Техническая информация
Вредоносные функции
Устанавливает процедуры перхвата сообщений
о нажатии клавиш клавиатуры:
- Библиотека-обработчик для всех процессов: <Текущая директория>\cfgdll.dll
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\19b4.tmp
- C:\aojian_game\antique_70_4_2.bmp
- C:\aojian_game\antique_70_4_3.bmp
- C:\aojian_game\antique_70_5_1.bmp
- C:\aojian_game\antique_70_5_2.bmp
- C:\aojian_game\antique_70_5_3.bmp
- C:\aojian_game\dan_jingyan.bmp
- C:\aojian_game\box_qiandao.bmp
- C:\aojian_game\man_yijingjin.bmp
- C:\aojian_game\pill_anqi.bmp
- C:\aojian_game\readme_360safe.gif
- C:\aojian_game\pill_yijing.bmp
- C:\aojian_game\man_chongqi.bmp
- C:\aojian_game\antique_70_3_3.bmp
- C:\aojian_game\antique_70_4_1.bmp
- C:\aojian_game\man_zhenlong.bmp
- C:\aojian_game\body_pill_2.bmp
- C:\aojian_game\body_pill_3.bmp
- C:\aojian_game\button_left_arrow_ft.bmp
- C:\aojian_game\button_right_arrow_ft.bmp
- C:\aojian_game\button_down_arrow_ft.bmp
- C:\aojian_game\button_down_arrow.bmp
- C:\aojian_game\button_left_arrow.bmp
- C:\aojian_game\button_right_arrow.bmp
- C:\aojian_game\select_ft.bmp
- C:\aojian_game\select.bmp
- C:\aojian_game\regdll.dll
- C:\aojian_game\dm.dll
- C:\aojian_game\body_pill_4.bmp
- C:\aojian_game\body_pill_1.bmp
- C:\aojian_game\aj_web.dll
- C:\aojian_game\font0_w7_ft.txt
- C:\aojian_game\antique_70_2_3.bmp
- C:\aojian_game\pill_rade4.bmp
- C:\aojian_game\pill_rade5.bmp
- C:\aojian_game\pill_rade6.bmp
- C:\aojian_game\pill_tuteng.bmp
- C:\aojian_game\pill_yangtian.bmp
- C:\aojian_game\stone_selizhi.bmp
- C:\aojian_game\antique_60_1_1.bmp
- C:\aojian_game\antique_60_1_2.bmp
- C:\aojian_game\antique_60_1_3.bmp
- C:\aojian_game\antique_60_2_1.bmp
- C:\aojian_game\antique_60_2_2.bmp
- C:\aojian_game\antique_70_3_1.bmp
- C:\aojian_game\pill_rade2.bmp
- C:\aojian_game\antique_70_3_2.bmp
- C:\aojian_game\antique_60_2_3.bmp
- C:\aojian_game\antique_60_4_1.bmp
- C:\aojian_game\antique_60_4_2.bmp
- C:\aojian_game\antique_60_4_3.bmp
- C:\aojian_game\antique_60_5_1.bmp
- C:\aojian_game\antique_60_5_2.bmp
- C:\aojian_game\antique_60_5_3.bmp
- C:\aojian_game\antique_70_1_1.bmp
- C:\aojian_game\antique_70_1_2.bmp
- C:\aojian_game\antique_70_1_3.bmp
- C:\aojian_game\antique_70_2_1.bmp
- C:\aojian_game\antique_70_2_2.bmp
- C:\aojian_game\antique_60_3_1.bmp
- C:\aojian_game\antique_60_3_2.bmp
- C:\aojian_game\antique_60_3_3.bmp
- C:\aojian_game\gem12.bmp
- C:\aojian_game\font2_w7_jt.txt
- C:\aojian_game\book_huichen.bmp
- C:\aojian_game\book_wuxue_putong.bmp
- C:\aojian_game\pill_huitidan.bmp
- C:\aojian_game\pill_jufadan.bmp
- C:\aojian_game\pill_xumingdan.bmp
- C:\aojian_game\rose_red.bmp
- C:\aojian_game\lock.bmp
- C:\aojian_game\trade.bmp
- C:\aojian_game\body_up1.bmp
- C:\aojian_game\body_up2.bmp
- C:\aojian_game\body_up3.bmp
- C:\aojian_game\body_up4.bmp
- C:\aojian_game\baozu_shenming.bmp
- C:\aojian_game\body_up5.bmp
- C:\aojian_game\book_wuxue_bangpai.bmp
- C:\aojian_game\body_up7.bmp
- C:\aojian_game\fruit1.bmp
- C:\aojian_game\fruit2.bmp
