Trojan.DownLoader9.56387

Техническая информация

Для обеспечения автозапуска и распространения:

Создает следующие сервисы:

[<HKLM>\SYSTEM\ControlSet001\Services\MSWindows] 'Start' = '00000002'

Вредоносные функции:

Создает и запускает на исполнение:

'<SYSTEM32>\urdvxc.exe' /uninstallservice patch:<Полный путь к вирусу>
'<SYSTEM32>\urdvxc.exe' /service
'<SYSTEM32>\urdvxc.exe' /installservice
'<SYSTEM32>\urdvxc.exe' /start

Запускает на исполнение:

'<SYSTEM32>\svchost.exe' -k netsvcs
'<SYSTEM32>\dumprep.exe' 1132 -dm 7 7 %TEMP%\WER5949.dir00\svchost.exe.mdmp 16325836412032760

Изменения в файловой системе:

Создает следующие файлы:

%CommonProgramFiles%\Microsoft Shared\Stationery\ehbebsrn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\brvrjrke.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\njbsvtll.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bnbtzwxt.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\nsqjttkv.exe
%CommonProgramFiles%\System\ado\tsektjkj.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\sjwzlskk.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\res\lhbtcvlt.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\hltjtlne.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\jjjthqtn.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\cpow\ketssrzn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\xrljqjzn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bcwvzwbh.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bhrhnkht.exe
<SYSTEM32>\urdvxc.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\vkjljzrn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\czjevcet.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bzqlkhrh.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\tlcwjrwt.exe
%TEMP%\WER5949.dir00\svchost.exe.mdmp
%CommonProgramFiles%\Microsoft Shared\Stationery\qjllsjhl.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\elwtjnbj.exe

Самоудаляется.

Сетевая активность:

Подключается к:

