Trojan.DownLoader10.10160

Technical Information

Malicious functions:

Creates and executes the following:

'%TEMP%\950911819.exe'
'%TEMP%\978910684.exe'
'%TEMP%\7226586.exe'
'%TEMP%\130220413.exe'
'%TEMP%\191717326.exe'
'%TEMP%\908110141.exe'
'%TEMP%\472604870.exe'
'%TEMP%\341999590.exe'
'%TEMP%\721345365.exe'
'%TEMP%\911018252.exe'
'%TEMP%\531245887.exe'
'%TEMP%\4952549.exe'
'%TEMP%\765098154.exe'
'%TEMP%\814459681.exe'
'%TEMP%\178761959.exe'
'%TEMP%\449523329.exe'
'%TEMP%\905912458.exe'
'%TEMP%\863504171.exe'
'%TEMP%\442887127.exe'
'%TEMP%\336073815.exe'
'%TEMP%\916541576.exe'
'%TEMP%\901815116.exe'
'%TEMP%\552239298.exe'
'%TEMP%\548194169.exe'
'%TEMP%\413381993.exe'
'%TEMP%\282297909.exe'
'%TEMP%\866863012.exe'
'%TEMP%\211573719.exe'
'%PROGRAM_FILES%\ww88.exe'
'%TEMP%\666825830.exe'
'%TEMP%\917175650.exe'
'%TEMP%\120120942.exe'
'%TEMP%\229525327.exe'
'%TEMP%\859723865.exe'
'%TEMP%\112030684.exe'
'%TEMP%\209299683.exe'
'%TEMP%\305431663.exe'
'%TEMP%\241343677.exe'
'%TEMP%\57169973.exe'
'%TEMP%\230662345.exe'
'%TEMP%\511654317.exe'
'%TEMP%\406205356.exe'
'%TEMP%\442928552.exe'
'%TEMP%\762734413.exe'
'%TEMP%\47719299.exe'
'%TEMP%\24585545.exe'
'%TEMP%\76855182.exe'
'%TEMP%\284982621.exe'
'%TEMP%\245985388.exe'
'%TEMP%\79763293.exe'
'%TEMP%\761597394.exe'
'%TEMP%\877955019.exe'
'%TEMP%\487610876.exe'
'%TEMP%\276892364.exe'
'%TEMP%\270256161.exe'
'%TEMP%\267982125.exe'
'%TEMP%\257300794.exe'
'%TEMP%\350841701.exe'
'%TEMP%\611424684.exe'
'%TEMP%\532610237.exe'
'%TEMP%\803688645.exe'
'%TEMP%\79763293.exe' (downloaded from the Internet)
'%TEMP%\229525327.exe' (downloaded from the Internet)
'%TEMP%\877955019.exe' (downloaded from the Internet)
'%TEMP%\120120942.exe' (downloaded from the Internet)
'%TEMP%\241343677.exe' (downloaded from the Internet)
'%TEMP%\230662345.exe' (downloaded from the Internet)
'%TEMP%\57169973.exe' (downloaded from the Internet)
'%TEMP%\76855182.exe' (downloaded from the Internet)
'%TEMP%\917175650.exe' (downloaded from the Internet)
'%TEMP%\209299683.exe' (downloaded from the Internet)
'%PROGRAM_FILES%\ww88.exe' (downloaded from the Internet)
'%TEMP%\267982125.exe' (downloaded from the Internet)
'%TEMP%\47719299.exe' (downloaded from the Internet)
'%TEMP%\901815116.exe' (downloaded from the Internet)
'%TEMP%\350841701.exe' (downloaded from the Internet)
'%TEMP%\282297909.exe' (downloaded from the Internet)
'%TEMP%\666825830.exe' (downloaded from the Internet)
'%TEMP%\211573719.exe' (downloaded from the Internet)
'%TEMP%\548194169.exe' (downloaded from the Internet)
'%TEMP%\866863012.exe' (downloaded from the Internet)
'%TEMP%\305431663.exe' (downloaded from the Internet)
'%TEMP%\257300794.exe' (downloaded from the Internet)
'%TEMP%\552239298.exe' (downloaded from the Internet)
'%TEMP%\916541576.exe' (downloaded from the Internet)
'%TEMP%\413381993.exe' (downloaded from the Internet)
'%TEMP%\442928552.exe' (downloaded from the Internet)
'%TEMP%\336073815.exe' (downloaded from the Internet)
'%TEMP%\863504171.exe' (downloaded from the Internet)
'%TEMP%\442887127.exe' (downloaded from the Internet)
'%TEMP%\406205356.exe' (downloaded from the Internet)
'%TEMP%\905912458.exe' (downloaded from the Internet)
'%TEMP%\487610876.exe' (downloaded from the Internet)
'%TEMP%\762734413.exe' (downloaded from the Internet)
'%TEMP%\449523329.exe' (downloaded from the Internet)
'%TEMP%\4952549.exe' (downloaded from the Internet)
'%TEMP%\814459681.exe' (downloaded from the Internet)
'%TEMP%\178761959.exe' (downloaded from the Internet)
'%TEMP%\511654317.exe' (downloaded from the Internet)
'%TEMP%\611424684.exe' (downloaded from the Internet)
'%TEMP%\531245887.exe' (downloaded from the Internet)
'%TEMP%\803688645.exe' (downloaded from the Internet)
'%TEMP%\532610237.exe' (downloaded from the Internet)
'%TEMP%\765098154.exe' (downloaded from the Internet)
'%TEMP%\130220413.exe' (downloaded from the Internet)
'%TEMP%\908110141.exe' (downloaded from the Internet)
'%TEMP%\472604870.exe' (downloaded from the Internet)
'%TEMP%\341999590.exe' (downloaded from the Internet)
'%TEMP%\24585545.exe' (downloaded from the Internet)
'%TEMP%\112030684.exe' (downloaded from the Internet)
'%TEMP%\276892364.exe' (downloaded from the Internet)
'%TEMP%\270256161.exe' (downloaded from the Internet)
'%TEMP%\859723865.exe' (downloaded from the Internet)
'%TEMP%\911018252.exe' (downloaded from the Internet)
'%TEMP%\7226586.exe' (downloaded from the Internet)
'%TEMP%\950911819.exe' (downloaded from the Internet)
'%TEMP%\191717326.exe' (downloaded from the Internet)
'%TEMP%\245985388.exe' (downloaded from the Internet)
'%TEMP%\721345365.exe' (downloaded from the Internet)
'%TEMP%\761597394.exe' (downloaded from the Internet)
'%TEMP%\284982621.exe' (downloaded from the Internet)
'%TEMP%\978910684.exe' (downloaded from the Internet)

