Trojan.DownLoader26.57892

Добавлен в вирусную базу Dr.Web: 2018-07-15

Описание добавлено: 2018-07-14

Technical Information

Modifies file system:

Creates the following files:

%TEMP%\aut1.tmp
%ProgramFiles%\AnyToISO\languages\is-B1TGK.tmp
%ProgramFiles%\AnyToISO\languages\is-I1RJP.tmp
%ProgramFiles%\AnyToISO\languages\is-LREEQ.tmp
%ProgramFiles%\AnyToISO\languages\is-8G2EA.tmp
%ProgramFiles%\AnyToISO\languages\is-LUR50.tmp
%ProgramFiles%\AnyToISO\languages\is-CG6KK.tmp
%ProgramFiles%\AnyToISO\languages\is-FINQ2.tmp
%ProgramFiles%\AnyToISO\languages\is-TPC9I.tmp
%ProgramFiles%\AnyToISO\languages\is-LOJSA.tmp
%ProgramFiles%\AnyToISO\languages\is-SO7K8.tmp
%ProgramFiles%\AnyToISO\languages\is-N9NF5.tmp
%ProgramFiles%\AnyToISO\languages\is-MDG5V.tmp
%ProgramFiles%\AnyToISO\is-B70GC.tmp
%ProgramFiles%\AnyToISO\unins000.msg
%ProgramFiles%\AnyToISO\is-INF2Q.tmp
%ProgramFiles%\AnyToISO\is-HCEB9.tmp
%ProgramFiles%\AnyToISO\is-EN2IQ.tmp
%ProgramFiles%\AnyToISO\platforms\is-UQ7AP.tmp
%ProgramFiles%\AnyToISO\is-OA4TQ.tmp
%ProgramFiles%\AnyToISO\is-PTU57.tmp
%ProgramFiles%\AnyToISO\is-U5UJG.tmp
%ALLUSERSPROFILE%\Start Menu\Programs\AnyToISO\AnyToISO.lnk
%ALLUSERSPROFILE%\Start Menu\Programs\AnyToISO\AnyToISO on the Web.lnk
%HOMEPATH%\Desktop\AnyToISO.lnk
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\AnyToISO.lnk
%ProgramFiles%\AnyToISO\anytoiso.url
%ProgramFiles%\AnyToISO\languages\is-SFBGE.tmp
%ProgramFiles%\AnyToISO\languages\is-JM39B.tmp
%ProgramFiles%\AnyToISO\languages\is-EEOCL.tmp
%ProgramFiles%\AnyToISO\languages\is-F64BN.tmp
%TEMP%\anysetup.exe
%TEMP%\aut2.tmp
%TEMP%\any.exe
%TEMP%\is-MLIEA.tmp\anysetup.tmp
%ProgramFiles%\AnyToISO\is-T5AC8.tmp
%ProgramFiles%\AnyToISO\is-91MCD.tmp
%ProgramFiles%\AnyToISO\languages\is-838ID.tmp
%ProgramFiles%\AnyToISO\languages\is-4QQAO.tmp
%ProgramFiles%\AnyToISO\languages\is-H1D7M.tmp
%ProgramFiles%\AnyToISO\languages\is-E1M8M.tmp
%ProgramFiles%\AnyToISO\languages\is-TNVUQ.tmp
%ProgramFiles%\AnyToISO\languages\is-7973O.tmp
%ProgramFiles%\AnyToISO\languages\is-CFTVR.tmp
%ProgramFiles%\AnyToISO\languages\is-2F70E.tmp
%ProgramFiles%\AnyToISO\languages\is-3JB1L.tmp
%ProgramFiles%\AnyToISO\languages\is-C5KT1.tmp
%ProgramFiles%\AnyToISO\languages\is-V1P13.tmp
%ProgramFiles%\AnyToISO\languages\is-7KJTL.tmp
%ProgramFiles%\AnyToISO\languages\is-O21LN.tmp
%ProgramFiles%\AnyToISO\languages\is-A2ISA.tmp
%ProgramFiles%\AnyToISO\languages\is-2EF4H.tmp
%ProgramFiles%\AnyToISO\languages\is-L73HS.tmp
%ProgramFiles%\AnyToISO\languages\is-V0L9O.tmp
%ProgramFiles%\AnyToISO\languages\is-0LGBC.tmp
%ProgramFiles%\AnyToISO\languages\is-CPB6Q.tmp
%ProgramFiles%\AnyToISO\languages\is-NHRG6.tmp
%ProgramFiles%\AnyToISO\languages\is-HPANU.tmp
%ProgramFiles%\AnyToISO\unins000.dat

