Trojan.DownLoader9.54251

Добавлен в вирусную базу Dr.Web: 2013-07-25

Описание добавлено: 2014-10-04

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'tyctumqafcyv' = '%HOMEPATH%\tyctumqafcyv.exe'

Изменения в файловой системе:

Создает следующие файлы:

%APPDATA%\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2832440558-3064306045-1455513625-1000\7ee83745df35bad5ccfc8cd8875de253_97c09787-6498-4b10-8f65-9471d842c55e
%HOMEPATH%\tyctumqafcyv.exe

Сетевая активность:

Подключается к:

'gr###train.coop':80
'ge###r.gen.tr':80
'ar####esajandek.hu':80
'sz##tka.com':80
're####efield.co.uk':80
'ss#####ginggroup.com':80
'eo##.net':80
'bi#####sbeefjerky.com':80
'ka###hal.com':80
'th###tospas.com':80
'un#####arthgroup.com':80
'ph###type.com':80
'or####networks.net':80
'hi##ken.com':80
'yo###omla.com':80
'vi###ria.com.pl':80
'xu###iao.com':80
'ha####ltimedia.com':80
'sl##go.org':80
'sc####inpeach.com':80
'c2##du.com':80
'ra######ckwarehouse.com.au':80
's2#.fr':80
'ac###nvestor.ca':80
'co##tney.ca':80
'si####etalsinc.com':80
'pl#s.ba':80
'ad####ivechat.us':80
'ms##ys.com':80
'fu###o-lab.com':80
'ma#####siecologia.com':80
'ul##dsu.org':80
'www.tr###rush.com':80
'et###les.com':80
'br###ndia.com':80
'gj#.com.pl':80
'au##ma.it':80
'sz###tufi.com':80
'to#####rthcare.com.au':80
'be#####aelcenter.org':80
'x-#####ommunications.de':80
'br####nternet.nl':80
'su###france.com':80
'ko###hi-hp.com':80
'ea####rmations.net':80
'im###.com.pl':80
'ix###ctor.com':80
'le####shipforum.us':80
'ws#####rontheweb.com':80
'mo#####-vacaciones.com':80
'be#####rebusiness.org':80
'ma####ntralaya.com':80
'me#####-jacquelin.com':80
'ch####-select.com':80
'av##ay.com':80
'ch####clothes.com':80
'th####ofhair.com':80
'je###atz.com':80
'co###ne.or.id':80
'e-###ukyaku.com':80
'do##sf.com':80
'sc##edel.it':80
'el###rno.com':80
'mi####io-teatras.lt':80
'sm##.live.com':25
'67.##5.160.76':25
'bo#r.cz':80
'hi###nwiese.de':80
'ag##rno.ru':80
'ze###et.co.jp':80
'sh###yspizza.ph':80
'pa###enna.com':80
'e-###ami.com':80
'no###uroya.com':80
'ma###egor.co.kr':80
'ma####grimes.co.uk':80
'te###ra.co.jp':80
'ta##i.com':80
'el##ys.com':80
'we####llsstl.org':80
'ru###eberg.com':80
'gr###web.net':80
'sh###ales.co.uk':80
'd4###edia.com':80
'st###edia.ca':80
'th######inghouseltd.co.uk':80
'ni####ictionary.com':80
'ck###obal.net':80
'en####odrigo.com.br':80
'co####permarkt.nl':80
'se##door.pl':80
'li####ist-uk.com':80
'sh###zil.com':80
'so#####rganizing.com':80
'bi#####ultimedia.com':80
'ac#####oambiente.com':80
'fl####adoubled.com':80

TCP:

Запросы HTTP POST:

ge###r.gen.tr/
ar####esajandek.hu/
gr###train.coop/
re####efield.co.uk/
ss#####ginggroup.com/
th###tospas.com/
bi#####sbeefjerky.com/
ka###hal.com/
eo##.net/
un#####arthgroup.com/
ph###type.com/
sz##tka.com/
hi##ken.com/
yo###omla.com/
or####networks.net/
xu###iao.com/
ha####ltimedia.com/
ra######ckwarehouse.com.au/
sc####inpeach.com/
c2##du.com/
sl##go.org/
s2#.fr/
ac###nvestor.ca/
be#####aelcenter.org/
si####etalsinc.com/
pl#s.ba/
co##tney.ca/
ms##ys.com/
fu###o-lab.com/
et###les.com/
ul##dsu.org/
www.tr###rush.com/
ma#####siecologia.com/
br###ndia.com/
gj#.com.pl/
ad####ivechat.us/
sz###tufi.com/
to#####rthcare.com.au/
au##ma.it/
x-#####ommunications.de/
br####nternet.nl/
im###.com.pl/
ko###hi-hp.com/
ea####rmations.net/
su###france.com/
ix###ctor.com/
le####shipforum.us/
vi###ria.com.pl/
ma####ntralaya.com/
co###ne.or.id/
be#####rebusiness.org/
av##ay.com/
mo#####-vacaciones.com/
e-###ukyaku.com/
je###atz.com/
en####odrigo.com.br/
th####ofhair.com/
do##sf.com/
ch####clothes.com/
ch####-select.com/
sh###yspizza.ph/
pa###enna.com/
el###rno.com/
bo#r.cz/
sc##edel.it/
mi####io-teatras.lt/
ze###et.co.jp/
me#####-jacquelin.com/
ag##rno.ru/
e-###ami.com/
hi###nwiese.de/
co####permarkt.nl/
ma####grimes.co.uk/
sh###ales.co.uk/
ma###egor.co.kr/
el##ys.com/
no###uroya.com/
d4###edia.com/
gr###web.net/
ws#####rontheweb.com/
ru###eberg.com/
st###edia.ca/
we####llsstl.org/
ta##i.com/
ck###obal.net/
bi#####ultimedia.com/
ni####ictionary.com/
se##door.pl/
th######inghouseltd.co.uk/
ac#####oambiente.com/
so#####rganizing.com/
te###ra.co.jp/
sh###zil.com/
fl####adoubled.com/
li####ist-uk.com/

