Trojan.MulDrop6.54556

Техническая информация

Для обеспечения автозапуска и распространения:

Модифицирует следующие ключи реестра:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Malwarebytes' Anti-Malware' = '%ProgramFiles%\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent'

Вредоносные функции:

Запускает на исполнение:

'<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles%\Malwarebytes' Anti-Malware\ssubtmr6.dll"
'<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles%\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
'%ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe' /updated /errorsilent
'%ProgramFiles%\Malwarebytes' Anti-Malware\mbamgui.exe' /uninstall
'%TEMP%\7ZipSfx.000\malwarebytes.exe' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
'%TEMP%\is-D2N2I.tmp\malwarebytes.tmp' /SL5="$30092,9041948,54272,%TEMP%\7ZipSfx.000\malwarebytes.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
'<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles%\Malwarebytes' Anti-Malware\mbamext.dll"

Изменения в файловой системе:

Создает следующие файлы:

%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-H5SNT.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-QJOBT.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-2R67O.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-4521O.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-2MPA8.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-QAH0A.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-0NCB8.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-SSO56.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-9NSS6.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-6NILI.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-7LK50.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-21GLU.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-6DIBA.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-9C2VF.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-GH16O.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-SEB77.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-BIQ61.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-AENI4.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-J4EH7.tmp
%ALLUSERSPROFILE%\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
<DRIVERS>\is-EJI38.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-STGAS.tmp
%ALLUSERSPROFILE%\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
%ProgramFiles%\Malwarebytes' Anti-Malware\unins000.dat
%TEMP%\~DF4D71.tmp
%ALLUSERSPROFILE%\Desktop\Malwarebytes' Anti-Malware.lnk
%ProgramFiles%\Malwarebytes' Anti-Malware\unins000.msg
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\is-8VSCH.tmp
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\is-U4EEJ.tmp
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\is-7T0RB.tmp
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\is-309B5.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-TVF15.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-QGRQ1.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-7OITC.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-UBP77.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-AKOJQ.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-E54KM.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\mbamext.dll
<DRIVERS>\mbam.sys
%ProgramFiles%\Malwarebytes' Anti-Malware\is-JTUCT.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-132KU.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-TEL3N.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-P9KF0.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-QRQKD.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-7D48T.tmp
%TEMP%\is-39G87.tmp\_isetup\_RegDLL.tmp
%TEMP%\is-39G87.tmp\_isetup\_shfoldr.dll
%TEMP%\7ZipSfx.000\malwarebytes.exe
%TEMP%\is-D2N2I.tmp\malwarebytes.tmp
%TEMP%\is-39G87.tmp\mbam.dll
%ProgramFiles%\Malwarebytes' Anti-Malware\is-MGRHQ.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-TS89P.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-00CDV.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\is-URA72.tmp
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\is-CUH1O.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-5UUNU.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-FG6MM.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-TSPIJ.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-H246E.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-2R6KM.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-1HLVB.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-B9AIT.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-M66VR.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-TUK1S.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-6S2IP.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-B4RFL.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-NF72O.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-JN0NS.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-0SEF5.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-U0TVP.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-G96MS.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-945OT.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-4NS71.tmp

Удаляет следующие файлы:

%TEMP%\is-39G87.tmp\mbam.dll
%TEMP%\~DF4D71.tmp
%TEMP%\is-39G87.tmp\_isetup\_shfoldr.dll
%TEMP%\is-39G87.tmp\_isetup\_RegDLL.tmp
%ProgramFiles%\Malwarebytes' Anti-Malware\mbamext-32.dll
%ProgramFiles%\Malwarebytes' Anti-Malware\mbam-filter-32.sys
%ProgramFiles%\Malwarebytes' Anti-Malware\mbam-ssdt-32.sys
%ProgramFiles%\Malwarebytes' Anti-Malware\mbamext-64.dll
%ProgramFiles%\Malwarebytes' Anti-Malware\mbam-filter-64.sys

Перемещает следующие файлы:

%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-4521O.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\romanian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-2R67O.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-SEB77.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-H5SNT.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\russian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-SSO56.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\slovenian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-2MPA8.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\slovak.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-QJOBT.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\serbian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-GH16O.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\polish.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-6NILI.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\korean.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-6DIBA.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\italian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-21GLU.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\hungarian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-7LK50.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\latvian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-AENI4.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\norwegian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-BIQ61.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\macedonian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-9C2VF.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\lithuanian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\is-AKOJQ.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbamnet.dll
%ProgramFiles%\Malwarebytes' Anti-Malware\is-UBP77.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbamcore.dll
%ProgramFiles%\Malwarebytes' Anti-Malware\is-TVF15.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.dll
%ProgramFiles%\Malwarebytes' Anti-Malware\is-QGRQ1.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\ssubtmr6.dll
%ProgramFiles%\Malwarebytes' Anti-Malware\is-STGAS.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbamservice.exe
<DRIVERS>\is-EJI38.tmp в <DRIVERS>\mbamswissarmy.sys
%ProgramFiles%\Malwarebytes' Anti-Malware\is-7OITC.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\is-U4EEJ.tmp в %ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-0NCB8.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\turkish.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-QAH0A.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\swedish.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-9NSS6.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\spanish.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-J4EH7.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\vietnamese.lng
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\is-8VSCH.tmp в %ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\news.conf
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\is-309B5.tmp в %ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\config.conf
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\is-7T0RB.tmp в %ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\build.conf
%ProgramFiles%\Malwarebytes' Anti-Malware\is-P9KF0.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\changes.rtf
%ProgramFiles%\Malwarebytes' Anti-Malware\is-TEL3N.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\license.txt
%ProgramFiles%\Malwarebytes' Anti-Malware\is-7D48T.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.chm
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\is-CUH1O.tmp в %ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-6S2IP.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\bosnian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-JN0NS.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\belarusian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-NF72O.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\arabic.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\is-QRQKD.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbamgui.exe
%ProgramFiles%\Malwarebytes' Anti-Malware\is-MGRHQ.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbam-filter-32.sys
%ProgramFiles%\Malwarebytes' Anti-Malware\is-URA72.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbam-ssdt-32.sys
%ProgramFiles%\Malwarebytes' Anti-Malware\is-00CDV.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\unins000.exe
%ProgramFiles%\Malwarebytes' Anti-Malware\is-TS89P.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbam-filter-64.sys
%ProgramFiles%\Malwarebytes' Anti-Malware\is-132KU.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe
%ProgramFiles%\Malwarebytes' Anti-Malware\is-E54KM.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbamext-64.dll
%ProgramFiles%\Malwarebytes' Anti-Malware\is-JTUCT.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\mbamext-32.dll
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-2R6KM.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\finnish.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-FG6MM.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\estonian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-5UUNU.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\english.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-M66VR.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\french.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-B9AIT.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\hebrew.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-1HLVB.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\greek.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-TUK1S.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\german.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-H246E.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\dutch.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-945OT.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\chineseSI.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-0SEF5.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\catalan.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-B4RFL.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-4NS71.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\chineseTR.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-TSPIJ.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\danish.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-G96MS.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\czech.lng
%ProgramFiles%\Malwarebytes' Anti-Malware\Languages\is-U0TVP.tmp в %ProgramFiles%\Malwarebytes' Anti-Malware\Languages\croatian.lng

Другое:

Ищет следующие окна:

ClassName: 'Shell_TrayWnd' WindowName: ''

Технологии

Термины

Обучение и просвещение

Мифы

Техническая информация

Рекомендации по лечению

Демо бесплатно на 14 дней