Trojan.DownLoader30.25164

Техническая информация

Для обеспечения автозапуска и распространения

Модифицирует следующие ключи реестра

[<HKCU>\Software\Classes\Applications\SoShare.exe\shell\open\command] '' = '"%APPDATA%\SoShare\SoShare.exe" "%1"'

Изменения в файловой системе

Создает следующие файлы

%APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\59d5abebbf0120d65f8c8f57b65e8cb0_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
%APPDATA%\soshare\apps\3609fc884502a1df0aa5d9d160c827bb1bd51fc9.btapp
%APPDATA%\soshare\apps.btapp
%TEMP%\utta7c3.tmp
%TEMP%\utta7c2.tmp
%TEMP%\utta7c1.tmp
%TEMP%\utta7c0.tmp
%APPDATA%\soshare\app.1569751221.tmp
%APPDATA%\microsoft\crypto\rsa\s-1-5-21-1960123792-2022915161-3775307078-1001\387df63825841d0b70c184169dbc9aa5_36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee
%APPDATA%\soshare\apps\plus.btapp
%APPDATA%\soshare\apps\player.btapp
%APPDATA%\soshare\apps\welcome-upsell.btapp
%APPDATA%\soshare\apps\featuredcontent.btapp
%APPDATA%\microsoft\internet explorer\quick launch\soshare.lnk
C:\users\public\desktop\soshare.lnk
%PROGRAMDATA%\microsoft\windows\start menu\soshare.lnk
%APPDATA%\soshare\soshare.exe
%APPDATA%\soshare\settings.dat.new
%TEMP%\uttb2ff.tmp
%APPDATA%\soshare\dlimagecache\10e6fbe4d921b475fa5fec6e9a535a540d6feed1

Удаляет следующие файлы

%APPDATA%\soshare\app.1569751221.tmp
%TEMP%\utta7c1.tmp
%TEMP%\utta7c0.tmp
%TEMP%\utta7c3.tmp
%TEMP%\utta7c2.tmp
%APPDATA%\soshare\apps.btapp

Перемещает следующие файлы

%APPDATA%\soshare\settings.dat.new в %APPDATA%\soshare\settings.dat
%APPDATA%\soshare\settings.dat в %APPDATA%\soshare\settings.dat.old

Подменяет следующие файлы

%APPDATA%\soshare\settings.dat.new
%APPDATA%\soshare\settings.dat
%APPDATA%\soshare\app.1569751221.tmp

Сетевая активность

TCP

Запросы HTTP GET

http://ap##.#ittorrent.com/featuredcontent/featuredcontent.btapp
http://up####.utorrent.com/installstats.php?cl###############################################################################################################################
http://ap##.#ittorrent.com/utorrent-onboarding/welcome-upsell.btapp
http://ap##.#ittorrent.com/utorrent-onboarding/player.btapp
http://ap##.#ittorrent.com/utorrent-onboarding/plus2.btapp
http://ap##.#ittorrent.com/featuredcontent/featuredcontent.btapp?h=#########################################################
http://ap##.#ittorrent.com/utorrent-onboarding/player.btapp?h=#########################################################
http://ap##.#ittorrent.com/utorrent-onboarding/plus2.btapp?h=#########################################################
http://ap##.#ittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=#########################################################
http://ap##.#ittorrent.com/discoverContent/discoverContent.btapp?h=#########################################################
http://www.bi###rrent.com/favicon.ico
http://www.mi###ova.org/favicon.ico
http://10.#.73.9:16879/

