Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Classes\ACDSee.png\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.ppm\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.psd\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.pgm\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.pic\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.pict\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.psp\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.tiff\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.wmf\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.xif\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.rle\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.tga\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.tif\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.emf\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.gif\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.jfif\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.bmp\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.dcx\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.dib\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.jif\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.pbm\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.pct\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.pcx\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.jpe\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.jpeg\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
- [<HKLM>\SOFTWARE\Classes\ACDSee.jpg\shell\Open\command] '' = '"%APPDATA%\ACDSee5\ACDSee5.exe" "%1"'
Вредоносные функции:
Создает и запускает на исполнение:
- '%APPDATA%\ACDSee5\IDBSvr.exe' -Embedding
- '%APPDATA%\ACDSee5\ACDSee5.exe'
Запускает на исполнение:
- '<SYSTEM32>\rundll32.exe' advpack.dll LaunchINFSection %APPDATA%\ACDSee5\reg.inf,DefaultInstall,1,N
- '%WINDIR%\regedit.exe' /s %TEMP%\unreg
Изменения в файловой системе:
Создает следующие файлы:
- %APPDATA%\ACDSee5\HHActiveX.dll
- %APPDATA%\ACDSee5\IDBSvrps.dll
- %APPDATA%\ACDSee5\ipwssl5.dll
- %APPDATA%\ACDSee5\EITCC_ZoomBlur.dll
- %APPDATA%\ACDSee5\ExtDB.dll
- %APPDATA%\ACDSee5\FilterDlgUI.dll
- %APPDATA%\ACDSee5\ShellIntMgr.dll
- %APPDATA%\ACDSee5\SoundLib.dll
- %APPDATA%\ACDSee5\TransportIrCOMM.dll
- %APPDATA%\ACDSee5\msvcp60.dll
- %APPDATA%\ACDSee5\Roboex32.dll
- %APPDATA%\ACDSee5\ScreenCapture.dll
- %APPDATA%\ACDSee5\EITCC_Wind.dll
- %APPDATA%\ACDSee5\EITCC_SheetMetal.dll
- %APPDATA%\ACDSee5\EITCC_Shift.dll
- %APPDATA%\ACDSee5\EITCC_Solarize.dll
- %APPDATA%\ACDSee5\EITCC_RadialBlur.dll
- %APPDATA%\ACDSee5\EITCC_Ripple.dll
- %APPDATA%\ACDSee5\EITCC_ScatteredTiles.dll
- %APPDATA%\ACDSee5\EITCC_TopographicMap.dll
- %APPDATA%\ACDSee5\EITCC_UnsharpMask.dll
- %APPDATA%\ACDSee5\EITCC_UserDefinedConvolution.dll
- %APPDATA%\ACDSee5\EITCC_Spread.dll
- %APPDATA%\ACDSee5\EITCC_Sunspot.dll
- %APPDATA%\ACDSee5\EITCC_Swirl.dll
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\CATPATH.DB2
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\CATPATH.CDX
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\CATFILE.DB3
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\TIMELINE.CDX
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\CATID.DB1
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\CATID.CDX
- %TEMP%\AVC2793D.AVI
- %TEMP%\acd2.tmp
- %APPDATA%\ACDSee5\pz
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\CATFILE.CDX
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\LOCKDATA.DBL
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\LOCKDATA.CDX
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\TIMELINE.DBT
- %TEMP%\unreg
- %APPDATA%\ACD Systems\ImageDB\ImageDB.ddf
- %APPDATA%\ACD Systems\ImageDB\ImageDB.dtf
- %APPDATA%\ACDSee5\TransportIrDA.dll
- %APPDATA%\ACDSee5\TransportSerial.dll
- %APPDATA%\ACDSee5\TransportUSB.dll
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\PATHID.CDX
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\FILEID.DBD
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\FILEID.CDX
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\IDUNIQUE.DBU
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\IDUNIQUE.CDX
- %APPDATA%\ACD Systems\ImageDB\ExtendedDB\PATHID.DBP
- %APPDATA%\ACDSee5\EITCC_Posterize.dll
- %APPDATA%\ACDSee5\ID_ICO.apl
- %APPDATA%\ACDSee5\ID_PIC.apl
- %APPDATA%\ACDSee5\ID_Pict.apl
- %APPDATA%\ACDSee5\IDE_Adobe.apl
- %APPDATA%\ACDSee5\IDE_PSD.apl
- %APPDATA%\ACDSee5\ID_ICN.apl
- %APPDATA%\ACDSee5\reg.inf
- %APPDATA%\ACDSee5\ACDSee.sip
- %APPDATA%\ACDSee5\Tips.tip
- %APPDATA%\ACDSee5\ID_PNM.apl
- %APPDATA%\ACDSee5\ID_PS.apl
- %APPDATA%\ACDSee5\ID_PSP.apl
- %APPDATA%\ACDSee5\IDE_ACDStd.apl
- %APPDATA%\ACDSee5\unreg.reg
- %APPDATA%\ACDSee5\AX_RAR.apl
- %APPDATA%\ACDSee5\CX_Archive.apl
- %TEMP%\Acdsee.tmp
- %APPDATA%\ACDSee5\ico.bmp
- %APPDATA%\ACDSee5\ico.ico
- %APPDATA%\ACDSee5\DC_Digita.apl
- %APPDATA%\ACDSee5\DC_SII.apl
- %APPDATA%\ACDSee5\DC_WIA.apl
- %APPDATA%\ACDSee5\CX_ContactSheet.apl
- %APPDATA%\ACDSee5\CX_DFinder.apl
- %APPDATA%\ACDSee5\CX_HTML.apl
- %APPDATA%\ACDSee5\EITCC_ColoredEdges.dll
- %APPDATA%\ACDSee5\EITCC_Contours.dll
- %APPDATA%\ACDSee5\EITCC_Dauber.dll
- %APPDATA%\ACDSee5\EITCC_BathroomWindow.dll
- %APPDATA%\ACDSee5\EITCC_Blinds.dll
- %APPDATA%\ACDSee5\EITCC_Bulge.dll
- %APPDATA%\ACDSee5\EITCC_Mirror.dll
- %APPDATA%\ACDSee5\EITCC_Pixelate.dll
- %APPDATA%\ACDSee5\EITCC_PixelExplosion.dll
- %APPDATA%\ACDSee5\EITCC_FurryEdges.dll
- %APPDATA%\ACDSee5\EITCC_LinearBlur.dll
- %APPDATA%\ACDSee5\EITCC_MedianNoiseRemoval.dll
- %APPDATA%\ACDSee5\EITCC_AddNoise.dll
- %APPDATA%\ACDSee5\IDBSvr.exe
- %APPDATA%\ACDSee5\ACDAppInfo.dll
- %APPDATA%\ACDSee5\ACDCLClient.dll
- %APPDATA%\ACDSee5\ACDSee5.exe
- %APPDATA%\ACDSee5\DigitaCap.exe
- %APPDATA%\ACDSee5\FotoCanvas2.exe
- %APPDATA%\ACDSee5\ACDInTouch.dll
- %APPDATA%\ACDSee5\digitacam.dll
- %APPDATA%\ACDSee5\EITCCBase.dll
- %APPDATA%\ACDSee5\acdcp.dll
- %APPDATA%\ACDSee5\ACDFullLicense.dll
- %APPDATA%\ACDSee5\ACDInfo.dll
Удаляет следующие файлы:
- %TEMP%\acd2.tmp
- %TEMP%\AVC2793D.AVI
Сетевая активность:
Подключается к:
- 'up.##dsee5.com':80
- '12#.#25.114.144':80
TCP:
Запросы HTTP GET:
- up.##dsee5.com/acdsee
- 12#.#25.114.144/
UDP:
- DNS ASK up.##dsee5.com
- DNS ASK www.ba##u.com
Другое:
Ищет следующие окна:
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'RegEdit_RegEdit' WindowName: ''
