Trojan.Click3.29908

Trojan.Click3.29908

Добавлен в вирусную базу Dr.Web: 2021-09-07

Описание добавлено: 2021-09-09

Technical Information

Malicious functions

Executes the following

'%ProgramFiles(x86)%\internet explorer\iexplore.exe' http://op####63.vhyx.cn/

Modifies file system

Creates the following files

%TEMP%\bt1586.bat
%LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012021090720210908\index.dat

Sets the 'hidden' attribute to the following files

%TEMP%\bt1586.bat

Deletes the following files

%TEMP%\bt1586.bat

Modifies the following files

Network activity

Connects to

'op####63.vhyx.cn':80
'v2########.oss-cn-hangzhou.aliyuncs.com':80
'sy.#hyx.cn':80

TCP

HTTP GET requests

http://op####63.vhyx.cn/
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210427/60876d1e8ea0c.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/card/20210906/6135cca4aa6e3.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/card/20210906/6135ccb2bfcf4.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/card/20210906/6135de0f14f61.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/card/20210906/6135de19a1c7d.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/card/20210907/6136fcf75a65f.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210904/613318e0085ce.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/card/20210907/6136fd49b8de6.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/news/20210906/6135e6250816f.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/news/20191203/5de5c660c04e3.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20201223/5fe33f9c7e539.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210122/600a646ff25d4.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210421/607f831f40121.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210521/60a73b4fe9f15.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/card/20210907/6136fd5975b24.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210325/605c5ea19d5ba.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210609/60c0a35cbafc6.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20201201/5fc5eeffa1970.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210415/6078267abbd1d.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20201125/5fbe2a584b5ba.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210414/607691bb19001.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210125/600ea194c4a3c.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210327/605ea647065e2.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210723/60fa31c3d7618.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/content/20210813/61162200855d8.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/content/20200929/5f72a6839c3d4.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210902/613028494e258.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210903/6131739815fa2.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210902/6130551fcc42b.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210901/612f4fdad4fcf.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210906/6135bb5642aec.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210903/61317f0b43786.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210907/61370d7a986e4.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210421/607fd8ea26c7c.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/news/20191116/5dcf96cfed216.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210327/605ea64ea712a.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210720/60f6beef80eb5.png
http://op####63.vhyx.cn/themes/simplebootx/Public/fonts/iconfont.eot?
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/css/iconfont.eot?
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/js/layer/skin/default/layer.css?v=#########
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/js/geren.js
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/css/geren.css
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/css/yonghu.css
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/images/android.png
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/js/jquery.flexslider-min.js
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/js/index.js
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/js/lyz.delayLoading.min.js
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/js/layer/layer.js
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/css/index.css
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/js/jquery-1.10.2.min.js
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/css/style.css
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/css/flexslider.css
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/images/apple.png
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/img/img-new-hot.jpg
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/img/arr.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20201130/5fc486511fc55.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20201010/5f817eee12b14.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20201019/5f8d421ae614d.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20201223/5fe33f972bc8c.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210421/607f831732585.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210521/60a73b466e130.jpg
http://sy.#hyx.cn/themes/simplebootx/Public/sub/images/logo.png?16########
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/content/20210507/6094c7d7683db.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210728/61015828c2b91.gif
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/content/20210507/6094d773956d2.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210421/607fd8b84de7a.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/content/20210813/61162690914d9.jpg
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210720/60f6bee818fd1.png
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/images/jt-right.png
http://op####63.vhyx.cn/themes/simplebootx/Public/sub/images/jt-left.png
http://v2########.oss-cn-hangzhou.aliyuncs.com/data/upload/game/20210723/60fa31c9c6690.jpg
http://op####63.vhyx.cn/favicon.ico

UDP

DNS ASK op####63.vhyx.cn
DNS ASK v2########.oss-cn-hangzhou.aliyuncs.com
DNS ASK sy.#hyx.cn

Miscellaneous

Searches for the following windows

ClassName: 'Static' WindowName: ''
ClassName: 'MS_AutodialMonitor' WindowName: ''
ClassName: 'MS_WebCheckMonitor' WindowName: ''

Creates and executes the following

'%WINDIR%\syswow64\cmd.exe' /c %TEMP%\bt1586.bat' (with hidden window)

Executes the following

'%WINDIR%\syswow64\cmd.exe' /c %TEMP%\bt1586.bat

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней