Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'netsys.exe' = '%WINDIR%\netsys.exe'
Вредоносные функции:
Внедряет код в
следующие системные процессы:
- %WINDIR%\Explorer.EXE
Изменения в файловой системе:
Создает следующие файлы:
- %WINDIR%\netsys.exe
- %TEMP%\~ZY1.tmp
Сетевая активность:
Подключается к:
- '81.#04.8.81':4899
- '81.##4.10.90':4899
- '81.##4.198.28':4899
- '81.#04.8.80':4899
- '81.##4.138.148':4899
- '81.##4.148.221':4899
- '81.##4.40.18':4899
- '81.##4.91.212':4899
- '81.##4.146.44':4899
- '81.##4.191.71':4899
- '81.##4.46.198':4899
- '81.##4.99.215':4899
- '81.##4.33.177':4899
- '81.##4.138.1':4899
- '81.##4.218.242':4899
- '81.##4.145.190':4899
- '81.##4.44.219':4899
- '81.##4.252.1':4899
- '81.##4.20.49':4899
- '81.#04.9.61':4899
- '81.##4.210.73':4899
- '81.##4.177.167':4899
- '81.##4.23.233':4899
- '81.##4.45.235':4899
- '81.##4.121.238':4899
- '81.##4.43.170':4899
- '81.##4.113.85':4899
- '81.##4.117.126':4899
- '81.##4.131.14':4899
- '81.##4.236.124':4899
- '81.#04.39.4':4899
- '81.##4.27.63':4899
- '81.##4.94.136':4899
- '81.##4.230.190':4899
- '81.##4.46.179':4899
- '81.##4.41.88':4899
- '81.##4.23.164':4899
- '81.##4.175.112':4899
- '81.##4.159.111':4899
- '81.##4.18.119':4899
- '81.##4.89.222':4899
- '81.##4.80.99':4899
- '81.##4.40.72':4899
- '81.##4.34.83':4899
- '81.##4.129.116':4899
- '81.##4.160.128':4899
- '81.##4.63.69':4899
- '81.##4.95.254':4899
- '81.##4.36.226':4899
- '81.##4.47.185':4899
- '81.##4.133.215':4899
- '81.##4.84.134':4899
- '81.##4.197.224':4899
- '81.##4.92.115':4899
- '81.##4.211.155':4899
- '81.##4.158.62':4899
- '81.##4.45.32':4899
- '81.##4.158.136':4899
- '81.##4.238.111':4899
- '81.##4.121.113':4899
- '81.##4.133.3':4899
- '81.##4.160.190':4899
- '81.##4.243.98':4899
- '81.##4.151.82':4899
- '81.##4.200.133':4899
- '81.##4.99.157':4899
- '81.##4.225.24':4899
- '81.##4.169.141':4899
- '81.##4.203.180':4899
- '81.##4.92.249':4899
- '81.##4.226.173':4899
- '81.##4.146.226':4899
- '81.#04.63.1':4899
- '81.##4.42.202':4899
- '81.##4.147.171':4899
- '81.##4.8.137':4899
- '81.##4.144.153':4899
- '81.##4.242.127':4899
- '81.##4.122.166':4899
- '81.##4.43.173':4899
- '81.##4.215.47':4899
- '81.##4.249.162':4899
- '81.##4.22.112':4899
- '81.##4.23.98':4899
- '81.##4.42.237':4899
- '81.##4.41.194':4899
- '81.##4.98.244':4899
- '81.##4.116.204':4899
- '81.##4.99.253':4899
- '81.#04.8.1':4899
- '81.##4.39.193':4899
- '81.##4.129.248':4899
- '81.##4.89.140':4899
- '81.##4.37.106':4899
- '81.##4.244.186':4899
- '81.##4.213.88':4899
- '81.##4.185.190':4899
- '81.##4.216.8':4899
- '81.#04.8.38':4899
- '81.##4.36.150':4899
- '81.##4.113.169':4899
- '81.##4.98.251':4899
- '81.##4.45.236':4899
- '81.##4.40.12':4899
- '81.##4.8.108':4899
- '81.##4.19.22':4899
- '81.##4.116.248':4899
- '81.##4.195.166':4899
- '81.##4.10.239':4899
- '81.##4.32.152':4899
- '81.##4.236.115':4899
- '81.##4.238.139':4899
- '81.##4.113.8':4899
- 'ss###.dyndns.org':21000
- '81.##4.47.134':4899
- '81.##4.207.68':4899
- '81.##4.9.216':4899
- '81.##4.200.177':4899
- '81.##4.44.101':4899
- '81.##4.161.47':4899
- '81.##4.93.24':4899
- '81.##4.229.100':4899
UDP:
- DNS ASK ss###.dyndns.org
