用户服务中心

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

打开分析仪

计算机病毒事件调查

病毒知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

Win32.Bolik.2

Added to the Dr.Web virus database: 2019-03-11

Virus description added: 2020-02-07

Technical Information

Malicious functions

Injects code into

the following system processes:

%WINDIR%\explorer.exe

Modifies file system

Creates the following files

%LOCALAPPDATA%\ybhaycla
%LOCALAPPDATA%\viqahidiy\shlwapi.dll
%LOCALAPPDATA%\viqahidiy\msvcrt.dll
%LOCALAPPDATA%\viqahidiy\user32.dll
%LOCALAPPDATA%\viqahidiy\gdi32.dll
%LOCALAPPDATA%\viqahidiy\advapi32.dll
%LOCALAPPDATA%\viqahidiy\iqmoqeqe.myr
%LOCALAPPDATA%\yrhinuy\dnsapi.dll
%LOCALAPPDATA%\yrhinuy\powrprof.dll
%LOCALAPPDATA%\yrhinuy\user32.dll
%LOCALAPPDATA%\yrhinuy\rpcrt4.dll
%LOCALAPPDATA%\yrhinuy\msvcrt.dll
%LOCALAPPDATA%\yrhinuy\tydyaqpo.ost
%LOCALAPPDATA%\radabioqh\shlwapi.dll
%LOCALAPPDATA%\radabioqh\msvcrt.dll
%LOCALAPPDATA%\radabioqh\byloup.cay
%LOCALAPPDATA%\kaliolylm\msvcrt.dll
%LOCALAPPDATA%\kaliolylm\bayzz.roi
%LOCALAPPDATA%\viqahidiy\ole32.dll
%LOCALAPPDATA%\viqahidiy\comctl32.dll

Deletes the following files

%LOCALAPPDATA%\kaliolylm\bayzz.roi
%LOCALAPPDATA%\viqahidiy\runonce.exe
%LOCALAPPDATA%\viqahidiy\ole32.dll
%LOCALAPPDATA%\viqahidiy\msvcrt.dll
%LOCALAPPDATA%\viqahidiy\iqmoqeqe.myr
%LOCALAPPDATA%\viqahidiy\gdi32.dll
%LOCALAPPDATA%\viqahidiy\comctl32.dll
%LOCALAPPDATA%\viqahidiy\advapi32.dll
%LOCALAPPDATA%\yrhinuy\user32.dll
%LOCALAPPDATA%\yrhinuy\tydyaqpo.ost
%LOCALAPPDATA%\viqahidiy\shlwapi.dll
%LOCALAPPDATA%\yrhinuy\spoolsv.exe
%LOCALAPPDATA%\yrhinuy\powrprof.dll
%LOCALAPPDATA%\yrhinuy\msvcrt.dll
%LOCALAPPDATA%\yrhinuy\dnsapi.dll
%LOCALAPPDATA%\radabioqh\shlwapi.dll
%LOCALAPPDATA%\radabioqh\regedt32.exe
%LOCALAPPDATA%\radabioqh\msvcrt.dll
%LOCALAPPDATA%\radabioqh\byloup.cay
%LOCALAPPDATA%\kaliolylm\msvcrt.dll
%LOCALAPPDATA%\kaliolylm\ctfmon.exe
%LOCALAPPDATA%\yrhinuy\rpcrt4.dll
%LOCALAPPDATA%\viqahidiy\user32.dll

Network activity

UDP

DNS ASK sy###time.info

Miscellaneous

Creates and executes the following

'%LOCALAPPDATA%\kaliolylm\ctfmon.exe'
'%LOCALAPPDATA%\radabioqh\regedt32.exe'
'%LOCALAPPDATA%\yrhinuy\spoolsv.exe'
'%LOCALAPPDATA%\viqahidiy\runonce.exe'

Executes the following

'<SYSTEM32>\svchost.exe'