Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Classes\Ares.Playlist\Shell\Open\Command] '' = '"%PROGRAM_FILES%\Ares\Ares.exe" "%1"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ares' = '"%PROGRAM_FILES%\Ares\Ares.exe" -h'
- [<HKLM>\SOFTWARE\Classes\magnet\shell\open\command] '' = '"%PROGRAM_FILES%\Ares\Ares.exe" "%L"'
- [<HKLM>\SOFTWARE\Classes\Ares.Torrent\shell\open\command] '' = '"%PROGRAM_FILES%\Ares\Ares.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\Ares.Arlnk\shell\open\command] '' = '"%PROGRAM_FILES%\Ares\Ares.exe" "%L"'
- [<HKLM>\SOFTWARE\Classes\Arlnk\shell\open\command] '' = '"%PROGRAM_FILES%\Ares\Ares.exe" "%L"'
- [<HKLM>\SOFTWARE\Classes\Ares.CollectionList\shell\open\command] '' = '"%PROGRAM_FILES%\Ares\Ares.exe" "%1"'
Вредоносные функции:
Создает и запускает на исполнение:
- %PROGRAM_FILES%\Ares\Ares.exe
- %TEMP%\RarSFX0\aresregular216_installer.exe /S
Запускает на исполнение:
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\Ares\MP3Source.ax"
- <SYSTEM32>\regsvr32.exe /s "%PROGRAM_FILES%\Ares\AsyncEx.ax"
- <SYSTEM32>\cmd.exe /c ""%TEMP%\RarSFX0\Setup.Bat" "
Изменения в файловой системе:
Создает следующие файлы:
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\searchstars.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\searchpnl.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\smalltabsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\tabssmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\tabsBitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\mimesmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\mainbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\mplayer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\prefs.txt
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\mshareset.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\trackbar.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\listviewbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\logo.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\mainbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\mplayer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\mimesmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\buttonsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\transfer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\chat.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\libbig.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\emotic.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\mshareset.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\mplayer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\prefs.txt
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\searchstars.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\searchpnl.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\logo.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\libbig.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\listviewbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\mimesmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\mainbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\smalltabsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\emotic.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\chat.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\libbig.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\listviewbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\logo.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\tabssmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\tabsBitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\trackbar.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Esmeralda\buttonsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\transfer.bmp
- %PROGRAM_FILES%\Ares\Ares.exe
- %PROGRAM_FILES%\Ares\data\GUI\Win7\transfer.bmp
- %PROGRAM_FILES%\Ares\chatServer.exe
- %PROGRAM_FILES%\Ares\MP3Source.ax
- %PROGRAM_FILES%\Ares\AsyncEx.ax
- %PROGRAM_FILES%\Ares\data\GUI\Win7\smalltabsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\searchstars.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\tabsBitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\trackbar.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\tabssmall.bmp
- %PROGRAM_FILES%\Ares\bass.dll
- %PROGRAM_FILES%\Ares\Uninstall.exe
- %HOMEPATH%\Desktop\Ares.lnk
- <LS_APPDATA>\Ares\Data\ShareL.dat
- <LS_APPDATA>\Ares\Data\SNodes.dat
- <LS_APPDATA>\Ares\Data\ShareH.dat
- %HOMEPATH%\Start Menu\Programs\Ares\Ares.lnk
- %PROGRAM_FILES%\Ares\libfaad2.dll
- %HOMEPATH%\Start Menu\Programs\Ares\Host Chatroom.lnk
- %HOMEPATH%\Start Menu\Programs\Ares\Homepage.lnk
- %HOMEPATH%\Start Menu\Programs\Ares\Uninstall.lnk
- %PROGRAM_FILES%\Ares\data\GUI\Mac\tabssmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\tabsBitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\trackbar.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\buttonsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\transfer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\prefs.txt
- %PROGRAM_FILES%\Ares\data\GUI\Mac\mshareset.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\searchpnl.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\smalltabsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Mac\searchstars.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\chat.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\mplayer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\mimesmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\mshareset.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\searchpnl.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\prefs.txt
- %PROGRAM_FILES%\Ares\data\GUI\Win7\libbig.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\emotic.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\logo.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\mainbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Win7\listviewbitmap.bmp
- %PROGRAM_FILES%\Ares\data\Homepage.url
- %PROGRAM_FILES%\Ares\data\SNodes.dat
- %PROGRAM_FILES%\Ares\data\flvplayer.swf
- %PROGRAM_FILES%\Ares\data\motd.txt
- %PROGRAM_FILES%\Ares\data\ChatroomIPs.dat
- %PROGRAM_FILES%\Ares\data\ChanListFilter.txt
- %PROGRAM_FILES%\Ares\data\Blocked.txt.sample
- %PROGRAM_FILES%\Ares\data\ChatLang_en.txt
- %PROGRAM_FILES%\Ares\data\P2PFilter.txt
- %PROGRAM_FILES%\Ares\data\ChatLang_es.txt
