Техническая информация
Вредоносные функции:
Для затруднения выявления своего присутствия в системе
блокирует запуск следующих системных утилит:
- Диспетчера задач (Taskmgr)
Запускает на исполнение:
- <SYSTEM32>\cmd.exe /c pocik.bat
- <SYSTEM32>\reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v pocikRun /t REG_SZ /d <SYSTEM32>\ & cat & \pocik.exe /f
- <SYSTEM32>\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d "1" /f
Изменения в файловой системе:
Создает следующие файлы:
- C:\Inst.exe
- C:\System Volume Information\_restore{E7F0F64C-F7E5-4319-8757-E9A20C1C4E14}\RP15\RestorePointSize
- <SYSTEM32>\1905444_6923_2365823\pocik.exe
- <Текущая директория>\pocik.bat
Удаляет следующие файлы:
- <SYSTEM32>\cryptnet.dll
- <SYSTEM32>\cryptsvc.dll
- <SYSTEM32>\cryptui.dll
- <SYSTEM32>\cryptdlg.dll
- <SYSTEM32>\cryptdll.dll
- <SYSTEM32>\cryptext.dll
- <SYSTEM32>\cscdll.dll
- <SYSTEM32>\ctl3d32.dll
- <SYSTEM32>\ctl3dv2.dll
- <SYSTEM32>\cygwin1.dll
- <SYSTEM32>\cscui.dll
- <SYSTEM32>\csrsrv.dll
- <SYSTEM32>\csseqchk.dll
- <SYSTEM32>\comres.dll
- <SYSTEM32>\comsnap.dll
- <SYSTEM32>\comsvcs.dll
- <SYSTEM32>\compobj.dll
- <SYSTEM32>\compstui.dll
- <SYSTEM32>\comrepl.dll
- <SYSTEM32>\comuid.dll
- <SYSTEM32>\credui.dll
- <SYSTEM32>\crtdll.dll
- <SYSTEM32>\crypt32.dll
- <SYSTEM32>\confmsp.dll
- <SYSTEM32>\console.dll
- <SYSTEM32>\corpol.dll
- <SYSTEM32>\d3d8.dll
- <SYSTEM32>\dbnmpntw.dll
- <SYSTEM32>\dciman32.dll
- <SYSTEM32>\ddeml.dll
- <SYSTEM32>\dbghelp.dll
- <SYSTEM32>\dbmsrpcn.dll
- <SYSTEM32>\dbnetlib.dll
- <SYSTEM32>\ddraw.dll
- <SYSTEM32>\deskperf.dll
- <SYSTEM32>\devenum.dll
- <SYSTEM32>\devmgr.dll
- <SYSTEM32>\ddrawex.dll
- <SYSTEM32>\deskadp.dll
- <SYSTEM32>\deskmon.dll
- <SYSTEM32>\d3dim700.dll
- <SYSTEM32>\d3dpmesh.dll
- <SYSTEM32>\d3dramp.dll
- <SYSTEM32>\d3d8thk.dll
- <SYSTEM32>\d3d9.dll
- <SYSTEM32>\d3dim.dll
- <SYSTEM32>\d3drm.dll
- <SYSTEM32>\datime.dll
- <SYSTEM32>\davclnt.dll
- <SYSTEM32>\dbgeng.dll
- <SYSTEM32>\d3dxof.dll
- <SYSTEM32>\danim.dll
- <SYSTEM32>\dataclen.dll
- <SYSTEM32>\cc3280mt.dll
- <SYSTEM32>\cc3290.dll
- <SYSTEM32>\cc3290mt.dll
- <SYSTEM32>\cc3270.dll
- <SYSTEM32>\cc3270mt.dll
- <SYSTEM32>\cc3280.dll
- <SYSTEM32>\ccfgnt.dll
- <SYSTEM32>\cdosys.dll