UDP

DNS ASK ap##.#ittorrent.com
DNS ASK up####.utorrent.com
DNS ASK mi###ova.org
DNS ASK up####.bittorrent.com
DNS ASK ro####.bittorrent.com
DNS ASK ro####.utorrent.com
DNS ASK bi###rrent.com
'18#.#7.128.215':10144
'12#.#92.231.220':1050
'5.##.18.15':57459
'81.##.49.169':61239
'41.##0.161.11':42459
'19#.#31.44.132':55669
'54.##4.124.68':6882
'18#.#6.71.15':40959
'10#.#5.53.179':32136
'95.##1.153.78':53000
'45.##.188.91':6881
'13#.47.65.3':13698
'18#.#3.197.151':1024
'85.##.58.186':6916
'54.##4.62.55':6881
'17#.#2.208.124':6881
'22#.#51.166.78':17125
'35.##7.186.212':6881
'17#.#55.211.66':6881
'49.##.23.254':8621
'35.##3.251.58':6882
'22#.#86.123.40':12243
'65.##.128.215':6881
'95.#2.9.126':6881
'93.##5.11.66':8621
'71.##0.105.86':50321
'10#.#45.124.219':51413
'10#.#51.238.147':6882
'19#.#68.179.211':1037
'80.##.200.73':52699
'88.##5.80.180':28885
'41.#3.36.36':34842
'10#.#35.15.207':50321
'85.##3.103.197':6881
'88.##7.173.196':6662
'95.##.179.221':49001
'5.##.73.24':50322
'85.##5.58.28':6881
'19#.#31.44.132':49375
'91.##6.28.191':64685
'5.###.210.73':42037
'94.##.207.228':51413
'10#.#52.91.192':6222
'18#.#90.132.209':1028
'91.##0.29.23':58750
'46.##2.217.87':58393
'54.##.218.23':6892
'10#.#2.210.72':6881
'37.##1.230.78':28902
'16#.#72.103.92':6881
'35.##6.105.29':6992
'10#.#37.149.26':64879
'35.##6.192.121':6892
'88.##3.168.247':8621
'21#.#40.199.146':6987
'18#.#1.248.180':47441
'94.##.162.237':54766
'54.##4.105.212':6881
'19#.#68.97.146':6881
'17#.#08.191.146':27716
'10#.#68.244.90':6881
'69.##.224.54':6881
'31.##1.72.44':40029
'5.##.64.113':60755
'61.##.243.164':6881
'80.##.179.69':34271
'13#.#01.76.4':41303
'75.#4.6.119':55013
'11#.#00.188.35':1051
'31.##2.176.213':5641
'11#.#6.114.54':25297
'1.##.204.23':64248
'18#.#28.167.220':1047
'11#.#4.93.23':6884
'21#.#4.163.254':50239
'10#.#17.212.216':1664
'93.##3.210.15':6881
'86.#.9.52':51413
'41.##6.199.52':15063
'18#.#7.38.78':39526
'19#.#54.172.169':35182
'18#.#7.212.158':6889
'73.##4.176.80':6889
'12#.#93.70.166':9228
'19#.#8.15.105':6884
'21#.#7.135.229':38387
'35.##1.49.86':6892
'17#.#05.67.211':6881
'11#.#05.227.187':51413
'15#.#5.220.133':61597
'71.##7.46.19':1024
'86.##5.173.170':1024
'22#.#1.208.57':5128
'46.##0.72.102':10741
'10#.#04.179.211':6933
'21#.#37.244.150':16905
'10#.#08.104.130':21590
'22#.#86.123.40':12395
'83.##7.95.178':17930
'67.##1.146.122':6882
'50.##.192.129':21432
'42.##1.141.172':8999
'59.##1.211.125':6881
'67.##2.207.105':50321
'37.##7.104.176':51413
'89.##9.6.231':57861
'77.##3.176.143':6882
'39.##.157.23':1024
'91.##7.46.19':10547
'17#.#49.37.204':16881
'67.##6.132.20':6881
'54.##.28.180':6881