'87.##2.253.147':445
'87.##2.123.211':445
'87.##2.101.215':445
'87.##2.165.167':445
'87.##2.120.111':445
'87.##2.35.71':445
'87.##2.31.188':445
'87.##2.91.253':445
'87.##2.18.101':445
'87.##2.67.24':445
'87.##2.122.11':445
'87.##2.43.19':445
'87.##2.39.59':445
'87.##2.145.124':445
'87.##2.39.10':445
'87.##2.135.119':445
'87.##2.25.98':445
'87.##2.66.154':445
'87.##2.175.110':445
'87.##2.40.104':445
'87.##2.23.137':445
'87.##2.171.39':445
'87.##2.189.32':445
'87.##2.233.25':445
'87.##2.28.150':445
'87.##2.172.105':445
'87.##2.57.73':445
'87.##2.196.215':445
'87.##2.52.233':445
'87.##2.27.53':445
'87.##2.249.105':445
'87.##2.3.157':445
'87.##2.79.143':445
'87.##2.84.136':445
'87.##2.115.184':445
'87.##2.46.208':445
'87.##2.170.39':445
'87.##2.121.21':445
'87.##2.157.114':445
'87.##2.22.95':445
'87.##2.133.176':445
'87.##2.15.202':445
'87.##2.14.160':445
'87.##2.102.101':445
'87.##2.197.52':445
'87.##2.56.41':445
'87.##2.251.127':445
'87.##2.225.13':445
'87.##2.248.224':445
'87.##2.44.230':445
'87.##2.190.92':445
'87.##2.60.79':445
'87.##2.127.239':445
'87.##2.254.107':445
'87.##2.154.244':445
'87.##2.160.89':445
'87.##2.193.127':445
'87.##2.80.246':445
'87.##2.205.0':445
'87.##2.2.109':445
'87.#82.7.48':445
'87.##2.28.211':445
'87.##2.40.23':445
'87.##2.115.184':139
'87.##2.3.157':139
'87.##2.240.120':139
'87.##2.170.39':139
'87.##2.99.120':139
'87.##2.82.181':139
'87.##2.121.21':139
'87.##2.199.243':139
'87.##2.79.143':139
'87.##2.102.101':139
'87.##2.54.167':139
'87.##2.84.136':139
'87.##2.157.114':139
'87.##2.99.219':139
'87.##2.55.79':139
'87.##2.168.251':139
'87.##2.11.35':139
'87.##2.205.0':139
'87.##2.42.236':139
'87.##2.232.149':139
'87.##2.236.83':139
'87.##2.28.211':139
'87.##2.88.184':139
'87.##2.160.89':139
'87.##2.46.208':139
'87.##2.33.250':139
'87.##2.251.127':139
'87.##2.106.246':139
'87.##2.83.242':139
'87.##2.193.127':139
'87.##2.80.246':139
'87.##2.79.171':445
'87.##2.81.119':445
'87.##2.54.167':445
'87.##2.88.184':445
'87.##2.154.210':445
'87.##2.49.171':445
'87.##2.199.1':445
'87.##2.76.148':445
'87.##2.19.223':445
'87.##2.41.25':445
'87.##2.236.202':445
'87.##2.48.128':445
'87.##2.88.109':445
'87.##2.239.199':445
'87.##2.223.130':445
'87.##2.52.34':445
'87.##2.200.162':139
'87.##2.87.93':139
'87.##2.17.245':139
'87.##2.14.160':139
'87.##2.126.47':139
'87.##2.131.137':139
'87.##2.197.52':139
'87.##2.129.196':445
'87.##2.180.118':445
'87.#82.8.26':445
'87.##2.130.169':445
'87.##2.220.143':445
'87.##2.120.84':139
'87.##2.196.4':445
'87.##2.96.204':445
'87.##2.22.157':445
'87.#82.35.0':139
'87.##2.45.63':139
'87.##2.97.69':445
'87.##2.209.146':139
'87.#82.4.47':139
'87.##2.79.146':139
'87.##2.77.165':139
'87.##2.17.110':445
'87.##2.141.144':139
'87.##2.64.31':139
'87.##2.41.245':445
'87.##2.144.254':139
'87.##2.21.189':139
'87.##2.182.217':139
'87.##2.82.58':139
'87.##2.117.74':139
'87.##2.229.6':139
'87.##2.7.115':139
'87.##2.112.102':139
'87.##2.175.83':139
'87.##2.41.245':139
'87.##2.147.92':139
'87.##2.171.227':139
'87.##2.140.167':139
'87.##2.219.30':139
'87.##2.57.22':139
'87.##2.64.23':139
'87.#82.60.1':139
'87.##2.24.212':139
'87.##2.214.21':139
'87.##2.0.243':139
'87.##2.193.168':445
'87.##2.245.177':445
'87.##2.178.26':445
'87.##2.1.185':445
'87.##2.10.119':445
'87.##2.59.235':445
'87.##2.121.199':445
'87.##2.147.92':445
'87.##2.112.102':445
'87.##2.24.212':445
'87.##2.214.21':445
'87.##2.7.115':445
'87.##2.171.227':445