- <SYSTEM32>\certcli.dll
- <SYSTEM32>\certmgr.dll
- <SYSTEM32>\cdfview.dll
- <SYSTEM32>\cdm.dll
- <SYSTEM32>\cdmodem.dll
- <SYSTEM32>\camocx.dll
- <SYSTEM32>\capesnpn.dll
- <SYSTEM32>\cards.dll
- <SYSTEM32>\btpanui.dll
- <SYSTEM32>\cabinet.dll
- <SYSTEM32>\cabview.dll
- <SYSTEM32>\catsrv.dll
- <SYSTEM32>\cc3250mt.dll
- <SYSTEM32>\cc3260.dll
- <SYSTEM32>\cc3260mt.dll
- <SYSTEM32>\catsrvps.dll
- <SYSTEM32>\catsrvut.dll
- <SYSTEM32>\cc3250.dll
- <SYSTEM32>\cewmdm.dll
- <SYSTEM32>\cnbjmon.dll
- <SYSTEM32>\cnetcfg.dll
- <SYSTEM32>\cnvfat.dll
- <SYSTEM32>\cmprops.dll
- <SYSTEM32>\cmsetACL.dll
- <SYSTEM32>\cmutil.dll
- <SYSTEM32>\colbact.dll
- <SYSTEM32>\comdlg32.dll
- <SYSTEM32>\commdlg.dll
- <SYSTEM32>\compatUI.dll
- <SYSTEM32>\comaddin.dll
- <SYSTEM32>\comcat.dll
- <SYSTEM32>\comctl32.dll
- <SYSTEM32>\cic.dll
- <SYSTEM32>\ciodm.dll
- <SYSTEM32>\clb.dll
- <SYSTEM32>\cfgbkend.dll
- <SYSTEM32>\cfgmgr32.dll
- <SYSTEM32>\ciadmin.dll
- <SYSTEM32>\clbcatex.dll
- <SYSTEM32>\cmcfg32.dll
- <SYSTEM32>\cmdial32.dll
- <SYSTEM32>\cmpbk32.dll
- <SYSTEM32>\clbcatq.dll
- <SYSTEM32>\cliconfg.dll
- <SYSTEM32>\clusapi.dll
- <SYSTEM32>\dfrgres.dll
- <SYSTEM32>\dsquery.dll
- <SYSTEM32>\dssec.dll
- <SYSTEM32>\dssenh.dll
- <SYSTEM32>\dsound3d.dll
- <SYSTEM32>\dsprop.dll
- <SYSTEM32>\dsprpres.dll
- <SYSTEM32>\dsuiext.dll
- <SYSTEM32>\dx8vb.dll
- <SYSTEM32>\dxdiagn.dll
- <SYSTEM32>\dxmasf.dll
- <SYSTEM32>\dswave.dll
- <SYSTEM32>\duser.dll
- <SYSTEM32>\dx7vb.dll
- <SYSTEM32>\drmv2clt.dll
- <SYSTEM32>\drprov.dll
- <SYSTEM32>\ds16gt.dLL
- <SYSTEM32>\dpwsockx.dll
- <SYSTEM32>\drmclien.dll
- <SYSTEM32>\drmstor.dll
- <SYSTEM32>\ds32gt.dll
- <SYSTEM32>\dskquota.dll
- <SYSTEM32>\dskquoui.dll
- <SYSTEM32>\dsound.dll
- <SYSTEM32>\dsauth.dll
- <SYSTEM32>\dsdmo.dll
- <SYSTEM32>\dsdmoprp.dll
- <SYSTEM32>\dxtmsft.dll
- <SYSTEM32>\exts.dll
- <SYSTEM32>\faultrep.dll
- <SYSTEM32>\fde.dll
- <SYSTEM32>\evr.dll
- <SYSTEM32>\expsrv.dll
- <SYSTEM32>\extmgr.dll
- <SYSTEM32>\fdeploy.dll
- <SYSTEM32>\fltlib.dll
- <SYSTEM32>\fmifs.dll
- <SYSTEM32>\fontext.dll
- <SYSTEM32>\feclient.dll
- <SYSTEM32>\filemgmt.dll
- <SYSTEM32>\fldrclnr.dll
- <SYSTEM32>\els.dll
- <SYSTEM32>\encapi.dll
- <SYSTEM32>\encdec.dll
- <SYSTEM32>\dxtrans.dll
- <SYSTEM32>\dxva2.dll
- <SYSTEM32>\efsadu.dll
- <SYSTEM32>\EqnClass.Dll
- <SYSTEM32>\esentprf.dll
- <SYSTEM32>\eventcls.dll
- <SYSTEM32>\eventlog.dll
- <SYSTEM32>\ersvc.dll
- <SYSTEM32>\esent.dll
- <SYSTEM32>\esent97.dll
- <SYSTEM32>\dispex.dll
- <SYSTEM32>\dmband.dll
- <SYSTEM32>\dmcompos.dll
- <SYSTEM32>\dinput.dll
- <SYSTEM32>\dinput8.dll
- <SYSTEM32>\diskcopy.dll
- <SYSTEM32>\dmconfig.dll
- <SYSTEM32>\dmime.dll
- <SYSTEM32>\dmintf.dll
- <SYSTEM32>\dmloader.dll
- <SYSTEM32>\dmdlgs.dll
- <SYSTEM32>\dmdskmgr.dll
- <SYSTEM32>\dmdskres.dll
- <SYSTEM32>\dfsshlex.dll
- <SYSTEM32>\dgnet.dll
- <SYSTEM32>\dgrpsetu.dll
- <SYSTEM32>\dfrgsnap.dll
- <SYSTEM32>\dfrgui.dll
- <SYSTEM32>\dfshim.dll
- <SYSTEM32>\dgsetup.dll
- <SYSTEM32>\diactfrm.dll
- <SYSTEM32>\digest.dll
- <SYSTEM32>\dimap.dll
- <SYSTEM32>\dhcpcsvc.dll
- <SYSTEM32>\dhcpmon.dll
- <SYSTEM32>\dhcpsapi.dll
- <SYSTEM32>\dmocx.dll
- <SYSTEM32>\dpnhpast.dll
- <SYSTEM32>\dpnhupnp.dll
- <SYSTEM32>\dpnlobby.dll
- <SYSTEM32>\dpmodemx.dll
- <SYSTEM32>\dpnaddr.dll
- <SYSTEM32>\dpnet.dll
- <SYSTEM32>\dpnmodem.dll
- <SYSTEM32>\dpvoice.dll
- <SYSTEM32>\dpvvox.dll
- <SYSTEM32>\dpwsock.dll
- <SYSTEM32>\dpnwsock.dll
- <SYSTEM32>\dpserial.dll
- <SYSTEM32>\dpvacm.dll
- <SYSTEM32>\dmsynth.dll
- <SYSTEM32>\dmusic.dll
- <SYSTEM32>\dmutil.dll
- <SYSTEM32>\dmscript.dll
- <SYSTEM32>\dmserver.dll
- <SYSTEM32>\dmstyle.dll
- <SYSTEM32>\dnsapi.dll
- <SYSTEM32>\dpcdll.dll
- <SYSTEM32>\dplay.dll
- <SYSTEM32>\dplayx.dll
- <SYSTEM32>\dnsrslvr.dll
- <SYSTEM32>\docprop.dll
- <SYSTEM32>\docprop2.dll
- <SYSTEM32>\bthserv.dll
- <DRIVERS>\msgpc.sys
- <DRIVERS>\mssmbios.sys
- <DRIVERS>\mup.sys
- <DRIVERS>\mrxdav.sys
- <DRIVERS>\mrxsmb.sys
- <DRIVERS>\msfs.sys
- <DRIVERS>\ndis.sys
- <DRIVERS>\ndproxy.sys
- <DRIVERS>\netbios.sys
- <DRIVERS>\netbt.sys
- <DRIVERS>\ndistapi.sys
- <DRIVERS>\ndisuio.sys
- <DRIVERS>\ndiswan.sys
- <DRIVERS>\kbdclass.sys
- <DRIVERS>\ks.sys
- <DRIVERS>\ksecdd.sys
- <DRIVERS>\ipsec.sys
- <DRIVERS>\irenum.sys
- <DRIVERS>\isapnp.sys
- <DRIVERS>\mcd.sys
- <DRIVERS>\mouclass.sys
- <DRIVERS>\mountmgr.sys
- <DRIVERS>\mqac.sys
- <DRIVERS>\mf.sys
- <DRIVERS>\mnmdd.sys
- <DRIVERS>\modem.sys
- <DRIVERS>\nic1394.sys
- <DRIVERS>\pci.sys
- <DRIVERS>\pciidex.sys