'24.##.163.63':51413
'80.##7.164.25':6889
'18#.#46.35.92':49160
'11#.#4.145.202':7713
'17#.#4.180.29':1143
'15#.#0.142.21':6881
'10#.#11.10.242':24407
'41.##.191.33':50321
'18#.#8.235.193':1179
'49.##9.76.37':41132
'18#.#.236.168':53561
'37.##1.236.168':61835
'95.##0.141.183':6881
'13#.#19.216.5':6881
'77.##9.24.233':61271
'91.##.205.183':63594
'83.##0.205.183':61137
'72.##.216.197':50321
'21#.#2.11.96':31190
'18#.#6.44.155':55305
'10#.#46.241.171':6881
'19#.#6.248.80':6881
'27.#.55.124':59820
'22#.#86.157.10':2707
'18#.#8.235.193':2593
'74.##.111.238':6883
'94.##2.171.1':26473
'20#.#46.73.143':8169
'36.##.221.157':56740
'18#.#26.233.107':51413
'20#.#0.90.32':6881
'17#.#9.61.210':6881
'77.##2.53.234':6882
'17#.#01.46.15':56461
'42.##6.151.25':47912
'94.##.110.15':17611
'5.##8.39.26':49001
'19#.#0.89.142':3618
'95.##6.87.241':6881
'62.##2.250.151':56658
'18#.#19.65.160':6883
'85.##.218.207':6885
'95.##.23.241':44789
'11#.#04.3.61':41027
'79.##8.102.15':8621
'10#.#52.17.38':4032
'37.##8.253.13':4875
'20#.#1.34.34':16005
'5.#.67.240':2910
'54.##.218.23':6992
'17#.#6.87.221':1086
'15#.#1.140.37':1024
'10#.#56.17.38':48248
'63.##1.252.18':6881
'91.##0.121.246':27032
'10#.#8.161.79':3013
'17#.#3.201.147':54768
'14#.#55.152.233':1024
'11#.#9.143.68':20067
'31.#.89.123':6881
'81.##6.206.146':6881
'5.#.49.171':6881
'97.#5.254.7':6881
'94.##9.106.83':51861
'18#.#67.254.47':54899
'18#.#7.201.141':9030
'94.##.106.83':51400
'5.##.116.228':57985
'17#.#8.159.128':60165
'13#.#19.216.5':6884
'59.##6.121.37':20705
'88.##3.88.197':44331
'19#.#31.44.132':55631
'80.##.218.166':6881
'12#.#99.123.58':21776
'79.##3.117.216':8621
'83.##.126.162':51413
'18#.#08.153.151':6361
'15#.#32.5.251':6881
'62.##.98.206':6881
'35.##6.104.49':6992
'10#.#8.31.128':6889
'15#.#81.42.83':19990
'20#.#4.104.2':16881
'21#.#29.19.188':44264
'12#.#8.173.214':26477
'22#.#0.21.75':62922
'46.##8.49.56':51413
'51.##1.70.187':6882
'17#.#81.112.57':8074
'73.##9.1.120':6881
'95.##.13.183':58726
'21#.#19.84.114':51513
'31.##2.176.78':1543
'81.#5.76.37':22515
'91.##0.121.246':60231
'21#.#2.11.96':41086
'41.##0.139.96':44420
'76.##7.152.197':6881
'82.##2.237.22':43127
'82.##3.98.206':50305
'18#.#2.171.67':51413
'36.##0.227.92':55334
'17#.#15.228.25':36110
'16#.#72.29.31':51413
'17#.#1.255.152':6881
'94.#5.94.18':37612
'22#.#45.55.202':59463
'10#.#50.184.80':6881
'82.##3.98.206':4127
'17#.#12.219.242':4445
'94.##3.225.111':40795
'17#.#5.149.96':46388
'18#.#46.85.15':6881
'10#.#75.219.8':6881
'91.#15.70.0':57570
'18#.#30.254.119':38797
'5.##9.89.4':61036
'12#.#54.205.183':26470
'17#.#8.67.14':62348
'12#.#61.121.166':57081
