Техническая информация
Вредоносные функции:
Запускает на исполнение:
- '<SYSTEM32>\regsvr32.exe' /s xactengine2_10.dll
- '<SYSTEM32>\regsvr32.exe' /s xactengine2_2.dll
- '<SYSTEM32>\regsvr32.exe' /s xactengine2_1.dll
- '%APPDATA%\Setup.exe' /S
- '<SYSTEM32>\regsvr32.exe' /s xactengine2_0.dll
Регистрирует COM-сервер:
- [<HKLM>\SOFTWARE\Classes\CLSID\{65d822a4-4799-42c6-9b18-d26cf66dd320}\InProcServer32] '' = '<SYSTEM32>\xactengine2_10.dll'
- [<HKLM>\SOFTWARE\Classes\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\InProcServer32] '' = '<SYSTEM32>\xactengine2_2.dll'
- [<HKLM>\SOFTWARE\Classes\CLSID\{0aa000aa-f404-11d9-bd7a-0010dc4f8f81}\InProcServer32] '' = '<SYSTEM32>\xactengine2_0.dll'
- [<HKLM>\SOFTWARE\Classes\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\InProcServer32] '' = '<SYSTEM32>\xactengine2_1.dll'
Изменения в файловой системе:
Создает следующие файлы:
- <SYSTEM32>\d3dx10_36.dll
- <SYSTEM32>\d3dx10_35.dll
- <SYSTEM32>\d3dx10_37.dll
- <SYSTEM32>\d3dx10_39.dll
- <SYSTEM32>\d3dx10_38.dll
- <SYSTEM32>\d3dcsx_43.dll
- <SYSTEM32>\d3dcsx_42.dll
- <SYSTEM32>\d3dx10.dll
- <SYSTEM32>\d3dx10_34.dll
- <SYSTEM32>\d3dx10_33.dll
- <SYSTEM32>\d3dx9_24.dll
- <SYSTEM32>\d3dx11_43.dll
- <SYSTEM32>\d3dx9_25.dll
- <SYSTEM32>\d3dx9_27.dll
- <SYSTEM32>\d3dx9_26.dll
- <SYSTEM32>\d3dx10_41.dll
- <SYSTEM32>\d3dx10_40.dll
- <SYSTEM32>\d3dx10_42.dll
- <SYSTEM32>\d3dx11_42.dll
- <SYSTEM32>\d3dx10_43.dll
- <SYSTEM32>\d3dcompiler_36.dll
- <SYSTEM32>\XAPOFX1_3.dll
- <SYSTEM32>\XAPOFX1_2.dll
- <SYSTEM32>\XAPOFX1_4.dll
- <SYSTEM32>\XAudio2_0.dll
- <SYSTEM32>\XAPOFX1_5.dll
- <SYSTEM32>\X3DAudio1_6.dll
- <SYSTEM32>\X3DAudio1_5.dll
- <SYSTEM32>\X3DAudio1_7.dll
- <SYSTEM32>\XAPOFX1_1.dll
- <SYSTEM32>\XAPOFX1_0.dll
- <SYSTEM32>\XAudio2_7.dll
- <SYSTEM32>\XAudio2_6.dll
- <SYSTEM32>\d3dcompiler_33.dll
- <SYSTEM32>\d3dcompiler_35.dll
- <SYSTEM32>\d3dcompiler_34.dll
- <SYSTEM32>\XAudio2_2.dll
- <SYSTEM32>\XAudio2_1.dll
- <SYSTEM32>\XAudio2_3.dll
- <SYSTEM32>\XAudio2_5.dll
- <SYSTEM32>\XAudio2_4.dll
- <SYSTEM32>\d3dx9_28.dll
- <SYSTEM32>\xactengine2_8.dll
- <SYSTEM32>\xactengine2_7.dll
- <SYSTEM32>\xactengine2_9.dll
- <SYSTEM32>\xactengine3_1.dll
- <SYSTEM32>\xactengine3_0.dll
- <SYSTEM32>\xactengine2_3.dll
- <SYSTEM32>\xactengine2_2.dll
- <SYSTEM32>\xactengine2_4.dll
- <SYSTEM32>\xactengine2_6.dll
- <SYSTEM32>\xactengine2_5.dll
- <SYSTEM32>\xinput1_1.dll
- <SYSTEM32>\xactengine3_7.dll
- <SYSTEM32>\xinput1_2.dll
- <SYSTEM32>\xinput9_1_0.dll
- <SYSTEM32>\xinput1_3.dll
- <SYSTEM32>\xactengine3_3.dll
- <SYSTEM32>\xactengine3_2.dll
- <SYSTEM32>\xactengine3_4.dll
- <SYSTEM32>\xactengine3_6.dll
- <SYSTEM32>\xactengine3_5.dll
- <SYSTEM32>\xactengine2_10.dll
- <SYSTEM32>\d3dx9_35.dll
- <SYSTEM32>\d3dx9_34.dll
- <SYSTEM32>\d3dx9_36.dll
- <SYSTEM32>\d3dx9_38.dll
- <SYSTEM32>\d3dx9_37.dll
- <SYSTEM32>\d3dx9_30.dll
- <SYSTEM32>\d3dx9_29.dll
- <SYSTEM32>\d3dx9_31.dll
- <SYSTEM32>\d3dx9_33.dll
- <SYSTEM32>\d3dx9_32.dll
- <SYSTEM32>\x3daudio1_1.dll
- <SYSTEM32>\x3daudio1_0.dll
- <SYSTEM32>\x3daudio1_2.dll
- <SYSTEM32>\xactengine2_1.dll
- <SYSTEM32>\xactengine2_0.dll
- <SYSTEM32>\d3dx9_40.dll
- <SYSTEM32>\d3dx9_39.dll
- <SYSTEM32>\d3dx9_41.dll
- <SYSTEM32>\d3dx9_43.dll
- <SYSTEM32>\d3dx9_42.dll
- <SYSTEM32>\X3DAudio1_4.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.xml
- %APPDATA%\Setup.exe
- %TEMP%\aut1.tmp
- %TEMP%\nsi3.tmp
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.xml
- %WINDIR%\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini
- <SYSTEM32>\D3DCompiler_41.dll
- <SYSTEM32>\D3DCompiler_40.dll
- <SYSTEM32>\D3DCompiler_42.dll
- <SYSTEM32>\X3DAudio1_3.dll
- <SYSTEM32>\D3DCompiler_43.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
- <SYSTEM32>\D3DCompiler_37.dll
- <SYSTEM32>\D3DCompiler_39.dll
- <SYSTEM32>\D3DCompiler_38.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini
- %WINDIR%\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- %WINDIR%\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
Присваивает атрибут 'скрытый' для следующих файлов:
- %APPDATA%\Setup.exe
Удаляет следующие файлы:
- %TEMP%\aut1.tmp
