用户服务中心

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID

Dr.Web vxCube

打开分析仪

计算机病毒事件调查

病毒知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

Win32.HLLP.Siggen.60

Added to the Dr.Web virus database: 2025-01-29

Virus description added: 2025-01-30

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'CTS' = '%WINDIR%\CTS.exe'

Infects the following executable files

<Drive name for removable media>:\calc.exe
%LOCALAPPDATA%\google\chrome\application\42.0.2311.135\delegate_execute.exe
%LOCALAPPDATA%\google\chrome\application\42.0.2311.135\installer\setup.exe
%LOCALAPPDATA%\google\chrome\application\42.0.2311.135\nacl64.exe
%LOCALAPPDATA%\google\chrome\application\chrome.exe
%APPDATA%\telegram desktop\telegram.exe
%APPDATA%\telegram desktop\unins000.exe
%APPDATA%\telegram desktop\updater.exe
%HOMEPATH%\desktop\dotnetfx45_full_setup.exe
%HOMEPATH%\desktop\winmine.exe
%HOMEPATH%\desktop\wrar520.exe

Modifies file system

Creates the following files

%TEMP%\yea07nxib6luxu0.exe
%WINDIR%\cts.exe
%TEMP%\jusched.log
%TEMP%\jds659759.tmp\jds659899.tmp

Moves the following files

from %TEMP%\jds659759.tmp\jds659899.tmp to %TEMP%\jds659759.tmp\yea07nxib6luxu0.exe

Network activity

Connects to

'ja#######d-secure.oracle.com':443

TCP

Other

'ja#######d-secure.oracle.com':443

UDP

DNS ASK ja#######d-secure.oracle.com

Miscellaneous

Creates and executes the following

'%TEMP%\yea07nxib6luxu0.exe'
'%WINDIR%\cts.exe'
'%TEMP%\jds659759.tmp\yea07nxib6luxu0.exe'