Win32.HLLW.Autoruner1.11771
Added to the Dr.Web virus database:
2012-02-11
Virus description added:
2012-03-02
Technical Information
To ensure autorun and distribution:
Modifies the following registry keys:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'KB00801295.exe' = '"%APPDATA%\KB00801295.exe"'
Malicious functions:
Creates and executes the following:
Injects code into
the following system processes:
a large number of user processes.
Modifies file system :
Creates the following files:
- %TEMP%\POS1.tmp.BAT
- %APPDATA%\KB00801295.exe
Deletes itself.
Network activity:
Connects to:
- 'oh####hwjtzihdka.ru':8080
- 'st####juvwqvlmvj.ru':8080
- 'kz####ghktuuzzgz.ru':8080
- 'qn####iedetxhdyq.ru':8080
- 'wb####crbkrkjftn.ru':8080
- 'eo####uwkjskhvki.ru':8080
- 'mj####geawadmrya.ru':8080
- 'wy####rlaewoaecg.ru':8080
- 'ui####xqqbaowfuz.ru':8080
- 'kj####bgadkfnoyw.ru':8080
- 'gt####zvjshxuvle.ru':8080
- 'yl####sxdsvtkygo.ru':8080
- 'rg####ofrilwygvh.ru':8080
- 'ay####mrlmymcwkh.ru':8080
- 'an####elnidmzueo.ru':8080
- 'mc####uyhzvzjxbj.ru':8080
- 'wi####jkinewgycb.ru':8080
- 'hb####cnsuiwgtrq.ru':8080
- 'ax####fbraskytvs.ru':8080
- 'wf####paxvulfdtn.ru':8080
- 'hm####wkvayilcwh.ru':8080
- 'xv####estulhtvqz.ru':8080
- 'hj####xsutdctjol.ru':8080
- 'sk####ujlpedxxsl.ru':8080
- 'xk####fpftrtdcrf.ru':8080
- 'qt####bqfohcpwft.ru':8080
- 'vj####ecxaomkytb.ru':8080
- 'tw####wpluclcqcj.ru':8080
- 'lz####vmrbwdcpha.ru':8080
- 'ta####bbztqnyngq.ru':8080
- 'vz####swhqlswkji.ru':8080
UDP:
- DNS ASK st####juvwqvlmvj.ru
- DNS ASK oh####hwjtzihdka.ru
- DNS ASK wy####rlaewoaecg.ru
- DNS ASK kz####ghktuuzzgz.ru
- DNS ASK eo####uwkjskhvki.ru
- DNS ASK wb####crbkrkjftn.ru
- DNS ASK qn####iedetxhdyq.ru
- DNS ASK mj####geawadmrya.ru
- DNS ASK kj####bgadkfnoyw.ru
- DNS ASK ui####xqqbaowfuz.ru
- DNS ASK xi####gcdfddgrct.ru
- DNS ASK gt####zvjshxuvle.ru
- DNS ASK ay####mrlmymcwkh.ru
- DNS ASK rg####ofrilwygvh.ru
- DNS ASK yl####sxdsvtkygo.ru
- DNS ASK an####elnidmzueo.ru
- DNS ASK mc####uyhzvzjxbj.ru
- DNS ASK wi####jkinewgycb.ru
- DNS ASK hb####cnsuiwgtrq.ru
- DNS ASK ax####fbraskytvs.ru
- DNS ASK wf####paxvulfdtn.ru
- DNS ASK hm####wkvayilcwh.ru
- DNS ASK xv####estulhtvqz.ru
- DNS ASK hj####xsutdctjol.ru
- DNS ASK sk####ujlpedxxsl.ru
- DNS ASK xk####fpftrtdcrf.ru
- DNS ASK qt####bqfohcpwft.ru
- DNS ASK vj####ecxaomkytb.ru
- DNS ASK tw####wpluclcqcj.ru
- DNS ASK lz####vmrbwdcpha.ru
- DNS ASK ta####bbztqnyngq.ru
- DNS ASK vz####swhqlswkji.ru
- '<Private IP address>':1035
Miscellaneous:
Searches for the following windows:
- ClassName: 'Indicator' WindowName: ''
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息