'10#.#1.240.75':26085
'11#.#4.255.41':41017
'11#.#1.176.54':63680
'1.###.81.115':9862
'86.##2.29.55':6881
'17#.#9.97.65':35815
'17#.#8.171.169':40992
'82.#.96.30':6881
'17#.#07.225.65':26301
'18#.#47.149.0':6881
'16#.#53.116.154':33460
'90.##9.187.131':6881
'95.##1.221.134':52138
'17#.#2.224.211':10169
'50.##0.136.108':57599
'15#.#2.99.244':6881
'5.##9.81.14':8621
'88.##0.215.181':11880
'10#.#4.139.180':27686
'1.###.108.94':42291
'91.##1.171.223':6881
'22#.#18.15.161':51413
'23.##9.5.109':6881
'94.##4.31.232':1027
'15#.#81.44.236':31688
'13#.52.78.6':6881
'36.##5.131.106':8153
'13.##4.205.93':6992
'76.##8.245.191':50321
'85.##.218.207':6887
'21#.#4.149.120':6881
'62.##0.162.54':6881
'5.#.67.240':1910
'54.##9.131.199':6992
'83.##.16.176':8621
'37.##6.56.74':40793
'17#.#25.77.153':8999
'75.##6.182.50':6881
'5.###.163.200':51414
'31.##8.33.10':37790
'89.##2.51.143':36301
'81.##0.0.245':50413
'46.##7.94.164':63919
'89.##.79.102':53944
'5.###.188.23':6923
'95.##7.39.13':64878
'46.##5.4.137':49160
'20#.#4.49.90':10436
'68.##.241.90':60764
'17#.#49.4.137':62943
'17#.#13.196.137':6881
'37.##4.144.18':24874
'5.##.38.81':8621
'50.#4.90.24':51012
'82.##7.226.102':6881
'17#.#98.80.193':16314
'58.##3.126.66':11873
'62.##0.192.64':55131
'17#.9.45.8':57844
'93.##.245.64':6881
'11#.#95.161.220':40837
'5.#.71.240':51413
'22#.#90.26.51':16439
'85.##9.237.33':6881
'18#.#20.40.142':60819
'17#.#4.11.67':6882
'93.#0.20.82':6881
'82.##.147.215':27196
'17#.#08.241.60':8999
'5.###.104.164':51412
'18#.#3.85.35':6889
'23#.#55.255.250':1900
'82.##6.243.87':43611
'<LOCALNET>.73.1':5351
'ro####.bittorrent.com':6881
'15#.#0.41.113':57132
'94.##.107.36':40738
'ro####.utorrent.com':6881
'86.##.182.227':56790
'17#.#27.161.205':32345
'54.##.219.64':45275
'86.##.104.79':6881
'10#.#97.30.130':39100
'17#.#2.148.22':6881
'14.##7.184.102':6881
'5.##.93.112':6881
'14#.#.179.99':27257
'21#.#8.102.4':41994
'12#.#3.175.14':52952
'98.##8.37.35':50321
'11#.#9.150.39':54761
'13#.#8.55.209':6000
'92.##4.82.69':42997
'98.##2.148.146':10108
'19#.#67.222.70':6881
'11#.#9.43.202':16001
'11#.#00.40.142':13345
'12#.#3.16.240':43303
'10#.#72.77.201':6881
'19#.#7.64.17':6881
'2.##.238.89':20991
'46.##1.233.28':6881
'19#.13.62.6':6881
'10#.#18.154.24':9904
'41.##6.224.79':1500
'15#.#27.150.39':31321
'17#.#8.163.244':17001
'78.##7.150.39':6889
'17#.#3.208.240':6881
'17#.1.53.94':6881
'83.##.232.248':51414
'21#.#06.89.63':16729
'21#.#4.165.35':7687
'35.##5.88.87':6992
'80.##8.225.151':58598
'19#.#7.66.103':58704
'47.##5.97.58':45284
'10#.#0.131.209':59247
'14#.#29.172.7':6881
'78.#35.5.46':1027
'52.#.119.28':51413
'18#.#57.245.99':64314
'5.###.188.23':57896
'18#.#33.24.168':16600
'73.##1.241.133':6881
'21#.#49.51.164':53280
'15#.#4.128.160':63852
'19#.#88.105.153':6881
'79.##.65.104':35095
'86.##2.2.107':58485
'69.##7.156.250':6881
'11#.#24.68.188':48167
'17#.#55.5.46':20186
'10#.#09.13.153':43709
'45.#7.11.78':50321
'12#.#47.191.15':50994
'12#.#53.216.168':24023
'79.##.138.220':35232
'22#.#10.25.58':40690
'22#.#88.40.12':51413
'11#.#18.76.11':65418
'86.##7.11.164':27740
'46.##8.226.86':6881
'93.##2.125.255':58691
'17#.#34.123.40':50345
'49.#.45.37':6881
'10#.#74.115.117':6216
'47.##.124.237':42260
'75.#4.6.119':48034
'93.##.150.110':59945
'17#.#8.162.7':51413
'21#.#.51.164':22507
'16#.#77.186.122':33931
'77.##2.115.117':1338
'18#.#12.62.157':1027
'95.##9.77.153':3073
'15#.#04.132.188':38088
'12#.#28.160.82':54129
'54.##.174.84':6881
'98.##6.99.241':57617
'95.##1.198.166':1048
'18#.#85.145.252':59212
'31.##5.55.82':1025
'21#.#65.115.164':58867
'13#.#04.192.160':32214
'60.##5.117.99':1089
'58.##.162.86':3471
'95.##.198.119':44815
'95.##.193.227':33857
'14.#.30.236':54603
'93.##3.180.48':29905
'10#.#73.30.214':6881
'31.##.198.119':26165
'69.##.192.160':6881
'12#.#38.168.74':55020
'2.##.48.200':6881
'78.#5.4.137':4102
'21#.#21.187.110':25377
'11#.#35.123.10':1025
'11#.#32.12.225':9602
'11#.#2.122.67':16762
'95.##.243.146':55142
'23.##.13.153':50321
'47.#6.72.93':38484
'18#.#30.199.144':55604
'93.##0.183.164':16800
'91.##9.169.67':57052
'87.##6.190.157':25849
'94.##5.143.25':63930
'62.##.59.171':1030
'85.##9.75.78':57720
'35.##5.156.153':6881
'35.##6.48.52':6892
'14#.#72.126.152':10241
'76.##.133.27':29216
'18#.#3.118.31':26924
'68.##1.66.94':50321
'13#.#01.28.39':6881
'10#.#6.56.74':53049
'21#.#1.205.153':54312
'11#.#37.204.195':35885
'31.#.211.19':13883
'15#.#27.245.115':50321
'11#.#37.110.201':6881
'37.##.111.176':64906
'21#.43.1.50':47546
'37.##3.107.252':6881
'10#.#9.228.125':40206
'19#.#54.185.48':55151
'10#.#9.96.59':51413
'21#.#36.79.238':33454
'54.##.159.245':49358
'24.##.13.115':8999
'45.#7.11.78':50322
'19#.#54.136.92':55051
'2.##.70.79':49001
'5.###.184.82':64628
'11#.#0.219.38':5690
'21#.#7.120.172':13351
'95.##.249.216':19377
'95.##9.77.153':3075
'17#.#55.203.78':50321
'11#.#70.94.109':29488
'89.##9.204.180':8621
'10#.#93.63.229':8272
'21#.#1.249.50':43062
'12#.#1.121.50':49747
'61.##8.217.224':57069
'78.##.191.229':49138
'20#.#02.190.119':18553
'78.##2.169.74':22855

Другое

Ищет следующие окна

ClassName: 'SoShare4823DF041B09' WindowName: ''

Создает и запускает на исполнение

'%APPDATA%\soshare\soshare.exe' /STARTAPP /NOINSTALL /BRINGTOFRONT

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней