Trojan.MulDrop7.52386

Техническая информация

Вредоносные функции:

Завершает или пытается завершить

следующие пользовательские процессы:

firefox.exe

Изменения в файловой системе:

Создает следующие файлы:

%ProgramFiles%\rootcert\Tools\p7env.exe
%ProgramFiles%\rootcert\Tools\p7sign.exe
%ProgramFiles%\rootcert\Tools\p7content.exe
%ProgramFiles%\rootcert\Tools\ocspclnt.exe
%ProgramFiles%\rootcert\Tools\oidcalc.exe
%ProgramFiles%\rootcert\Tools\plc4.dll
%ProgramFiles%\rootcert\Tools\plds4.dll
%ProgramFiles%\rootcert\Tools\pk12util.exe
%ProgramFiles%\rootcert\Tools\p7verify.exe
%ProgramFiles%\rootcert\Tools\pk11mode.exe
%ProgramFiles%\rootcert\Tools\nssutil3.dll
%ProgramFiles%\rootcert\Tools\msvcr120.dll
%ProgramFiles%\rootcert\Tools\multinit.exe
%ProgramFiles%\rootcert\Tools\msvcr100.dll
%ProgramFiles%\rootcert\Tools\msvcp100.dll
%ProgramFiles%\rootcert\Tools\msvcp120.dll
%ProgramFiles%\rootcert\Tools\nssckbi.dll
%ProgramFiles%\rootcert\Tools\nssdbm3.dll
%ProgramFiles%\rootcert\Tools\nss3.dll
%ProgramFiles%\rootcert\Tools\nonspr10.exe
%ProgramFiles%\rootcert\Tools\nspr4.dll
%ProgramFiles%\rootcert\Tools\strsclnt.exe
%ProgramFiles%\rootcert\Tools\symkeyutil.exe
%ProgramFiles%\rootcert\Tools\ssltap.exe
%ProgramFiles%\rootcert\Tools\sqlite3.dll
%ProgramFiles%\rootcert\Tools\ssl3.dll
%TEMP%\nsd2.tmp\nsProcess.dll
%ProgramFiles%\rootcert\uninstall_rootcert.exe
%ProgramFiles%\rootcert\Tools\vfyserv.exe
%ProgramFiles%\rootcert\Tools\tstclnt.exe
%ProgramFiles%\rootcert\Tools\vfychain.exe
%ProgramFiles%\rootcert\Tools\softokn3.dll
%ProgramFiles%\rootcert\Tools\sdrtest.exe
%ProgramFiles%\rootcert\Tools\secmod.db
%ProgramFiles%\rootcert\Tools\rsaperf.exe
%ProgramFiles%\rootcert\Tools\pp.exe
%ProgramFiles%\rootcert\Tools\remtest.exe
%ProgramFiles%\rootcert\Tools\signver.exe
%ProgramFiles%\rootcert\Tools\smime3.dll
%ProgramFiles%\rootcert\Tools\signtool.exe
%ProgramFiles%\rootcert\Tools\selfserv.exe
%ProgramFiles%\rootcert\Tools\shlibsign.exe
%ProgramFiles%\rootcert\Tools\mozcrt19.dll
%ProgramFiles%\rootcert\Tools\chktest.exe
%ProgramFiles%\rootcert\Tools\cmsutil.exe
%ProgramFiles%\rootcert\Tools\checkcert.exe
%ProgramFiles%\rootcert\Tools\certmgr.exe
%ProgramFiles%\rootcert\Tools\certutil.exe
%ProgramFiles%\rootcert\Tools\cp_rootca.cer
%ProgramFiles%\rootcert\Tools\cp_scb_ca.cer
%ProgramFiles%\rootcert\Tools\cp_networking_ca.cer
%ProgramFiles%\rootcert\Tools\conflict.exe
%ProgramFiles%\rootcert\Tools\cp_intermediate_sslca.cer
%ProgramFiles%\rootcert\Tools\certcgi.exe
%ProgramFiles%\rootcert\Tools\README.md
%ProgramFiles%\rootcert\Tools\addbuiltin.exe
%ProgramFiles%\rootcert\Tools\LICENSE
%TEMP%\nsd2.tmp\System.dll
%ProgramFiles%\rootcert\Tools\COPYING
%ProgramFiles%\rootcert\Tools\btoa.exe
%ProgramFiles%\rootcert\Tools\cert8.db
%ProgramFiles%\rootcert\Tools\bltest.exe
%ProgramFiles%\rootcert\Tools\atob.exe
%ProgramFiles%\rootcert\Tools\baddbdir.exe
%ProgramFiles%\rootcert\Tools\libnspr4.dll
%ProgramFiles%\rootcert\Tools\libplc4.dll
%ProgramFiles%\rootcert\Tools\libiconv2.dll
%ProgramFiles%\rootcert\Tools\jss4.dll
%ProgramFiles%\rootcert\Tools\key3.db
%ProgramFiles%\rootcert\Tools\minigzip.exe
%ProgramFiles%\rootcert\Tools\modutil.exe
%ProgramFiles%\rootcert\Tools\mangle.exe
%ProgramFiles%\rootcert\Tools\libplds4.dll
%ProgramFiles%\rootcert\Tools\makepqg.exe
%ProgramFiles%\rootcert\Tools\gtest132.dll
%ProgramFiles%\rootcert\Tools\derdump.exe
%ProgramFiles%\rootcert\Tools\dertimetest.exe
%ProgramFiles%\rootcert\Tools\dbtest.exe
%ProgramFiles%\rootcert\Tools\crlutil.exe
%ProgramFiles%\rootcert\Tools\crmftest.exe
%ProgramFiles%\rootcert\Tools\fipstest.exe
%ProgramFiles%\rootcert\Tools\freebl3.dll
%ProgramFiles%\rootcert\Tools\example.exe
%ProgramFiles%\rootcert\Tools\digest.exe
%ProgramFiles%\rootcert\Tools\encodeinttest.exe

Другое:

Добавляет корневой сертификат

Ищет следующие окна:

ClassName: '#32770' WindowName: ''

Создает и запускает на исполнение:

'%ProgramFiles%\rootcert\Tools\certutil.exe' -A -n "CAN-PACK Intermediate SSL CA" -i "cp_intermediate_sslca.cer" -t "C,C,C" -d "%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default"
'%ProgramFiles%\rootcert\Tools\certutil.exe' -A -n "CAN-PACK Root CA" -i "cp_rootca.cer" -t "C,C,C" -d "%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default"
'%ProgramFiles%\rootcert\Tools\certutil.exe' -A -n "CAN-PACK SCB CA" -i "cp_scb_ca.cer" -t "C,C,C" -d "%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default"
'%ProgramFiles%\rootcert\Tools\certutil.exe' -A -n "CAN-PACK Networking CA" -i "cp_networking_ca.cer" -t "C,C,C" -d "%APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default"
'%ProgramFiles%\rootcert\Tools\certmgr.exe' -all -add cp_intermediate_sslca.cer -s -r localMachine root
'%ProgramFiles%\rootcert\Tools\certmgr.exe' -all -add cp_rootca.cer -s -r localMachine root
'%ProgramFiles%\rootcert\Tools\certmgr.exe' -all -add cp_scb_ca.cer -s -r localMachine root
'%ProgramFiles%\rootcert\Tools\certmgr.exe' -all -add cp_networking_ca.cer -s -r localMachine root