- C:\aojian_game\fruit3.bmp
- C:\aojian_game\man_shangsan.bmp
- C:\aojian_game\man_zhenglongtongren.bmp
- C:\aojian_game\rose1.bmp
- C:\aojian_game\rose2.bmp
- C:\aojian_game\rose3.bmp
- C:\aojian_game\rose4.bmp
- C:\aojian_game\rose5.bmp
- C:\aojian_game\stone_jinggang.bmp
- C:\aojian_game\body_up6.bmp
- C:\aojian_game\baozu_sanbi.bmp
- C:\aojian_game\body_up8.bmp
- C:\aojian_game\baozu_gongshu.bmp
- C:\aojian_game\baozu_gongji.bmp
- C:\aojian_game\font1_w7_jt.txt
- C:\aojian_game\font2_jt.txt
- C:\aojian_game\font2_w7_ft.txt
- C:\aojian_game\warn.mp3
- C:\aojian_game\font1_w7_ft.txt
- C:\aojian_game\font1_ft.txt
- C:\aojian_game\font1_w7_ft_2.txt
- C:\aojian_game\font1_w7_jt_2.txt
- C:\aojian_game\man_chuangguanlingpai.bmp
- C:\aojian_game\man_feilongmiji.bmp
- C:\aojian_game\man_huolongdan.bmp
- C:\aojian_game\man_hutishendan.bmp
- C:\aojian_game\man_jinzhongzaomijuan.bmp
- C:\aojian_game\man_qimenzhenfa.bmp
- C:\aojian_game\font2_ft.txt
- C:\aojian_game\man_shenzhaojingcaoben.bmp
- C:\aojian_game\man_taixuanmiji.bmp
- C:\aojian_game\man_taixugujuan.bmp
- C:\aojian_game\man_xianglongmiji.bmp
- C:\aojian_game\man_yuanqidan.bmp
- C:\aojian_game\man_zixiamiji.bmp
- C:\aojian_game\man_6maixuandan.bmp
- C:\aojian_game\man_7shangquanpu.bmp
- C:\aojian_game\man_9yinmiji.bmp
- C:\aojian_game\man_bagudan.bmp
- C:\aojian_game\man_beimingxinfa.bmp
- C:\aojian_game\baozu_baoji.bmp
- C:\aojian_game\baozu_fangyu.bmp
- C:\aojian_game\pill_rade1.bmp
- C:\aojian_game\man_shenzhaotishudan.bmp
- C:\aojian_game\pill_rade3.bmp
- C:\aojian_game\pill_dantian.bmp
- C:\aojian_game\pill_bow2.bmp
- C:\aojian_game\pill_bow1.bmp
- C:\aojian_game\captain_wry_ft.bmp
- C:\aojian_game\flash_play.bmp
- C:\aojian_game\font0_ft.txt
- C:\aojian_game\font0_jt.txt
- C:\aojian_game\font0_w7_jt.txt
- C:\aojian_game\rade_fight.bmp
- C:\aojian_game\rade_rade.bmp
- C:\aojian_game\readme_360.gif
- C:\aojian_game\readme_skill.gif
- C:\aojian_game\skill_7.bmp
- C:\aojian_game\skill_7_b.bmp
- C:\aojian_game\captain.bmp
- C:\aojian_game\buff_vip_ft.bmp
- C:\aojian_game\captain_wry.bmp
- C:\aojian_game\skill_8.bmp
- C:\aojian_game\skill_re_blood.bmp
- C:\aojian_game\skill_re_magic.bmp
- C:\aojian_game\teacher.bmp
- C:\aojian_game\skill_magic.bmp
- C:\aojian_game\skill_magic_ft.bmp
- C:\aojian_game\skill_ft.bmp
- C:\aojian_game\skill.bmp
- C:\aojian_game\book_man_1.bmp
- C:\aojian_game\book_man_2.bmp
- C:\aojian_game\book_rade_1.bmp
- C:\aojian_game\book_rade_2.bmp
- C:\aojian_game\skill_8_b.bmp
- C:\aojian_game\skill_can_be_update.bmp
- C:\aojian_game\skill_poison.bmp
- C:\aojian_game\button_hide_player.bmp
- C:\aojian_game\buff_vip.bmp
- C:\aojian_game\box_wansou.bmp
- %TEMP%\plugin.zip
- <Текущая директория>\plugin\window.dll
- <Текущая директория>\plugin\regdll.dll
- <Текущая директория>\plugin\file.dll
- <Текущая директория>\plugin\sys.dll
- %TEMP%\mymacro.zip
- <Текущая директория>\cfgdll.dll
- <Текущая директория>\shieldmodule.dat
- %APPDATA%\mymacro\qdisp.dll
- %TEMP%\1bb2186.tmp
- %TEMP%\1bb21d5.tmp