'87.##2.175.83':445
'87.##2.229.6':445
'87.##2.85.12':445
'87.##2.41.103':139
'87.##2.86.206':139
'87.##2.200.228':139
'87.##2.174.162':139
'87.##2.207.63':139
'87.##2.191.6':139
'87.##2.13.251':139
'87.##2.31.66':139
'87.##2.224.23':139
'87.##2.83.211':139
'87.##2.140.167':445
'87.##2.115.51':139
'87.##2.5.124':139
'87.##2.208.30':139
'87.##2.70.207':139
'87.##2.245.177':139
'87.##2.43.116':445
'87.##2.94.155':445
'87.##2.65.65':445
'87.#82.9.2':445
'87.##2.52.198':445
'87.##2.79.151':445
'87.##2.61.212':445
'87.##2.210.154':445
'87.##2.70.58':445
'87.##2.64.200':445
'87.##2.195.135':445
'87.##2.207.113':445
'87.##2.25.225':445
'87.##2.79.158':445
'87.##2.84.200':445
'87.##2.200.162':445
'87.##2.163.178':445
'87.##2.3.192':445
'87.##2.110.254':445
'87.##2.156.164':445
'87.##2.89.208':445
'87.##2.210.81':445
'87.##2.155.51':445
'87.##2.218.222':445
'87.##2.99.120':445
'87.##2.168.251':445
'87.##2.126.47':445
'87.##2.42.236':445
'87.##2.94.102':445
'87.##2.147.76':445
'87.##2.211.9':445
'87.##2.120.84':445
'87.##2.22.78':445
'87.##2.85.12':139
'87.##2.173.222':445
'87.##2.236.83':445
'87.##2.181.100':445
'87.##2.103.30':445
'87.##2.10.119':139
'87.##2.17.110':139
'87.##2.193.168':139
'87.##2.178.26':139
'87.##2.1.185':139
'87.##2.59.235':139
'87.##2.121.199':139
'87.##2.97.69':139
'87.##2.11.254':445
'87.##2.83.242':445
'87.##2.82.181':445
'87.##2.33.250':445
'87.##2.200.195':445
'87.##2.113.111':445
'87.##2.232.149':445
'87.##2.106.246':445
'87.##2.99.219':445
'87.##2.17.245':445
'87.##2.26.124':445
'87.##2.254.252':445
'87.##2.87.93':445
'87.##2.11.35':445
'87.##2.131.137':445
'87.##2.55.79':445
'87.##2.113.111':139
'87.##2.119.30':445
'87.#82.6.60':445
'87.##2.118.76':445
'87.##2.64.211':445
'87.##2.16.46':445
'87.##2.126.103':445
'87.##2.33.204':445
'87.##2.30.64':445
'87.##2.206.194':445
'87.##2.0.194':445
'87.##2.20.95':445
'87.##2.119.121':445
'87.##2.214.29':445
'87.##2.54.224':445
'87.##2.121.172':445
'87.##2.109.181':445
'87.##2.71.206':445
'87.##2.94.177':445
'87.##2.130.122':445
'87.##2.205.197':445
'87.##2.195.154':445
'87.##2.2.173':445
'87.##2.252.126':445
'87.##2.174.128':445
'87.##2.244.124':445
'87.##2.21.244':445
'87.##2.135.245':445
'87.##2.25.156':445
'87.##2.51.35':445
'87.##2.235.64':445
'87.##2.229.202':445
'87.##2.109.181':9988
'87.##2.119.30':9988
'87.##2.252.126':9988
'87.##2.54.224':9988
'87.##2.195.154':9988
'87.##2.240.244':9988
'87.##2.180.201':9988
'87.##2.35.142':9988
'87.#82.6.60':9988
'87.##2.119.121':9988
'87.##2.126.103':9988
'87.##2.61.29':9988
'87.##2.20.228':9988
'87.##2.33.204':9988
'87.##2.16.46':9988
'87.##2.118.115':9988
'87.##2.248.56':445
'87.##2.197.198':445
'87.##2.22.198':445
'87.##2.153.77':445
'87.##2.30.233':445
'87.##2.35.142':445
'87.##2.242.67':445
'87.##2.138.120':445
'87.##2.71.206':9988
'87.##2.206.194':9988
'87.##2.118.76':9988
'87.##2.94.177':9988
'87.##2.108.81':9988
'87.##2.222.37':9988
'87.##2.244.124':9988
'87.##2.230.58':445
'87.##2.51.35':139
'87.##2.235.64':139
'87.##2.229.202':139
'87.##2.174.128':139
'87.##2.71.206':139
'87.##2.94.177':139
'87.##2.130.122':139
'87.##2.25.156':139
'87.##2.16.46':139
'87.##2.126.103':139
'87.##2.33.204':139
'87.##2.109.181':139
'87.##2.244.124':139
'87.##2.21.244':139
'87.##2.135.245':139
'87.##2.205.197':139
'87.##2.108.81':139
'87.##2.245.108':139
'87.##2.28.245':139
'87.##2.223.226':139
'87.##2.222.37':139
'87.##2.240.244':139
'87.##2.118.115':139
