Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CryptoLocker' = '%APPDATA%\Roaming\{251D6684-2103-0713-3D1A-143F3922242B}.exe'
Вредоносные функции:
Создает и запускает на исполнение:
- '%APPDATA%\Roaming\{251D6684-2103-0713-3D1A-143F3922242B}.exe' /w000000A0
- '%APPDATA%\Roaming\{251D6684-2103-0713-3D1A-143F3922242B}.exe' "/r<Полный путь к вирусу>"
Изменения в файловой системе:
Создает следующие файлы:
- %APPDATA%\Roaming\{251D6684-2103-0713-3D1A-143F3922242B}.exe
Присваивает атрибут 'скрытый' для следующих файлов:
- %APPDATA%\Roaming\{251D6684-2103-0713-3D1A-143F3922242B}.exe
Самоудаляется.
Сетевая активность:
Подключается к:
- 'we####hbdqno.co.uk':80
- 'vq####rvppxb.org':80
- 'xf####inrtkp.com':80
- 'wr####siesuc.info':80
- 'hd####xfjaeh.net':80
- 'tb####krvjql.com':80
- 'ie###byrxdbi.ru':80
- 'uc####lekmnm.biz':80
- 'tv####aohkrf.info':80
- 'gt####vhkntr.co.uk':80
- 'va####bntfrs.net':80
- 'ix####wgwitf.com':80
- 'yt####xmgwou.biz':80
- 'xg####ihsvyh.net':80
- 'au####yyualv.org':80
- 'yh###ijthyvi.ru':80
- 'go####iguwac.info':80
- 'lq####inxfdsn.net':80
- 'bs####egwmoum.com':80
- 'mr####dowokfn.ru':80
- 'ys####vjhkobn.biz':80
- 'xy####klfxein.org':80
- 'yd####dlpgcxi.ru':80
- 'ad####xmyjrqe.info':80
- 'yo####qfdbbmm.co.uk':80
- 'rl###itgsdpf.ru':80
- 'du####lyakcu.biz':80
- 'sm####ushgmg.co.uk':80
- 'fn####htgtdb.org':80
- 'pa####xifrqxr.co.uk':80
- 'at####qkgtvne.org':80
- 'ch####fwddwy.net':80
- 'bq####dmhfhp.com':80
- 'fc####jplmktok.ru':80
- 'fm####kbbxsqwp.biz':80
- 'io#####fyfvrsm.co.uk':80
- 'gr####fycyjnna.org':80
- 'bk####tbryjyam.info':80
- 'nj#####rhewrsf.co.uk':80
- 'ew####orkltwoq.net':80
- 'oo####npifnoqt.com':80
- 'ek####sqmfijvx.org':80
- 'pg####ibhaplvn.ru':80
- 'gt####ytciymxd.info':80
- 'ro#####lgqbdve.co.uk':80
- 'jt####kdagmoay.com':80
- 'je####loprulbs.info':80
- 'cc####xgnowrfq.biz':80
- 'kj####gmqsliyv.net':80
- 'af####ydqxscsl.org':80
- 'lm####akehrb.com':80
- 'ky####tihamf.info':80
- 'nq####bjqcro.biz':80
- 'md####uhtums.net':80
- 'vl###iqakqsl.ru':80
- 'ij####msntux.biz':80
- 'xp####rywlsy.co.uk':80
- 'kn####nraoul.org':80
- 'jr####reskuwai.net':80
- 'vn####xpceqhav.com':80
- 'kw####mctlltqe.ru':80
- 'ws####sndfheae.biz':80
- 'nc####qvhnsh.org':80
- 'mo###sktkgnl.ru':80
- 'pg####rutisu.info':80
- 'os####lswbny.co.uk':80
- 'xn####wrrdfta.biz':80
- 'xw####adrsdpk.com':80
- 'xl####upfgopl.info':80
- 'ys####xpsrvxw.biz':80
- 'ym####pqepvcj.net':80
- 'tn####wjgdvjy.ru':80
- 'tc####rvtqhjh.biz':80
- 'wv####fcsjvdd.co.uk':80
- 'ud####mwsaovx.org':80
- 'fg####vqbgtdn.net':80
- 'qg####ficidqg.com':80
- 'hl####vfqmwkl.ru':80
- 'sk####apyhtpn.biz':80
- 'bw####swpqmwn.org':80
- 'mw####coqsvkn.ru':80
- 'dc####bjehdep.info':80
- 'ob####wvnrmjn.co.uk':80
- 'sm####cihtowy.net':80
- 'tg####aoxbpbg.org':80
- 'ss####tjtjunh.ru':80
- 'vo####npmpirg.info':80
- 'ub####hkixnex.co.uk':80
- 'rq####igupjdg.com':80
- '18#.#64.136.134':80
- 'ty####vhjectn.biz':80
- 'sl####pcfmhgf.net':80
- 'ch####uthjuda.co.uk':80
- 'od####hxuoqya.org':80
- 'di####pugscpx.com':80
- 'pe####cytxxlh.info':80
- 'xx####ravtnwh.net':80
- 'kt####eejyjsh.com':80
- 'yy####mbudujx.ru':80
- 'lu####yfiiqfh.biz':80
- 'lq####ttevvvk.co.uk':80
- 'kb####egrydjl.org':80
- 'bu####paxxqle.com':80
- 'nq####lbawqyn.info':80
- 'jb####sywpjyg.net':80
- 'il####dlksqmh.com':80
- 'kp####gfielst.ru':80
- 'ja####qrvhsgl.biz':80
- 'fo####evypqqe.info':80
- 'rk####awboqee.co.uk':80
- 'wy####pkvuopb.net':80
- 'vj####jqxrrlc.com':80
- 'dy####dbrjetl.biz':80
- 'pu####yctiehl.net':80
- 'dk####qufedie.org':80
- 'pg####mvhddvn.ru':80
- 'ia####fkbxyvi.info':80
- 'ny####tgybupn.biz':80
- 'mk####fsafbuo.net':80
- 'yr####rsqgbfi.org':80
- 'oo####aawertv.ru':80
- 'jp####qmnlnjc.co.uk':80
- 'ib####cyoptok.org':80
- 'lu####yycceqp.com':80
- 'kf####wgloknk.info':80
- 'ci####gctexfi.ru':80
- 'ol####gjkhrgi.biz':80
- 'hk####pwobgja.co.uk':80
- 'pm####txgycjy.org':80
- 'as####fhmxlip.info':80
- 'mv####fodbfji.co.uk':80
- 'bh####snxmnci.net':80
- 'nw####sdyspmg.com':80
UDP:
- DNS ASK we####hbdqno.co.uk
- DNS ASK vq####rvppxb.org
- DNS ASK xf####inrtkp.com
- DNS ASK wr####siesuc.info
- DNS ASK hd####xfjaeh.net
- DNS ASK tb####krvjql.com
- DNS ASK ie###byrxdbi.ru
- DNS ASK uc####lekmnm.biz
- DNS ASK tv####aohkrf.info
- DNS ASK gt####vhkntr.co.uk
- DNS ASK va####bntfrs.net
- DNS ASK ix####wgwitf.com
- DNS ASK yt####xmgwou.biz
- DNS ASK xg####ihsvyh.net
- DNS ASK au####yyualv.org
- DNS ASK yh###ijthyvi.ru
- DNS ASK go####iguwac.info
- DNS ASK lq####inxfdsn.net
- DNS ASK bs####egwmoum.com
- DNS ASK mr####dowokfn.ru
- DNS ASK ys####vjhkobn.biz
- DNS ASK xy####klfxein.org
- DNS ASK yd####dlpgcxi.ru
- DNS ASK ad####xmyjrqe.info
- DNS ASK yo####qfdbbmm.co.uk
- DNS ASK rl###itgsdpf.ru
- DNS ASK du####lyakcu.biz
- DNS ASK sm####ushgmg.co.uk
- DNS ASK fn####htgtdb.org
- DNS ASK pa####xifrqxr.co.uk
- DNS ASK at####qkgtvne.org
- DNS ASK ch####fwddwy.net
- DNS ASK bq####dmhfhp.com
- DNS ASK fc####jplmktok.ru
- DNS ASK fm####kbbxsqwp.biz
- DNS ASK io#####fyfvrsm.co.uk
- DNS ASK gr####fycyjnna.org
- DNS ASK bk####tbryjyam.info
- DNS ASK nj#####rhewrsf.co.uk
- DNS ASK ew####orkltwoq.net
- DNS ASK oo####npifnoqt.com
- DNS ASK ek####sqmfijvx.org
- DNS ASK pg####ibhaplvn.ru