- %PROGRAM_FILES%\Ares\data\no-avatar.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\mainbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\listviewbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\mimesmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\mshareset.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\mplayer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\chat.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\buttonsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\emotic.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\logo.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\libbig.bmp
- %PROGRAM_FILES%\Ares\lang\Dutch.txt
- %PROGRAM_FILES%\Ares\lang\Danish.txt
- %PROGRAM_FILES%\Ares\lang\Finnish.txt
- %PROGRAM_FILES%\Ares\lang\German.txt
- %PROGRAM_FILES%\Ares\lang\French.txt
- %TEMP%\RarSFX0\aresregular216_installer.exe
- %TEMP%\RarSFX0\setup.bat
- %PROGRAM_FILES%\Ares\lang\Arabic.txt
- %PROGRAM_FILES%\Ares\lang\Czech.txt
- %PROGRAM_FILES%\Ares\lang\Chinese.txt
- %PROGRAM_FILES%\Ares\lang\Japanese.txt
- %PROGRAM_FILES%\Ares\lang\Swedish.txt
- %PROGRAM_FILES%\Ares\lang\Spanish.txt
- %PROGRAM_FILES%\Ares\lang\Turkish.txt
- %PROGRAM_FILES%\Ares\data\Blocked_Keywords.txt
- %PROGRAM_FILES%\Ares\lang\Russian.txt
- %PROGRAM_FILES%\Ares\lang\Kirghiz.txt
- %PROGRAM_FILES%\Ares\lang\Italian.txt
- %PROGRAM_FILES%\Ares\lang\Polish.txt
- %PROGRAM_FILES%\Ares\lang\Slovak.txt
- %PROGRAM_FILES%\Ares\lang\Portuguese.txt
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\mainbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\listviewbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\mimesmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\mshareset.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\mplayer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\chat.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\buttonsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\emotic.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\logo.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\libbig.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\prefs.txt
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\transfer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\trackbar.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\buttonsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\emotic.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Borravino\chat.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\searchstars.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\searchpnl.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\smalltabsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\tabssmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\Bloody\tabsBitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\trackbar.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\tabssmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\transfer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\emotic.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\chat.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\searchpnl.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\prefs.txt
- %PROGRAM_FILES%\Ares\data\GUI\General\searchstars.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\tabsBitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\General\smalltabsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\libbig.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\smalltabsbitmap.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\searchstars.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\tabsbig.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\transfer.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\tabssmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\mimesmall.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\logo.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\mshareset.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\searchpnl.bmp
- %PROGRAM_FILES%\Ares\data\GUI\OsThemes\prefs.txt
Удаляет следующие файлы:
- %PROGRAM_FILES%\Ares\data\SNodes.dat
- %TEMP%\RarSFX0\setup.bat
- %TEMP%\RarSFX0\aresregular216_installer.exe
Сетевая активность:
Подключается к:
- '62.##.92.108':33195
- '67.##5.247.170':53091
- '67.##4.253.130':56655
- '18#.#8.182.141':23158
- '66.##6.129.134':29828
- '80.##.93.139':35826
- '19#.#04.54.206':32268
- '91.##7.63.109':47192
UDP:
- '19#.#06.58.162':64501
- '19#.#27.119.23':15367
- '92.##.145.174':4085
- '12#.#23.55.151':63445
- '19#.#1.108.98':53162
- '67.##5.95.190':6855
- '24.##5.145.169':5000
- '20#.#60.222.119':50000
- '20#.#9.250.20':6470
- '24.##3.207.173':10000
- '18#.#5.112.236':2009
- '94.##.163.232':21175
- '19#.#7.254.10':62555
- '98.##0.66.142':64973
- '19#.#79.11.6':9015
- '19#.#20.111.34':22532
- '20#.#6.229.197':20251
- '19#.#77.200.197':5000
- '75.##.151.141':17115
- '18#.#0.226.166':32268
- '19#.#99.8.97':15987
- '19#.#90.63.191':47845
- '68.#.83.82':5000
- '20#.#3.26.103':51000
- '18#.#50.1.80':5000
- '19#.#54.115.202':54157
- '84.##6.110.17':6990
- '71.#.119.33':54321
- '19#.#2.93.172':59738
- '19#.#8.231.39':58779
- '19#.#8.80.141':22222
- '60.##2.211.117':47844
- '20#.#04.40.61':5000
- '24.#3.26.18':4935
- '88.#.179.63':12500
- '18#.#8.192.187':5000
- '80.##.246.37':50000
- '20#.#72.169.150':49741
- '20#.#42.188.104':1889
- '19#.#93.140.176':11310
- '20#.#9.101.21':5000
- '97.#0.98.41':18053
- '69.##6.71.73':24120
- '18#.#50.111.23':7000
- '19#.#00.113.185':5000
- '98.##.13.144':5300
- '21#.#14.176.95':33733
- '19#.#73.86.140':5000
- '77.#6.16.84':23094
- '18#.#71.206.188':12345
- '21#.#25.195.99':5000
- '19#.#89.223.104':5000
- '18#.#75.25.74':5000
- '19#.#9.63.44':5000
- '98.##4.93.92':46104
- '82.##8.45.69':3694
- '91.##.113.83':49588
- '94.##3.155.162':11520
- '19#.#04.146.251':26598
- '19#.#7.205.170':32361
- '19#.#.229.101':47732
- '79.##8.56.52':51770
- '74.##.143.83':1234
- '21#.#31.72.204':19007
- '19#.#56.55.11':7597
- '17#.#.64.147':44676
- '94.##.101.131':44507
- '19#.#6.7.173':5000
- '83.#4.236.5':19282
- '12#.#09.156.252':9627
- '19#.#03.250.199':48067
- '95.#7.24.16':3000
- '19#.#0.159.192':5001
- '24.##4.226.114':23847
- '86.#.2.192':14693
- '18#.#9.23.146':53073
- '19#.#0.230.113':57069
- '19#.#05.29.91':18699
- '84.##2.94.98':8413
Другое:
Ищет следующие окна:
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'Tares_frmmain.UnicodeClass' WindowName: ''
- ClassName: 'TAppBuilder' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'Tfrmmain.UnicodeClass' WindowName: ''
- ClassName: 'Tform1.UnicodeClass' WindowName: ''