UDP:

DNS ASK to#####rthcare.com.au
DNS ASK im###.com.pl
DNS ASK ix###ctor.com
DNS ASK sz###tufi.com
DNS ASK x-#####ommunications.de
DNS ASK br####nternet.nl
DNS ASK au##ma.it
DNS ASK ad####ivechat.us
DNS ASK ms##ys.com
DNS ASK fu###o-lab.com
DNS ASK ea####rmations.net
DNS ASK le####shipforum.us
DNS ASK su###france.com
DNS ASK ko###hi-hp.com
DNS ASK be#####aelcenter.org
DNS ASK ss#####ginggroup.com
DNS ASK gr###train.coop
DNS ASK ge###r.gen.tr
DNS ASK re####efield.co.uk
DNS ASK sc####inpeach.com
DNS ASK c2##du.com
DNS ASK sz##tka.com
DNS ASK eo##.net
DNS ASK bi#####sbeefjerky.com
DNS ASK ka###hal.com
DNS ASK ph###type.com
DNS ASK ar####esajandek.hu
DNS ASK th###tospas.com
DNS ASK un#####arthgroup.com
DNS ASK co##tney.ca
DNS ASK ho###hd.com.br
DNS ASK br####arm.com.au
DNS ASK ey###oup.com
DNS ASK nd####nementiel.com
DNS ASK tr###alau.com
DNS ASK wi#####emarketing.com
DNS ASK zi####rbatului.ro
DNS ASK fi###ara.com
DNS ASK to##x.ro
DNS ASK fa###nonline.de
DNS ASK ka##it.com
DNS ASK ar###2aa.org
DNS ASK pb##.com
DNS ASK lo###tic.com
DNS ASK ga###marine.com
DNS ASK gj#.com.pl
DNS ASK ma#####siecologia.com
DNS ASK ul##dsu.org
DNS ASK br###ndia.com
DNS ASK si####etalsinc.com
DNS ASK pl#s.ba
DNS ASK et###les.com
DNS ASK pa###ball.be
DNS ASK tr####y-works.com
DNS ASK no##-k.com
DNS ASK fr#####ckallergy.com
DNS ASK www.tr###rush.com
DNS ASK ry###chi-jp.com
DNS ASK ch####ybarry.com
DNS ASK sl##go.org
DNS ASK co###ne.or.id
DNS ASK e-###ukyaku.com
DNS ASK do##sf.com
DNS ASK ma####ntralaya.com
DNS ASK av##ay.com
DNS ASK mo#####-vacaciones.com
DNS ASK be#####rebusiness.org
DNS ASK co####permarkt.nl
DNS ASK se##door.pl
DNS ASK th######inghouseltd.co.uk
DNS ASK en####odrigo.com.br
DNS ASK ch####clothes.com
DNS ASK th####ofhair.com
DNS ASK je###atz.com
DNS ASK ch####-select.com
DNS ASK sc##edel.it
DNS ASK mi####io-teatras.lt
DNS ASK el###rno.com
DNS ASK bo#r.cz
DNS ASK sm##.live.com
DNS ASK sm##.#ail.yahoo.com
DNS ASK dn#.##ftncsi.com
DNS ASK ag##rno.ru
DNS ASK ze###et.co.jp
DNS ASK me#####-jacquelin.com
DNS ASK hi###nwiese.de
DNS ASK sh###yspizza.ph
DNS ASK pa###enna.com
DNS ASK e-###ami.com
DNS ASK ni####ictionary.com
DNS ASK ws#####rontheweb.com
DNS ASK vi###ria.com.pl
DNS ASK xu###iao.com
DNS ASK gr###web.net
DNS ASK st###edia.ca
DNS ASK we####llsstl.org
DNS ASK ru###eberg.com
DNS ASK ra######ckwarehouse.com.au
DNS ASK s2#.fr
DNS ASK ac###nvestor.ca
DNS ASK yo###omla.com
DNS ASK ha####ltimedia.com
DNS ASK or####networks.net
DNS ASK hi##ken.com
DNS ASK d4###edia.com
DNS ASK li####ist-uk.com
DNS ASK sh###zil.com
DNS ASK so#####rganizing.com
DNS ASK fl####adoubled.com
DNS ASK ck###obal.net
DNS ASK bi#####ultimedia.com
DNS ASK ac#####oambiente.com
DNS ASK ma###egor.co.kr
DNS ASK ma####grimes.co.uk
DNS ASK sh###ales.co.uk
DNS ASK no###uroya.com
DNS ASK te###ra.co.jp
DNS ASK ta##i.com
DNS ASK el##ys.com

Другое:

Ищет следующие окна:

ClassName: 'Indicator' WindowName: ''

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней