Техническая информация
Для обеспечения автозапуска и распространения:
Создает или изменяет следующие файлы:
- %WINDIR%\Tasks\SA.DAT
Вредоносные функции:
Запускает на исполнение:
- '<SYSTEM32>\svchost.exe' -k netsvcs
Изменения в файловой системе:
Создает следующие файлы:
- %CommonProgramFiles%\Microsoft Shared\Stationery\njbsvtll.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\ehbebsrn.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\bnbtzwxt.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\nsqjttkv.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\jjjthqtn.exe
- %PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\cpow\ketssrzn.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\brvrjrke.exe
- %CommonProgramFiles%\System\ado\tsektjkj.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\tlcwjrwt.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\xrljqjzn.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\bcwvzwbh.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\vkjljzrn.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\bhrhnkht.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\elwtjnbj.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\bzqlkhrh.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\czjevcet.exe
- %CommonProgramFiles%\Microsoft Shared\Stationery\qjllsjhl.exe
Сетевая активность:
Подключается к:
- '80.##.180.124':139
- '80.##.147.253':445
- '80.##.47.249':445
- '80.##.190.38':445
- '80.##.56.119':445
- '80.##.210.244':445
- '80.##.168.86':139
- '80.##.167.162':139
- '80.##.250.193':139
- '80.##.38.244':445
- '80.##.125.39':445
- '80.##.180.124':445
- '80.##.155.104':445
- '80.##.174.45':445
- '80.##.85.189':445
- '80.##.189.72':445
- '80.#0.78.94':445
- '80.##.173.51':445
- '80.##.137.210':445
- '80.##.123.202':445
- '80.##.214.153':445
- '80.##.125.39':139
- '80.##.54.156':445
- '80.#0.99.67':445
- '80.##.43.105':445
- '80.##.107.93':139
- '80.##.150.226':139
- '80.##.44.203':139
- '80.##.20.174':139
- '80.##.162.214':139
- '80.##.24.232':139
- '80.##.73.125':139
- '80.##.176.158':139
- '80.##.104.249':139
- '80.##.151.228':139
- '80.##.33.121':139
- '80.##.119.33':139
- '80.#0.73.2':139
- '80.##.112.94':445
- '80.##.161.197':445
- '80.#0.24.34':139
- '80.#0.96.77':139
- '80.##.218.96':139
- '80.##.43.219':139
- '80.##.171.140':139
- '80.##.63.149':139
- '80.##.104.59':139
- '80.##.203.137':139
- '80.##.247.151':139
- '80.##.77.140':139
- '80.##.47.249':139
- '80.##.56.119':139
- '80.##.38.244':139
- '80.##.190.38':139
- '80.##.155.104':139
- '80.##.210.244':139
- '80.##.110.182':445
- '80.#0.27.31':445
- '80.##.96.109':445
- '80.##.119.100':445
- '80.#0.102.6':445
- '80.#0.81.79':445
- '80.##.147.253':139
- '80.#0.54.82':139
- '80.##.138.33':139
- '80.##.137.210':139
- '80.##.135.244':139
- '80.##.173.51':139
- '80.##.66.178':139
- '80.##.189.72':139
- '80.##.214.153':139
- '80.##.43.105':139
- '80.##.174.45':139
- '80.##.54.156':139
- '80.##.85.189':139
- '80.##.164.195':445
- '80.##.183.106':445
- '80.#0.54.82':445
- '80.##.118.127':445
- '80.#0.89.62':445
- '80.##.139.33':445
- '80.##.34.105':445
- '80.##.66.178':445
- '80.##.135.244':445
- '80.##.34.119':445
- '80.##.37.254':445
- '80.##.138.33':445
- '80.##.214.56':445
- '80.##.213.108':445
- '80.##.135.76':445
