Trojan.Siggen28.41319

Техническая информация

Для обеспечения автозапуска и распространения

Модифицирует следующие ключи реестра

[HKLM\Software\Classes\gameassist\Shell\Open\Command] '' = '"D:\Program Files (x86)\GameAssistant\GameAssistant.exe" "%1"'
[HKCU\Software\Classes\apk_file\shell\open\command] '' = 'D:\Program Files (x86)\GameAssistant\GameAssistant.exe --open-apk --path="%1" --from=local'

Создает или изменяет следующие файлы

<SYSTEM32>\tasks\gameassistant

Изменения в файловой системе

Создает следующие файлы

%TEMP%\dnbdir\gameassistant_330100000_0_.exe
D:\program files (x86)\gameassistant\wd\libnda.dll
D:\program files (x86)\gameassistant\wd\chrmsafe.dat
D:\program files (x86)\gameassistant\wallpapercache\20240326172524\photo
D:\program files (x86)\gameassistant\wallpapercache\20240326172524\info.json
D:\program files (x86)\gameassistant\wallpapercache\20240326172522\photo
D:\program files (x86)\gameassistant\wallpapercache\20240326172522\info.json
D:\program files (x86)\gameassistant\wallpapercache\20240326172520\photo
D:\program files (x86)\gameassistant\wallpapercache\20240326172520\info.json
D:\program files (x86)\gameassistant\version.ini
D:\program files (x86)\gameassistant\updateignore.json
D:\program files (x86)\gameassistant\wd\libnda32.dll
D:\program files (x86)\gameassistant\update.exe
D:\program files (x86)\gameassistant\sehelper\sehook.dll
D:\program files (x86)\gameassistant\sehelper\sehelper64.exe
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\public\button\close.svg
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\popupwnd5.xml
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\popupwnd4.xml
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\popupwnd3.xml
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\popupwnd2.xml
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\popupwnd.xml
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\image\layer.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\image\close.png
D:\program files (x86)\gameassistant\sehelper\sehook64.dll
D:\program files (x86)\gameassistant\wd\sesafepro.dll
D:\program files (x86)\gameassistant\wd\uniconft.dll
D:\program files (x86)\gameassistant\wd\uniconft64.dll
%TEMP%\aiwpsgxpwaacssak\nomoretip200.png
%TEMP%\aiwpsgxpwaacssak\nomoretip.png
%TEMP%\aiwpsgxpwaacssak\drop200.png
%TEMP%\aiwpsgxpwaacssak\drop.png
%TEMP%\aiwpsgxpwaacssak\conf.ini
%TEMP%\aiwpsgxpwaacssak\cls200.png
%TEMP%\aiwpsgxpwaacssak\cls.png
%TEMP%\aiwpsgxpwaacssak\bkg200.png
%TEMP%\aiwpsgxpwaacssak\bkg.png
%TEMP%\msinstaler.cab
%APPDATA%\corelog\urlproc.dll
%APPDATA%\corelog\urlproc.cab
D:\program files (x86)\gameassistant\sehelper\js.dat.write_cache
D:\program files (x86)\gameassistant\clean.dat.write_cache
%APPDATA%\360gameassistant\wallpaper\screensaver\static\20240326172524\photo
%APPDATA%\360gameassistant\wallpaper\screensaver\static\20240326172524\info.json
%APPDATA%\360gameassistant\wallpaper\screensaver\static\20240326172522\photo
%APPDATA%\360gameassistant\wallpaper\screensaver\static\20240326172522\info.json
%APPDATA%\360gameassistant\wallpaper\screensaver\static\20240326172520\photo
%APPDATA%\360gameassistant\wallpaper\screensaver\static\20240326172520\info.json
D:\program files (x86)\gameassistant\xdelta3.exe
D:\program files (x86)\gameassistant\wd\wdhpfilesafe.dll
D:\program files (x86)\gameassistant\wd\wd.ini
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\image\btn_2.png
%TEMP%\aiwpsgxpwaacssak\ok.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\image\btn_1.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\image\background.png
D:\gameassistant\logs\2024-04-30\2024-04-30-tray.log
%HOMEPATH%\desktop\手游助手.lnk
%APPDATA%\microsoft\windows\start menu\programs\gameassistant\卸载手游助手.lnk
%APPDATA%\microsoft\windows\start menu\programs\gameassistant\手游助手.lnk
D:\program files (x86)\gameassistant\web\web.zip
D:\program files (x86)\gameassistant\web\screensaver.zip
D:\program files (x86)\gameassistant\wallpaper.exe
D:\program files (x86)\gameassistant\uninst.exe
D:\program files (x86)\gameassistant\localserver.exe
D:\program files (x86)\gameassistant\kittip.dll
D:\gameassistant\logs\2024-04-30\2024-04-30-wallpapper.log
D:\program files (x86)\gameassistant\gameassistant.exe
D:\program files (x86)\gameassistant\dumpuper.exe
D:\program files (x86)\gameassistant\crashreport.dll
D:\program files (x86)\gameassistant\cacert.dat
D:\program files (x86)\gameassistant\7z.exe
D:\program files (x86)\gameassistant\7z.dll
D:\program files (x86)\gameassistant\360util.dll
D:\program files (x86)\gameassistant\360netbase.dll
D:\program files (x86)\gameassistant\360common.dll
D:\program files (x86)\gameassistant\360base.dll
<Текущая директория>\安装说明.txt
D:\program files (x86)\gameassistant\dumpuper.ini
D:\gameassistant\logs\2024-04-30\2024-04-30-launcher.log
D:\gameassistant\downloads\360se15.0.2040.0.exe
D:\gameassistant\downloads\gameassistantsetup.exe
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\image\arrow.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\image\ad.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\global.xml
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\image\start.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\image\ready.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\image\process.gif
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\image\ok.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\image\icon_close.svg
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\image\complete.gif
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\image\close.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\image\cancel.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\image\background.png
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\cleanwnd\cleanwnd.xml
D:\program files (x86)\gameassistant\res\clean\resources\lang\zh-cn\gdstrings.ini
D:\program files (x86)\gameassistant\res\associate\apk.ico
D:\program files (x86)\gameassistant\crashreport64.dll
D:\program files (x86)\gameassistant\config.ini
D:\program files (x86)\gameassistant\clean.exe
D:\program files (x86)\gameassistant\aapt.exe
D:\program files (x86)\gameassistant\360verify.dll
D:\program files (x86)\gameassistant\360netbase64.dll
D:\program files (x86)\gameassistant\360conf.dll
D:\program files (x86)\gameassistant\360base64.dll
D:\program files (x86)\gameassistant\res\clean\resources\themes\default\popupwnd\image\background2.png
%TEMP%\aiwpsgxpwaacssak\ok200.png

Удаляет следующие файлы

D:\program files (x86)\gameassistant\wallpapercache\20240326172520\info.json
D:\program files (x86)\gameassistant\wallpapercache\20240326172520\photo
D:\program files (x86)\gameassistant\wallpapercache\20240326172522\info.json
D:\program files (x86)\gameassistant\wallpapercache\20240326172522\photo
D:\program files (x86)\gameassistant\wallpapercache\20240326172524\info.json
D:\program files (x86)\gameassistant\wallpapercache\20240326172524\photo
D:\program files (x86)\gameassistant\clean.dat
D:\program files (x86)\gameassistant\sehelper\js.dat
%APPDATA%\corelog\urlproc.cab
%TEMP%\msinstaler.cab

Перемещает следующие файлы

D:\program files (x86)\gameassistant\clean.dat.write_cache в D:\program files (x86)\gameassistant\clean.dat
D:\program files (x86)\gameassistant\sehelper\js.dat.write_cache в D:\program files (x86)\gameassistant\sehelper\js.dat

Подменяет следующие файлы

D:\program files (x86)\gameassistant\clean.dat.write_cache
D:\program files (x86)\gameassistant\clean.dat
D:\program files (x86)\gameassistant\sehelper\js.dat.write_cache
D:\program files (x86)\gameassistant\sehelper\js.dat

Сетевая активность

Подключается к

'localhost':80
'do#####d.runjiapp.com':80
's.##0.cn':80
'si######r.mobilem.360.cn':443
'p.#.360.cn':443
'gr##.#afe.360.cn':80
'in#.#afe.360.cn':80
'do##.#60safe.com':443
'dl.##0safe.com':443
'da##.#pi.sj.360.cn':80
'sj##.##l.qihucdn.com':80
'qu##.f.360.cn':80

TCP

Запросы HTTP GET

http://do#####d.runjiapp.com/dtazq/da/cofig.7z
http://s.##0.cn/hips/update/inst.htm?m=##########################################################################################################################
http://s.##0.cn/hips/update/inst.htm?m=#######################################################################################################################
http://s.##0.cn/hips/update/inst.htm?m=#########################################################################################################################
http://gr##.#afe.360.cn/conf/item/info?m2########################################################################################################################################################...
http://in#.#afe.360.cn/wsin/think?ip#############################################################################################################################################################...
http://sj##.##l.qihucdn.com/GameAssistant/20240417-0855/GameAssistant_900100000_0_.exe
http://da##.#pi.sj.360.cn/data?ke################################################################################################################################################################...

Запросы HTTP POST

http://qu##.f.360.cn/wdinfo.php

Другие

'si######r.mobilem.360.cn':443
'p.#.360.cn':443
'do##.#60safe.com':443

UDP

DNS ASK ap#.##njiapp.com
DNS ASK do#####d.runjiapp.com
DNS ASK s.##0.cn
DNS ASK p.#.360.cn
DNS ASK si######r.mobilem.360.cn
DNS ASK gr##.#afe.360.cn
DNS ASK in#.#afe.360.cn
DNS ASK do##.#60safe.com
DNS ASK dl.##0safe.com
DNS ASK sj##.##l.qihucdn.com
DNS ASK da##.#pi.sj.360.cn
DNS ASK u.###l.f.360.cn
DNS ASK qu##.f.360.cn

Другое

Ищет следующие окна

ClassName: '360GameAssistantHost_Class' WindowName: ''
ClassName: '360GameAssistantTray_Class' WindowName: ''
ClassName: '360GameAssistantWallPaperDaemon_Class' WindowName: ''
ClassName: '360GameAssistantMainWnd_Class' WindowName: ''
ClassName: '360GameAssistantCefLoading_Class' WindowName: ''
ClassName: '360GameAssistantScreensaverWnd_Class' WindowName: ''
ClassName: '360GameAssistantToastWnd_Class' WindowName: ''
ClassName: '360GameAssistantCleanDaemon_Class' WindowName: ''

Создает и запускает на исполнение

'%TEMP%\dnbdir\gameassistant_330100000_0_.exe'
'D:\program files (x86)\gameassistant\gameassistant.exe' --tray --setup --from=setup --param=" --startup-id=0"
'D:\program files (x86)\gameassistant\gameassistant.exe' --from=--from=tray --startup-id=0
'D:\program files (x86)\gameassistant\wallpaper.exe'
'D:\program files (x86)\gameassistant\localserver.exe' --local-path=%APPDATA%\360GameAssistant\Wallpaper\Screensaver --outer-path=/resources --port=8081
'D:\gameassistant\downloads\gameassistantsetup.exe' --silent
'D:\program files (x86)\gameassistant\gameassistant.exe' --tray --setup --from=setup --silent --update --param=""
'D:\program files (x86)\gameassistant\clean.exe'
'D:\program files (x86)\gameassistant\localserver.exe' --local-path="%APPDATA%\360GameAssistant\Wallpaper\Screensaver" --outer-path=/resources --port=8081
'D:\program files (x86)\gameassistant\localserver.exe' --local-path=%APPDATA%\360GameAssistant\Wallpaper\Screensaver --outer-path=/resources --port=8081' (со скрытым окном)
'D:\gameassistant\downloads\gameassistantsetup.exe' --silent' (со скрытым окном)
'D:\program files (x86)\gameassistant\localserver.exe' --local-path="%APPDATA%\360GameAssistant\Wallpaper\Screensaver" --outer-path=/resources --port=8081' (со скрытым окном)

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней