Техническая информация
Для обеспечения автозапуска и распространения:
Модифицирует следующие ключи реестра:
- [<HKLM>\SOFTWARE\Classes\Hacha\shell\open\command] '' = '%PROGRAM_FILES%\Company\NewProduct\hacha.exe %1'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'start' = 'k.vbs /startup'
Вредоносные функции:
Создает и запускает на исполнение:
- '%PROGRAM_FILES%\Company\NewProduct\hacha.exe'
Изменения в файловой системе:
Создает следующие файлы:
- %PROGRAM_FILES%\Company\NewProduct\Msvbvm50.dll
- %PROGRAM_FILES%\Company\NewProduct\readme.txt
- %PROGRAM_FILES%\Company\NewProduct\icon.ico
- %WINDIR%\k.vbs
- %PROGRAM_FILES%\Company\NewProduct\Thumbs.db
- %PROGRAM_FILES%\Company\NewProduct\Uninstall.ini
- %PROGRAM_FILES%\Company\NewProduct\Uninstall.exe
- %HOMEPATH%\Desktop\joiner.lnk
- %PROGRAM_FILES%\Company\NewProduct\AX.CHM
- %PROGRAM_FILES%\Company\NewProduct\axt.chm
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %PROGRAM_FILES%\Company\NewProduct\catalan.chm
- %PROGRAM_FILES%\Company\NewProduct\hacha.exe
- %PROGRAM_FILES%\Company\NewProduct\Hache.chm
- %PROGRAM_FILES%\Company\NewProduct\dmfull (1).jpg
- %PROGRAM_FILES%\Company\NewProduct\HACHA.CHM
Присваивает атрибут 'скрытый' для следующих файлов:
- %PROGRAM_FILES%\Company\NewProduct\Thumbs.db
Удаляет следующие файлы:
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
Другое:
Ищет следующие окна:
- ClassName: 'NMSCMW66' WindowName: ''
- ClassName: 'NMSCMW67' WindowName: ''
- ClassName: 'NMSCMW68' WindowName: ''
- ClassName: 'NMSCMW63' WindowName: ''
- ClassName: 'NMSCMW64' WindowName: ''
- ClassName: 'NMSCMW65' WindowName: ''
- ClassName: 'NMSCMW72' WindowName: ''
- ClassName: 'NMSCMW73' WindowName: ''
- ClassName: 'NMSCMW74' WindowName: ''
- ClassName: 'NMSCMW69' WindowName: ''
- ClassName: 'NMSCMW70' WindowName: ''
- ClassName: 'NMSCMW71' WindowName: ''
- ClassName: 'NMSCMW62' WindowName: ''
- ClassName: 'NMSCMW53' WindowName: ''
- ClassName: 'NMSCMW54' WindowName: ''
- ClassName: 'NMSCMW55' WindowName: ''
- ClassName: 'NMSCMW50' WindowName: ''
- ClassName: 'NMSCMW51' WindowName: ''
- ClassName: 'NMSCMW52' WindowName: ''
- ClassName: 'NMSCMW59' WindowName: ''
- ClassName: 'NMSCMW60' WindowName: ''
- ClassName: 'NMSCMW61' WindowName: ''
- ClassName: 'NMSCMW56' WindowName: ''
- ClassName: 'NMSCMW57' WindowName: ''
- ClassName: 'NMSCMW58' WindowName: ''
- ClassName: 'NMSCMW91' WindowName: ''
- ClassName: 'NMSCMW92' WindowName: ''
- ClassName: 'NMSCMW93' WindowName: ''
- ClassName: 'NMSCMW88' WindowName: ''
- ClassName: 'NMSCMW89' WindowName: ''
- ClassName: 'NMSCMW90' WindowName: ''
- ClassName: 'NMSCMW97' WindowName: ''
- ClassName: 'NMSCMW98' WindowName: ''
- ClassName: 'NMSCMW99' WindowName: ''
- ClassName: 'NMSCMW94' WindowName: ''
- ClassName: 'NMSCMW95' WindowName: ''
- ClassName: 'NMSCMW96' WindowName: ''
- ClassName: 'NMSCMW87' WindowName: ''
- ClassName: 'NMSCMW78' WindowName: ''
- ClassName: 'NMSCMW79' WindowName: ''
- ClassName: 'NMSCMW80' WindowName: ''
- ClassName: 'NMSCMW75' WindowName: ''
- ClassName: 'NMSCMW76' WindowName: ''
- ClassName: 'NMSCMW77' WindowName: ''
- ClassName: 'NMSCMW84' WindowName: ''
- ClassName: 'NMSCMW85' WindowName: ''
- ClassName: 'NMSCMW86' WindowName: ''
- ClassName: 'NMSCMW81' WindowName: ''
- ClassName: 'NMSCMW82' WindowName: ''
- ClassName: 'NMSCMW83' WindowName: ''
- ClassName: 'NMSCMW49' WindowName: ''
- ClassName: 'NMSCMW15' WindowName: ''
- ClassName: 'NMSCMW16' WindowName: ''
- ClassName: 'NMSCMW17' WindowName: ''
- ClassName: 'NMSCMW12' WindowName: ''
- ClassName: 'NMSCMW13' WindowName: ''
- ClassName: 'NMSCMW14' WindowName: ''
- ClassName: 'NMSCMW21' WindowName: ''
- ClassName: 'NMSCMW22' WindowName: ''
- ClassName: 'NMSCMW23' WindowName: ''
- ClassName: 'NMSCMW18' WindowName: ''
- ClassName: 'NMSCMW19' WindowName: ''
- ClassName: 'NMSCMW20' WindowName: ''
- ClassName: 'NMSCMW11' WindowName: ''
- ClassName: 'NMSCMW02' WindowName: ''
- ClassName: 'NMSCMW03' WindowName: ''
- ClassName: 'NMSCMW04' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'NMSCMW00' WindowName: ''
- ClassName: 'NMSCMW01' WindowName: ''
- ClassName: 'NMSCMW08' WindowName: ''
- ClassName: 'NMSCMW09' WindowName: ''
- ClassName: 'NMSCMW10' WindowName: ''
- ClassName: 'NMSCMW05' WindowName: ''
- ClassName: 'NMSCMW06' WindowName: ''
- ClassName: 'NMSCMW07' WindowName: ''
- ClassName: 'NMSCMW40' WindowName: ''
- ClassName: 'NMSCMW41' WindowName: ''
- ClassName: 'NMSCMW42' WindowName: ''
- ClassName: 'NMSCMW37' WindowName: ''
- ClassName: 'NMSCMW38' WindowName: ''
- ClassName: 'NMSCMW39' WindowName: ''
- ClassName: 'NMSCMW46' WindowName: ''
- ClassName: 'NMSCMW47' WindowName: ''
- ClassName: 'NMSCMW48' WindowName: ''
- ClassName: 'NMSCMW43' WindowName: ''
- ClassName: 'NMSCMW44' WindowName: ''
- ClassName: 'NMSCMW45' WindowName: ''
- ClassName: 'NMSCMW36' WindowName: ''
- ClassName: 'NMSCMW27' WindowName: ''
- ClassName: 'NMSCMW28' WindowName: ''
- ClassName: 'NMSCMW29' WindowName: ''
- ClassName: 'NMSCMW24' WindowName: ''
- ClassName: 'NMSCMW25' WindowName: ''
- ClassName: 'NMSCMW26' WindowName: ''
- ClassName: 'NMSCMW33' WindowName: ''
- ClassName: 'NMSCMW34' WindowName: ''
- ClassName: 'NMSCMW35' WindowName: ''
- ClassName: 'NMSCMW30' WindowName: ''
- ClassName: 'NMSCMW31' WindowName: ''
- ClassName: 'NMSCMW32' WindowName: ''