- '80.##.64.100':445
- '80.##.200.189':445
- '80.##.99.212':445
- '80.#0.3.61':445
- '80.##.211.137':445
- '80.##.142.200':445
- '80.#0.6.161':445
- '80.##.251.229':445
- '80.##.133.133':445
- '80.##.215.123':445
- '80.##.112.180':445
- '80.#0.33.78':445
- '80.##.213.95':445
- '80.##.133.93':445
- '80.##.55.162':445
- '80.##.167.142':445
- '80.##.147.55':139
- '80.##.178.204':139
- '80.##.147.55':445
- '80.##.154.76':445
- '80.##.169.154':445
- '80.#0.3.247':445
- '80.##.192.112':445
- '80.##.87.197':445
- '80.##.72.215':445
- '80.##.103.229':445
- '80.##.36.195':445
- '80.#0.34.36':445
- '80.##.36.224':445
- '80.##.189.57':445
- '80.##.40.233':445
- '80.##.26.126':445
- '80.#0.91.21':445
- '80.##.201.55':445
- '80.##.155.149':445
- '80.##.85.101':139
- '80.##.123.77':139
- '80.##.49.215':445
- '80.#0.54.70':139
- '80.##.191.20':139
- '80.##.191.20':445
- '80.##.83.155':139
- '80.##.71.223':139
- '80.##.78.161':139
- '80.##.17.222':139
- '80.##.210.138':139
- '80.##.186.209':139
- '80.##.52.238':139
- '80.##.82.150':139
- '80.#0.90.92':139
- '80.##.133.209':139
- '80.##.178.204':445
- '80.##.87.178':139
- '80.#0.16.87':139
- '80.#0.46.44':139
- '80.##.143.127':139
- '80.##.96.151':139
- '80.##.189.133':139
- '80.##.137.189':139
- '80.##.247.133':139
- '80.##.167.142':139
- '80.##.112.180':139
- '80.#0.33.78':139
- '80.##.192.112':139
- '80.##.133.93':139
- '80.##.55.162':139
- '80.#0.3.247':139
- '80.##.168.86':445
- '80.##.167.162':445
- '80.##.213.95':139
- '80.##.154.76':139
- '80.##.169.154':139
- '80.##.26.126':139
- '80.##.36.224':139
- '80.##.87.197':139
- '80.##.72.215':139
- '80.#0.35.62':139
- '80.##.36.195':139
- '80.#0.34.36':139
- '80.##.155.149':139
- '80.##.189.57':139
- '80.##.40.233':139
- '80.##.103.229':139
- '80.#0.91.21':139
- '80.##.201.55':139
- '80.##.150.226':445
- '80.##.44.203':445
- '80.##.151.228':445
- '80.##.162.214':445
- '80.##.24.232':445
- '80.##.107.93':445
- '80.##.176.158':445
- '80.##.104.249':445
- '80.#0.35.62':445
- '80.##.33.121':445
- '80.##.119.33':445
- '80.##.73.125':445
- '80.##.20.174':445
- '80.##.43.219':445
- '80.#0.24.34':445
- '80.##.203.137':445
- '80.##.250.193':445
- '80.#0.96.77':445
- '80.##.218.96':445
- '80.##.63.149':445
- '80.##.104.59':445
- '80.#0.73.2':445
- '80.##.247.151':445
- '80.##.77.140':445
- '80.##.171.140':445
- '80.##.123.202':139
- '80.##.207.226':445
- '80.##.244.84':445
- '80.##.225.176':445
- '80.#0.26.34':445
- '80.#0.39.17':445
- '80.#0.27.63':445
- '80.##.137.119':445
- '80.##.111.124':445
- '80.#0.1.48':445
- '80.##.213.24':445
- '80.##.123.69':445
- '80.#0.20.81':445
- '80.##.166.15':445
- '80.##.67.203':445
- '80.##.125.253':445
- '80.#0.13.49':445
- '80.#0.80.13':139
- '80.##.90.146':445
- '80.##.114.177':445
- '80.##.17.246':445
- '80.##.226.186':445
- '80.##.27.173':445
- '80.##.118.186':445
- '80.#0.11.95':445
- '80.##.229.46':445
- '80.##.29.129':445
- '80.##.19.117':445
- '80.##.88.246':445
- '80.##.103.48':445
- '80.##.25.110':445
- '80.##.105.129':445
- '80.##.25.150':445
- '80.##.12.218':445
- '80.#0.0.21':445
- '80.#0.0.179':445
- '80.##.224.25':445
- '80.##.34.198':445
- '80.##.84.152':445
- '80.##.66.212':445
- '80.#0.8.164':445
- '80.##.216.176':445
- '80.##.247.142':445
- '80.##.130.29':445
- '80.#0.31.80':445