- %APPDATA%\qmacro\ocx\1bb6d027-43c2-48ae-93dc-906ca3b713f0\setupocxfile
- %APPDATA%\qmacro\shield\sd000.dat
- %TEMP%\19b5.tmp
- %APPDATA%\qmacro\shield\sd001.dat
- %APPDATA%\qmacro\shield\sd003.dat
- %APPDATA%\qmacro\shield\sd004.dat
- %APPDATA%\qmacro\shield\shield.ini
- <PATH_SAMPLE>.ini
- C:\aojian_game\bracket.bmp
- C:\aojian_game\bracket_w7.bmp
- C:\aojian_game\buff_100.bmp
- C:\aojian_game\buff_200.bmp
- C:\aojian_game\buff_300.bmp
- C:\aojian_game\buff_400.bmp
- C:\aojian_game\buff_500.bmp
- C:\aojian_game\buff_600.bmp
- C:\aojian_game\buff_700.bmp
- %APPDATA%\qmacro\shield\sd002.dat
- C:\aojian_game\stone_jinglian.bmp
- C:\aojian_game\font1_jt.txt
- C:\aojian_game\gem11.bmp
- C:\aojian_game\gem15.bmp
- C:\aojian_game\box1.bmp
- C:\aojian_game\box2.bmp
- C:\aojian_game\box3.bmp
- C:\aojian_game\arrow_11.bmp
- C:\aojian_game\arrow_12.bmp
- C:\aojian_game\arrow_13.bmp
- C:\aojian_game\arrow_14.bmp
- C:\aojian_game\arrow_15.bmp
- C:\aojian_game\arrow_16.bmp
- C:\aojian_game\arrow_21.bmp
- C:\aojian_game\arrow_22.bmp
- C:\aojian_game\stone_xuanjingshi.bmp
- C:\aojian_game\arrow_23.bmp
- C:\aojian_game\bag.bmp
- C:\aojian_game\arrow_25.bmp
- C:\aojian_game\book1.bmp
- C:\aojian_game\book2.bmp
- C:\aojian_game\book3.bmp
- C:\aojian_game\book4.bmp
- C:\aojian_game\book5.bmp
- C:\aojian_game\book6.bmp
- C:\aojian_game\book7.bmp
- C:\aojian_game\book8.bmp
- C:\aojian_game\box_huyi.bmp
- C:\aojian_game\pill_bagua.bmp
- C:\aojian_game\pill_body.bmp
- C:\aojian_game\arrow_24.bmp
- C:\aojian_game\captain_ft.bmp
- C:\aojian_game\arrow_26.bmp
- C:\aojian_game\stone_yangtianshi.bmp
- C:\aojian_game\stone_xingyunjing.bmp
- C:\aojian_game\stone_xilianshi.bmp
- C:\aojian_game\gem16.bmp
- C:\aojian_game\gem21.bmp
- C:\aojian_game\gem22.bmp
- C:\aojian_game\gem23.bmp
- C:\aojian_game\gem24.bmp
- C:\aojian_game\gem25.bmp
- C:\aojian_game\gem26.bmp
- C:\aojian_game\man_anqishi.bmp
- C:\aojian_game\man_bilingdan.bmp
- C:\aojian_game\man_changjing.bmp
- C:\aojian_game\man_dongxiao.bmp
- C:\aojian_game\man_hunyuandan.bmp
- C:\aojian_game\gem14.bmp
- C:\aojian_game\man_jingmai.bmp
- C:\aojian_game\man_longsoujin.bmp
- C:\aojian_game\man_longzu.bmp
- C:\aojian_game\man_muba.bmp
- C:\aojian_game\man_putidan.bmp
- C:\aojian_game\man_xishuidan.bmp
- C:\aojian_game\other_fubenling.bmp
- C:\aojian_game\other_kuozanfu.bmp
- C:\aojian_game\pill_lianzhandan.bmp
- C:\aojian_game\pill_zhenqidan.bmp
- C:\aojian_game\pill_zhuoqidan.bmp
- C:\aojian_game\rade_jinjiefu.bmp
- C:\aojian_game\rade_liangudan.bmp
- C:\aojian_game\rade_zhizhidan.bmp
- C:\aojian_game\man_julingzu.bmp
- C:\aojian_game\stone_shenjieshi.bmp
- C:\aojian_game\gem13.bmp
- C:\aojian_game\tie_ding.bmp
Удаляет следующие файлы
- %TEMP%\plugin.zip
- %TEMP%\mymacro.zip
- <Текущая директория>\shieldmodule.dat
Перемещает следующие файлы
- %APPDATA%\qmacro\ocx\1bb6d027-43c2-48ae-93dc-906ca3b713f0\setupocxfile в %APPDATA%\qmacro\ocx\1bb6d027-43c2-48ae-93dc-906ca3b713f0\qmacroui 20130519.ocx
Сетевая активность
UDP
- DNS ASK c.###huoa.com