- <DRIVERS>\pcmcia.sys
- <DRIVERS>\parport.sys
- <DRIVERS>\partmgr.sys
- <DRIVERS>\parvdm.sys
- <DRIVERS>\processr.sys
- <DRIVERS>\rasl2tp.sys
- <DRIVERS>\raspppoe.sys
- <DRIVERS>\raspptp.sys
- <DRIVERS>\psched.sys
- <DRIVERS>\ptilink.sys
- <DRIVERS>\rasacd.sys
- <DRIVERS>\ntfs.sys
- <DRIVERS>\null.sys
- <DRIVERS>\nwlnkflt.sys
- <DRIVERS>\nikedrv.sys
- <DRIVERS>\nmnt.sys
- <DRIVERS>\npfs.sys
- <DRIVERS>\nwlnkfwd.sys
- <DRIVERS>\nwrdr.sys
- <DRIVERS>\oprghdlr.sys
- <DRIVERS>\p3.sys
- <DRIVERS>\nwlnkipx.sys
- <DRIVERS>\nwlnknb.sys
- <DRIVERS>\nwlnkspx.sys
- <DRIVERS>\bridge.sys
- <DRIVERS>\cbidf2k.sys
- <DRIVERS>\cdaudio.sys
- <DRIVERS>\audstub.sys
- <DRIVERS>\battc.sys
- <DRIVERS>\beep.sys
- <DRIVERS>\cdfs.sys
- <DRIVERS>\CmBatt.sys
- <DRIVERS>\compbatt.sys
- <DRIVERS>\cpqdap01.sys
- <DRIVERS>\cdrom.sys
- <DRIVERS>\cinemst2.sys
- <DRIVERS>\classpnp.sys
- <DRIVERS>\AGP440.SYS
- <DRIVERS>\amdk6.sys
- <DRIVERS>\amdk7.sys
- <DRIVERS>\acpi.sys
- <DRIVERS>\acpiec.sys
- <DRIVERS>\afd.sys
- <DRIVERS>\arp1394.sys
- <DRIVERS>\atmepvc.sys
- <DRIVERS>\atmlane.sys
- <DRIVERS>\atmuni.sys
- <DRIVERS>\asyncmac.sys
- <DRIVERS>\atapi.sys
- <DRIVERS>\atmarpc.sys
- <DRIVERS>\crusoe.sys
- <DRIVERS>\ftdisk.sys
- <DRIVERS>\http.sys
- <DRIVERS>\i8042prt.sys
- <DRIVERS>\fltMgr.sys
- <DRIVERS>\fsvga.sys
- <DRIVERS>\fs_rec.sys
- <DRIVERS>\imapi.sys
- <DRIVERS>\ipfltdrv.sys
- <DRIVERS>\ipinip.sys
- <DRIVERS>\ipnat.sys
- <DRIVERS>\intelide.sys
- <DRIVERS>\intelppm.sys
- <DRIVERS>\ip6fw.sys
- <DRIVERS>\dmio.sys
- <DRIVERS>\dmload.sys
- <DRIVERS>\dxapi.sys
- <DRIVERS>\disk.sys
- <DRIVERS>\dis<Служебное имя>.sys
- <DRIVERS>\dmboot.sys
- <DRIVERS>\dxg.sys
- <DRIVERS>\fdc.sys
- <DRIVERS>\fips.sys
- <DRIVERS>\flpydisk.sys
- <DRIVERS>\dxgthk.sys
- <DRIVERS>\<Служебное имя>.sys
- <DRIVERS>\fastfat.sys
- <DRIVERS>\raspti.sys
- <SYSTEM32>\apphelp.dll
- <SYSTEM32>\appmgmts.dll
- <SYSTEM32>\appmgr.dll
- <SYSTEM32>\alrsvc.dll
- <SYSTEM32>\amstream.dll
- <SYSTEM32>\apcups.dll
- <SYSTEM32>\asferror.dll
- <SYSTEM32>\atl.dll
- <SYSTEM32>\atl100.dll
- <SYSTEM32>\atmfd.dll
- <SYSTEM32>\aspnet_counters.dll
- <SYSTEM32>\asycfilt.dll
- <SYSTEM32>\atkctrs.dll
- <SYSTEM32>\admparse.dll
- <SYSTEM32>\adptif.dll
- <SYSTEM32>\adsldp.dll
- <SYSTEM32>\aclui.dll
- <SYSTEM32>\activeds.dll
- <SYSTEM32>\actxprxy.dll
- <SYSTEM32>\adsldpc.dll
- <SYSTEM32>\adsnw.dll
- <SYSTEM32>\advapi32.dll
- <SYSTEM32>\advpack.dll
- <SYSTEM32>\adsmsext.dll
- <SYSTEM32>\adsnds.dll
- <SYSTEM32>\adsnt.dll
- <SYSTEM32>\atmlib.dll
- <SYSTEM32>\bitsprx2.dll
- <SYSTEM32>\bitsprx3.dll
- <SYSTEM32>\blackbox.dll
- <SYSTEM32>\batmeter.dll
- <SYSTEM32>\batt.dll
- <SYSTEM32>\bidispl.dll
- <SYSTEM32>\bootvid.dll
- <SYSTEM32>\browseui.dll
- <SYSTEM32>\browsewm.dll
- <SYSTEM32>\bthci.dll
- <SYSTEM32>\borlndmm.dll
- <SYSTEM32>\browselc.dll
- <SYSTEM32>\browser.dll
- <SYSTEM32>\authz.dll
- <SYSTEM32>\autodisc.dll
- <SYSTEM32>\avicap.dll
- <SYSTEM32>\atmpvcno.dll
- <SYSTEM32>\atrace.dll
- <SYSTEM32>\audiosrv.dll
- <SYSTEM32>\avicap32.dll
- <SYSTEM32>\avtapi.dll
- <SYSTEM32>\avwav.dll
- <SYSTEM32>\basesrv.dll
- <SYSTEM32>\avifil32.dll
- <SYSTEM32>\avifile.dll
- <SYSTEM32>\avmeter.dll
- <DRIVERS>\sffdisk.sys
- <DRIVERS>\sffp_sd.sys
- <DRIVERS>\sfloppy.sys
- <DRIVERS>\secdrv.sys
- <DRIVERS>\serenum.sys
- <DRIVERS>\serial.sys
- <DRIVERS>\smclib.sys
- <DRIVERS>\stream.sys
- <DRIVERS>\swenum.sys
- <DRIVERS>\tape.sys
- <DRIVERS>\sonydcam.sys
- <DRIVERS>\sr.sys
- <DRIVERS>\srv.sys
- <DRIVERS>\rdpdr.sys
- <DRIVERS>\rdpwd.sys
- <DRIVERS>\redbook.sys
- <DRIVERS>\rawwan.sys
- <DRIVERS>\rdbss.sys
- <DRIVERS>\rdpcdd.sys
- <DRIVERS>\rio8drv.sys
- <DRIVERS>\rootmdm.sys
- <DRIVERS>\scsiport.sys
- <DRIVERS>\sdbus.sys
- <DRIVERS>\riodrv.sys
- <DRIVERS>\RMCast.sys
- <DRIVERS>\rndismp.sys
- <DRIVERS>\tcpip.sys
- <DRIVERS>\videoprt.sys
- <DRIVERS>\volsnap.sys
- <DRIVERS>\wanarp.sys
- <DRIVERS>\usbintel.sys
- <DRIVERS>\vdmindvd.sys
- <DRIVERS>\vga.sys
- <DRIVERS>\wmilib.sys
- <SYSTEM32>\aaaamon.dll
- <SYSTEM32>\acctres.dll
- <SYSTEM32>\acledit.dll
- <DRIVERS>\ws2ifsl.sys
- <DRIVERS>\xrwebvirtnet.sys
- <SYSTEM32>\6to4svc.dll
- <DRIVERS>\tdtcp.sys
- <DRIVERS>\termdd.sys
- <DRIVERS>\tosdvd.sys
- <DRIVERS>\tcpip6.sys
- <DRIVERS>\tdi.sys
- <DRIVERS>\tdpipe.sys
- <DRIVERS>\tsbvcap.sys
- <DRIVERS>\usb8023.sys
- <DRIVERS>\usbcamd.sys
- <DRIVERS>\usbcamd2.sys
- <DRIVERS>\tunmp.sys
- <DRIVERS>\udfs.sys
- <DRIVERS>\update.sys
Другое:
Ищет следующие окна:
- ClassName: 'Shell_TrayWnd' WindowName: ''
