用户服务中心

Close

My library

+ Add to library

24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

New ticket

Call us

+7 (495) 789-45-86

RU CN DE EN ES FR IT JP KZ UZ PL BY

Close

服务

扫描仪

Dr.Web vxCube

试用

打开分析仪

计算机病毒事件调查

病毒知识库

知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

新闻

Linux.Packed.523

Added to the Dr.Web virus database: 2019-07-16

Virus description added: 2019-07-16

Technical Information

To ensure autorun and distribution:

Creates or modifies the following files:

/etc/cron.hourly/anacron

Malicious functions:

Removes itself

Launches processes:

/bin/sh -c ([crypto] &)
[crypto]
/bin/sh -c touch -r /etc/cron.hourly/0anacron /etc/cron.hourly/anacron
touch -r /etc/cron.hourly/0anacron /etc/cron.hourly/anacron
/bin/sh -c id
id
/bin/sh -c uname -a
uname -a

Performs operations with the file system:

Creates or modifies files:

/tmp/.4922efcbb2e3ba85f575e37d2d808d2d
/usr/local/sbin/[crypto]

Deletes files:

/usr/local/sbin/[crypto]
/tmp/.4922efcbb2e3ba85f575e37d2d808d2d
/tmp/.lang-unix

Network activity:

Establishes connection:

8.#.8.8:53

HTTP POST requests:

45.##.##9.124/v2/index.php

DNS ASK:

m.####dserver.com
a.####dserver.com

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number