Deletes the following files:

%TEMP%\aut1.tmp
%TEMP%\aut2.tmp

Moves the following files:

from %ProgramFiles%\AnyToISO\is-T5AC8.tmp to %ProgramFiles%\AnyToISO\unins000.exe
from %ProgramFiles%\AnyToISO\languages\is-SFBGE.tmp to %ProgramFiles%\AnyToISO\languages\Latvian.xml
from %ProgramFiles%\AnyToISO\languages\is-B1TGK.tmp to %ProgramFiles%\AnyToISO\languages\Lithuanian.xml
from %ProgramFiles%\AnyToISO\languages\is-I1RJP.tmp to %ProgramFiles%\AnyToISO\languages\Persian.xml
from %ProgramFiles%\AnyToISO\languages\is-LREEQ.tmp to %ProgramFiles%\AnyToISO\languages\Polish.xml
from %ProgramFiles%\AnyToISO\languages\is-8G2EA.tmp to %ProgramFiles%\AnyToISO\languages\Portuguese.xml
from %ProgramFiles%\AnyToISO\languages\is-LUR50.tmp to %ProgramFiles%\AnyToISO\languages\Portuguese_Brazilian.xml
from %ProgramFiles%\AnyToISO\languages\is-CG6KK.tmp to %ProgramFiles%\AnyToISO\languages\Romanian.xml
from %ProgramFiles%\AnyToISO\languages\is-FINQ2.tmp to %ProgramFiles%\AnyToISO\languages\Russian.xml
from %ProgramFiles%\AnyToISO\languages\is-TPC9I.tmp to %ProgramFiles%\AnyToISO\languages\Serbian.xml
from %ProgramFiles%\AnyToISO\languages\is-SO7K8.tmp to %ProgramFiles%\AnyToISO\languages\Swedish.xml
from %ProgramFiles%\AnyToISO\is-PTU57.tmp to %ProgramFiles%\AnyToISO\msvcr120.dll
from %ProgramFiles%\AnyToISO\languages\is-N9NF5.tmp to %ProgramFiles%\AnyToISO\languages\Turkish.xml
from %ProgramFiles%\AnyToISO\languages\is-MDG5V.tmp to %ProgramFiles%\AnyToISO\languages\Ukrainian.xml
from %ProgramFiles%\AnyToISO\languages\is-JM39B.tmp to %ProgramFiles%\AnyToISO\languages\Vietnamese.xml
from %ProgramFiles%\AnyToISO\is-B70GC.tmp to %ProgramFiles%\AnyToISO\Qt5Core.dll
from %ProgramFiles%\AnyToISO\is-INF2Q.tmp to %ProgramFiles%\AnyToISO\Qt5Gui.dll
from %ProgramFiles%\AnyToISO\is-HCEB9.tmp to %ProgramFiles%\AnyToISO\Qt5Network.dll
from %ProgramFiles%\AnyToISO\is-EN2IQ.tmp to %ProgramFiles%\AnyToISO\Qt5Widgets.dll
from %ProgramFiles%\AnyToISO\platforms\is-UQ7AP.tmp to %ProgramFiles%\AnyToISO\platforms\qwindows.dll
from %ProgramFiles%\AnyToISO\is-OA4TQ.tmp to %ProgramFiles%\AnyToISO\msvcp120.dll
from %ProgramFiles%\AnyToISO\languages\is-EEOCL.tmp to %ProgramFiles%\AnyToISO\languages\Korean.xml
from %ProgramFiles%\AnyToISO\languages\is-LOJSA.tmp to %ProgramFiles%\AnyToISO\languages\Spanish.xml
from %ProgramFiles%\AnyToISO\languages\is-HPANU.tmp to %ProgramFiles%\AnyToISO\languages\Japanese.xml
from %ProgramFiles%\AnyToISO\languages\is-3JB1L.tmp to %ProgramFiles%\AnyToISO\languages\Danish.xml
from %ProgramFiles%\AnyToISO\is-91MCD.tmp to %ProgramFiles%\AnyToISO\anytoiso.exe
from %ProgramFiles%\AnyToISO\languages\is-838ID.tmp to %ProgramFiles%\AnyToISO\languages\Arabic.xml
from %ProgramFiles%\AnyToISO\languages\is-4QQAO.tmp to %ProgramFiles%\AnyToISO\languages\Armenian.xml
from %ProgramFiles%\AnyToISO\languages\is-H1D7M.tmp to %ProgramFiles%\AnyToISO\languages\Azerbaijani.xml
from %ProgramFiles%\AnyToISO\languages\is-E1M8M.tmp to %ProgramFiles%\AnyToISO\languages\Bulgarian.xml
from %ProgramFiles%\AnyToISO\languages\is-TNVUQ.tmp to %ProgramFiles%\AnyToISO\languages\Chinese_Simplified.xml
from %ProgramFiles%\AnyToISO\languages\is-7973O.tmp to %ProgramFiles%\AnyToISO\languages\Chinese_Traditional.xml
from %ProgramFiles%\AnyToISO\languages\is-F64BN.tmp to %ProgramFiles%\AnyToISO\languages\Croatian.xml
from %ProgramFiles%\AnyToISO\languages\is-CFTVR.tmp to %ProgramFiles%\AnyToISO\languages\Czech.xml
from %ProgramFiles%\AnyToISO\languages\is-C5KT1.tmp to %ProgramFiles%\AnyToISO\languages\Dutch.xml
from %ProgramFiles%\AnyToISO\languages\is-NHRG6.tmp to %ProgramFiles%\AnyToISO\languages\Indonesian.xml
from %ProgramFiles%\AnyToISO\languages\is-V1P13.tmp to %ProgramFiles%\AnyToISO\languages\English.xml
from %ProgramFiles%\AnyToISO\languages\is-7KJTL.tmp to %ProgramFiles%\AnyToISO\languages\Estonian.xml
from %ProgramFiles%\AnyToISO\languages\is-O21LN.tmp to %ProgramFiles%\AnyToISO\languages\Finnish.xml
from %ProgramFiles%\AnyToISO\languages\is-A2ISA.tmp to %ProgramFiles%\AnyToISO\languages\French.xml
from %ProgramFiles%\AnyToISO\languages\is-2EF4H.tmp to %ProgramFiles%\AnyToISO\languages\Georgian.xml
from %ProgramFiles%\AnyToISO\languages\is-L73HS.tmp to %ProgramFiles%\AnyToISO\languages\German.xml
from %ProgramFiles%\AnyToISO\languages\is-V0L9O.tmp to %ProgramFiles%\AnyToISO\languages\Greek.xml
from %ProgramFiles%\AnyToISO\languages\is-0LGBC.tmp to %ProgramFiles%\AnyToISO\languages\Hebrew.xml
from %ProgramFiles%\AnyToISO\languages\is-CPB6Q.tmp to %ProgramFiles%\AnyToISO\languages\Hungarian.xml
from %ProgramFiles%\AnyToISO\languages\is-2F70E.tmp to %ProgramFiles%\AnyToISO\languages\Italian.xml
from %ProgramFiles%\AnyToISO\is-U5UJG.tmp to %ProgramFiles%\AnyToISO\anyshellext_x86.dll

Miscellaneous:

Creates and executes the following:

'%TEMP%\anysetup.exe' /VERYSILENT /NORESTART
'%TEMP%\is-MLIEA.tmp\anysetup.tmp' /SL5="$100E0,7252782,197120,%TEMP%\anysetup.exe" /VERYSILENT /NORESTART
'%ProgramFiles%\AnyToISO\anytoiso.exe' /help
'%ProgramFiles%\AnyToISO\anytoiso.exe'

Executes the following:

'<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles%\AnyToISO\anyshellext_x86.dll"

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней