dll
- %PROGRAM_FILES%\KuGou\KuGou2011\is-J2CSM.tmp в %PROGRAM_FILES%\KuGou\KuGou2011\CrashReporter.exe
Сетевая активность:
UDP:
- DNS ASK so####at.kugou.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK in####l.kugou.com
- DNS ASK my####ne.kugou.com
- DNS ASK op#.#ugou.com
Другое:
Ищет следующие окна:
- ClassName: 'Shell_TrayWnd' WindowName: ''