- DNS ASK gt####ytciymxd.info
- DNS ASK ro#####lgqbdve.co.uk
- DNS ASK jt####kdagmoay.com
- DNS ASK je####loprulbs.info
- DNS ASK cc####xgnowrfq.biz
- DNS ASK kj####gmqsliyv.net
- DNS ASK af####ydqxscsl.org
- DNS ASK lm####akehrb.com
- DNS ASK ky####tihamf.info
- DNS ASK nq####bjqcro.biz
- DNS ASK md####uhtums.net
- DNS ASK vl###iqakqsl.ru
- DNS ASK ij####msntux.biz
- DNS ASK xp####rywlsy.co.uk
- DNS ASK kn####nraoul.org
- DNS ASK jr####reskuwai.net
- DNS ASK vn####xpceqhav.com
- DNS ASK kw####mctlltqe.ru
- DNS ASK ws####sndfheae.biz
- DNS ASK nc####qvhnsh.org
- DNS ASK mo###sktkgnl.ru
- DNS ASK pg####rutisu.info
- DNS ASK os####lswbny.co.uk
- DNS ASK ym####pqepvcj.net
- DNS ASK xw####adrsdpk.com
- DNS ASK mw####coqsvkn.ru
- DNS ASK ys####xpsrvxw.biz
- DNS ASK ud####mwsaovx.org
- DNS ASK tn####wjgdvjy.ru
- DNS ASK xl####upfgopl.info
- DNS ASK wv####fcsjvdd.co.uk
- DNS ASK sk####apyhtpn.biz
- DNS ASK fg####vqbgtdn.net
- DNS ASK ib####cyoptok.org
- DNS ASK hl####vfqmwkl.ru
- DNS ASK ob####wvnrmjn.co.uk
- DNS ASK bw####swpqmwn.org
- DNS ASK qg####ficidqg.com
- DNS ASK dc####bjehdep.info
- DNS ASK tc####rvtqhjh.biz
- DNS ASK ub####hkixnex.co.uk
- DNS ASK tg####aoxbpbg.org
- DNS ASK kt####eejyjsh.com
- DNS ASK vo####npmpirg.info
- DNS ASK sl####pcfmhgf.net
- DNS ASK rq####igupjdg.com
- DNS ASK ss####tjtjunh.ru
- DNS ASK ty####vhjectn.biz
- DNS ASK pe####cytxxlh.info
- DNS ASK ch####uthjuda.co.uk
- DNS ASK sm####cihtowy.net
- DNS ASK di####pugscpx.com
- DNS ASK lu####yfiiqfh.biz
- DNS ASK xx####ravtnwh.net
- DNS ASK od####hxuoqya.org
- DNS ASK yy####mbudujx.ru
- DNS ASK nq####lbawqyn.info
- DNS ASK lq####ttevvvk.co.uk
- DNS ASK pu####yctiehl.net
- DNS ASK bu####paxxqle.com
- DNS ASK ja####qrvhsgl.biz
- DNS ASK jb####sywpjyg.net
- DNS ASK kb####egrydjl.org
- DNS ASK kp####gfielst.ru
- DNS ASK vj####jqxrrlc.com
- DNS ASK fo####evypqqe.info
- DNS ASK xn####wrrdfta.biz
- DNS ASK wy####pkvuopb.net
- DNS ASK pg####mvhddvn.ru
- DNS ASK dy####dbrjetl.biz
- DNS ASK rk####awboqee.co.uk
- DNS ASK dk####qufedie.org
- DNS ASK il####dlksqmh.com
- DNS ASK oo####aawertv.ru
- DNS ASK ny####tgybupn.biz
- DNS ASK mv####fodbfji.co.uk
- DNS ASK yr####rsqgbfi.org
- DNS ASK kf####wgloknk.info
- DNS ASK jp####qmnlnjc.co.uk
- DNS ASK mk####fsafbuo.net
- DNS ASK lu####yycceqp.com
- DNS ASK pm####txgycjy.org
- DNS ASK ci####gctexfi.ru
- DNS ASK ia####fkbxyvi.info
- DNS ASK hk####pwobgja.co.uk
- DNS ASK nw####sdyspmg.com
- DNS ASK as####fhmxlip.info
- DNS ASK ol####gjkhrgi.biz
- DNS ASK bh####snxmnci.net
Другое:
Ищет следующие окна:
- ClassName: 'Indicator' WindowName: '(null)'