'87.##2.61.29':139
'87.##2.195.154':139
'87.##2.2.173':139
'87.##2.252.126':139
'87.##2.230.58':139
'87.##2.20.228':139
'87.##2.201.99':139
'87.##2.180.201':139
'87.##2.240.244':445
'87.##2.118.115':445
'87.##2.223.226':445
'87.##2.138.120':139
'87.##2.248.56':139
'87.##2.197.198':139
'87.##2.22.198':139
'87.##2.222.37':445
'87.##2.180.201':445
'87.##2.201.99':445
'87.##2.20.228':445
'87.##2.61.29':445
'87.##2.108.81':445
'87.##2.245.108':445
'87.##2.28.245':445
'87.##2.153.77':139
'87.##2.30.64':139
'87.##2.214.29':139
'87.##2.54.224':139
'87.##2.118.76':139
'87.##2.119.30':139
'87.##2.64.211':139
'87.#82.6.60':139
'87.##2.121.172':139
'87.##2.30.233':139
'87.##2.35.142':139
'87.##2.242.67':139
'87.##2.20.95':139
'87.##2.119.121':139
'87.##2.206.194':139
'87.##2.0.194':139
'87.##2.138.120':9988
'87.##2.154.210':139
'87.##2.44.230':139
'87.##2.43.116':139
'87.##2.49.171':139
'87.##2.66.95':139
'87.##2.130.169':139
'87.#82.8.26':139
'87.##2.22.157':139
'87.##2.26.124':139
'87.##2.15.202':139
'87.##2.2.109':139
'87.##2.133.176':139
'87.##2.52.34':139
'87.##2.154.244':139
'87.##2.22.95':139
'87.##2.79.151':139
'87.##2.60.79':139
'87.##2.127.239':139
'87.##2.254.107':139
'87.##2.67.24':139
'87.##2.43.19':139
'87.##2.122.11':139
'87.##2.18.101':139
'87.##2.190.92':139
'87.##2.180.118':139
'87.##2.181.100':139
'87.##2.103.30':139
'87.##2.11.254':139
'87.##2.225.13':139
'87.##2.248.224':139
'87.##2.254.252':139
'87.##2.25.225':139
'87.##2.207.113':139
'87.##2.210.154':139
'87.##2.52.198':139
'87.##2.163.178':139
'87.##2.199.1':139
'87.##2.147.76':139
'87.##2.84.200':139
'87.##2.195.135':139
'87.##2.211.9':139
'87.##2.173.222':139
'87.##2.64.200':139
'87.##2.70.58':139
'87.##2.229.180':139
'87.##2.200.195':139
'87.##2.94.155':139
'87.##2.22.78':139
'87.##2.156.164':139
'87.#82.7.48':139
'87.##2.79.158':139
'87.##2.56.41':139
'87.##2.218.222':139
'87.##2.3.192':139
'87.#82.9.2':139
'87.##2.110.254':139
'87.##2.210.81':139
'87.##2.155.51':139
'87.##2.94.102':139
'87.##2.61.212':139
'87.##2.89.208':139
'87.##2.65.65':139
'87.##2.39.10':139
'87.##2.0.194':9988
'87.##2.174.128':9988
'87.##2.197.198':9988
'87.##2.248.56':9988
'87.##2.229.202':9988
'87.##2.245.108':9988
'87.##2.201.99':9988
'87.##2.28.245':9988
'87.##2.88.109':139
'87.##2.76.148':139
'87.##2.239.199':139
'87.##2.48.128':139
'87.##2.22.198':9988
'87.##2.81.119':139
'87.##2.79.171':139
'87.##2.242.67':9988
'87.##2.121.172':9988
'87.##2.135.245':9988
'87.##2.2.173':9988
'87.##2.130.122':9988
'87.##2.205.197':9988
'87.##2.214.29':9988
'87.##2.153.77':9988
'87.##2.30.233':9988
'87.##2.223.226':9988
'87.##2.30.64':9988
'87.##2.25.156':9988
'87.##2.51.35':9988
'87.##2.235.64':9988
'87.##2.230.58':9988
'87.##2.21.244':9988
'87.##2.135.119':139
'87.##2.120.111':139
'87.##2.35.71':139
'87.##2.57.73':139
'87.##2.196.215':139
'87.##2.28.150':139
'87.##2.172.105':139
'87.##2.31.188':139
'87.##2.91.253':139
'87.##2.39.59':139
'87.##2.145.124':139
'87.##2.101.215':139
'87.##2.165.167':139
'87.##2.253.147':139
'87.##2.123.211':139
'87.##2.249.105':139
'87.##2.40.23':139
'87.##2.23.137':139
'87.##2.171.39':139
'87.##2.236.202':139
'87.##2.223.130':139
'87.##2.19.223':139
'87.##2.41.25':139
'87.##2.189.32':139
'87.##2.233.25':139
'87.##2.52.233':139
'87.##2.27.53':139
'87.##2.175.110':139
'87.##2.40.104':139
'87.##2.66.154':139
'87.##2.25.98':139

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней