Trojan.MulDrop32.4834

Technical Information

Malicious functions

Launches a large number of processes

Modifies file system

Creates the following files

%TEMP%\nsy8f35.tmp
%HOMEPATH%\cumberworld\popsanger\bortkrsel.cer
%HOMEPATH%\cumberworld\popsanger\edit-clear-all.png
%HOMEPATH%\cumberworld\popsanger\anastigmat251\coauthored138\repreparing\haarfager.rac
%TEMP%\nsddc6b.tmp\nsexec.dll
%TEMP%\nsddc6b.tmp\system.dll

Miscellaneous

Searches for the following windows

ClassName: '#32770' WindowName: ''
ClassName: 'SysListView32' WindowName: ''

Executes the following

'%WINDIR%\syswow64\cmd.exe' /c set /a "0xB39BD251^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD1B7AE6D^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8EEA976^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8EEA033^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8AAAF57E^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD4F4E93F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x949FEC73^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x97BDA876^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8F2E93F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8A6B12F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8AEBAC3F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8A6B32F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8EEAC3F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x91FEF22E^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8AEBA032^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x94BBA876^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xCBF3B39B^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x96AAE56D^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x9D8EEF76^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8C98E973^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC2E4D27A^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD0B7A06D^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x99BAC676^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD6ACB132^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8EEA932^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x91FEB067^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xCDF2A076^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8B7A02B^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC2E4D37A^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xCCEEA96F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8EFB62F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8F7E931^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC2E4D676^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8A6B82F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xBD92B32D^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x91ACB13F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC2E4C36D^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x97BDD737^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEB7EC7A^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xB9F6ED3F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x97A9D06D^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8AEAA033^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x9DBFF47A^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD6ACB332^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8B7A02F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8DADE56D^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x88FEB033^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD4FEE93F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8EEAC3F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xCBECBA25^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8F2A076^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xAFB7EE7B^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xBBBFEC73^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8EEB02F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x80E6B02F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD4B7A02F^-119635937"
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xCBF3B39B^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC2E4D27A^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x97A9D06D^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x97BDD737^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8AEBA032^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD6ACB332^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8EEA976^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x91ACB13F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD4B7A02F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8DADE56D^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD1B7AE6D^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x91FEF22E^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8F2A076^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x99BAC676^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xCBECBA25^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x94BBA876^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD4F4E93F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8AEBAC3F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xCCEEA96F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8EFB62F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD4FEE93F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8B7A02B^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x88FEB033^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8EEAC3F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8EEB02F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xAFB7EE7B^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xBBBFEC73^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8C98E973^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x96AAE56D^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x80E6B02F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8EEA033^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC2E4D676^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8F7E931^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8A6B82F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xB9F6ED3F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xBD92B32D^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC2E4C36D^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x9DBFF47A^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xBEB7EC7A^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xCDF2A076^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xB39BD251^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD0B7A06D^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8AAAF57E^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x9D8EEF76^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC2E4D37A^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD6ACB132^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x91FEB067^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8EEAC3F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8A6B32F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8A6B12F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xC8F2E93F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x97BDA876^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x949FEC73^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0x8AEAA033^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8B7A02F^-119635937"' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /c set /a "0xD8EEA932^-119635937"' (with hidden window)

技术

术语

教育培训

误区

Technical Information

Curing recommendations

Free trial