- '80.##.14.174':445
- '80.##.221.42':445
- '80.##.237.106':445
- '80.#0.1.7':445
- '80.#0.4.133':445
- '80.##.42.237':445
- '80.##.213.24':139
- '80.##.225.176':139
- '80.##.244.84':139
- '80.##.166.15':139
- '80.#0.27.63':139
- '80.##.207.226':139
- '80.##.111.124':139
- '80.##.123.69':139
- '80.##.66.212':139
- '80.#0.1.48':139
- '80.##.137.119':139
- '80.#0.20.81':139
- '80.##.27.173':139
- '80.#0.13.49':139
- '80.##.17.246':139
- '80.##.229.46':139
- '80.##.90.146':139
- '80.##.114.177':139
- '80.##.67.203':139
- '80.##.226.186':139
- '80.#0.26.34':139
- '80.#0.39.17':139
- '80.##.125.253':139
- '80.##.118.186':139
- '80.#0.11.95':139
- '80.##.105.129':139
- '80.##.19.117':139
- '80.##.34.198':139
- '80.##.88.246':139
- '80.##.103.48':139
- '80.##.25.110':139
- '80.##.12.218':139
- '80.#0.0.21':139
- '80.##.56.107':139
- '80.##.224.25':139
- '80.##.25.150':139
- '80.#0.0.179':139
- '80.##.29.129':139
- '80.#0.8.164':139
- '80.#0.1.7':139
- '80.##.216.176':139
- '80.#0.31.80':139
- '80.##.130.29':139
- '80.##.247.142':139
- '80.##.84.152':139
- '80.##.221.42':139
- '80.##.42.237':139
- '80.#0.4.133':139
- '80.##.237.106':139
- '80.##.14.174':139
- '80.#0.1.80':445
- '80.#0.1.68':445
- '80.#0.79.95':139
- '80.##.95.131':139
- '80.##.231.26':445
- '80.##.142.30':445
- '80.##.95.131':445
- '80.##.213.108':139
- '80.##.99.212':139
- '80.#0.81.79':139
- '80.#0.79.95':445
- '80.##.119.100':139
- '80.#0.63.28':445
- '80.##.102.189':445
- '80.##.176.194':445
- '80.#0.42.20':445
- '80.##.188.42':445
- '80.##.104.180':445
- '80.##.145.77':445
- '80.##.217.47':445
- '80.#0.83.70':445
- '80.#0.7.93':445
- '80.##.124.84':445
- '80.##.132.187':445
- '80.##.115.124':445
- '80.##.34.119':139
- '80.##.34.105':139
- '80.##.135.76':139
- '80.##.164.195':139
- '80.##.37.254':139
- '80.##.183.106':139
- '80.#0.89.62':139
- '80.##.133.133':139
- '80.#0.99.67':139
- '80.#0.6.161':139
- '80.#0.78.94':139
- '80.##.118.127':139
- '80.##.139.33':139
- '80.#0.102.6':139
- '80.##.110.182':139
- '80.##.214.56':139
- '80.#0.27.31':139
- '80.##.96.109':139
- '80.##.200.189':139
- '80.##.251.229':139
- '80.##.215.123':139
- '80.##.211.137':139
- '80.#0.3.61':139
- '80.##.142.200':139
- '80.##.64.100':139
- '80.##.130.129':139
- '80.##.158.60':139
- '80.##.255.61':139
- '80.##.16.116':139
- '80.##.188.189':139
- '80.##.25.157':139
- '80.##.148.100':139
- '80.#0.42.20':139
- '80.##.176.194':139
- '80.#0.45.71':139
- '80.##.145.77':139
- '80.##.115.124':139
- '80.##.247.142':9988
- '80.##.123.69':9988
- '80.##.67.203':9988
- '80.#0.13.49':9988
- '80.##.56.107':445
- '80.#0.80.13':445
- '80.##.90.146':9988
- '80.##.84.152':9988
- '80.#0.4.133':9988
- '80.##.19.117':9988
- '80.##.14.174':9988
- '80.##.207.226':9988
- '80.##.118.186':9988
- '80.##.16.116':445
- '80.##.25.157':445
- '80.##.130.129':445
- '80.##.142.30':139
- '80.#0.7.93':139
- '80.##.188.189':445
- '80.#0.45.71':445
- '80.##.148.100':445
- '80.##.101.13':445
- '80.##.158.60':445
- '80.##.255.61':445
- '80.##.21.125':445
- '80.#0.1.80':139
- '80.##.21.125':139
- '80.##.102.189':139
- '80.##.188.42':139
- '80.##.101.13':139
- '80.##.104.180':139
- '80.##.124.84':139
- '80.##.231.26':139
- '80.#0.63.28':139
- '80.#0.1.68':139
- '80.##.132.187':139
- '80.##.217.47':139
- '80.#0.83.70':139
