Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'z1uhsaknda' = '"%APPDATA%\z1uhsaknda.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\Start Menu\Programs\Startup\filename.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Update' = '%HOMEPATH%\Start Menu\Programs\Startup\filename.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\z1uhsaknda.vbs
- <Полный путь к вирусу>
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe' "%APPDATA%\z1uhsaknda.exe" kCt6EvNfYp wI7Fe1GIOK
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe' "%HOMEPATH%\Start Menu\Programs\Startup\filename.exe"
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- %APPDATA%\z1uhsaknda.exe
- '18#.#17.75.178':80
- 'my####rnalip.com':80
- 'wp#d':80
- http://my####rnalip.com/raw
- http://11#.#11.111.1/wpad.dat via wp#d
- http://18#.#17.75.178/gate.php
- DNS ASK my####rnalip.com
- DNS ASK wp#d
- ClassName: 'Indicator' WindowName: ''