Modifies file system :

Creates the following files:

%TEMP%\341999590.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a20[1].exe
%TEMP%\908110141.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a19[1].exe
%TEMP%\721345365.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a18[1].exe
%TEMP%\911018252.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a2[1].exe
%TEMP%\112030684.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a4[1].exe
%TEMP%\229525327.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a1[1].exe
%TEMP%\472604870.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a3[1].exe
%TEMP%\859723865.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a12[1].exe
%TEMP%\130220413.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a13[1].exe
%TEMP%\905912458.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a10[1].exe
%TEMP%\449523329.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a11[1].exe
%TEMP%\191717326.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a16[1].exe
%TEMP%\978910684.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a17[1].exe
%TEMP%\950911819.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a14[1].exe
%TEMP%\7226586.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a15[1].exe
%TEMP%\901815116.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\c1[1].exe
%PROGRAM_FILES%\ww88.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a17[1].exe
%TEMP%\552239298.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a16[1].exe
%TEMP%\916541576.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a15[2].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a20[1].exe
%TEMP%\866863012.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\c1[1].exe
%TEMP%\282297909.exe
%TEMP%\666825830.exe
%TEMP%\211573719.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a19[1].exe
%TEMP%\230662345.exe
%TEMP%\241343677.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a10[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a8[1].exe
%TEMP%\917175650.exe
%TEMP%\120120942.exe
%TEMP%\57169973.exe
%TEMP%\209299683.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a13[1].exe
%TEMP%\413381993.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a14[1].exe
%TEMP%\548194169.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a11[1].exe
%TEMP%\305431663.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a12[1].exe
%TEMP%\276892364.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a10[1].exe
%TEMP%\270256161.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a9[1].exe
%TEMP%\877955019.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a8[1].exe
%TEMP%\76855182.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a11[1].exe
%TEMP%\284982621.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a14[1].exe
%TEMP%\245985388.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a13[1].exe
%TEMP%\24585545.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a12[1].exe
%TEMP%\761597394.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a2[1].exe
%TEMP%\267982125.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a3[1].exe
%TEMP%\350841701.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\c1[1].html
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a1[1].exe
%TEMP%\47719299.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a6[1].exe
%TEMP%\79763293.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a7[1].exe
%TEMP%\257300794.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a4[1].exe
%TEMP%\442928552.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a5[1].exe
%TEMP%\765098154.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a5[1].exe
%TEMP%\531245887.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a3[1].exe
%TEMP%\814459681.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a4[1].exe
%TEMP%\178761959.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a6[1].exe
%TEMP%\336073815.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a8[1].exe
%TEMP%\863504171.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a9[1].exe
%TEMP%\4952549.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a7[1].exe
%TEMP%\442887127.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a17[1].exe
%TEMP%\406205356.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a18[1].exe
%TEMP%\762734413.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a15[1].exe
%TEMP%\487610876.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a16[1].exe
%TEMP%\803688645.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a1[2].exe
%TEMP%\511654317.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a2[1].exe
%TEMP%\611424684.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a19[1].exe
%TEMP%\532610237.exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a20[1].exe

Deletes the following files:

%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a8[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a7[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a9[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a11[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a10[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a1[2].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a3[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a4[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a5[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a6[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a18[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a15[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a19[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\c1[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a20[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a13[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a12[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a14[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a17[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a16[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a2[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a7[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a6[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a9[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a10[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a8[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a2[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a1[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a4[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a5[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a3[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a17[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a16[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a18[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a20[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a19[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\a12[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a11[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\a13[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\a15[1].exe
%HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\a14[1].exe

Moves itself:

from <Full path to virus> to %PROGRAM_FILES%\hjfguhio.txt

Network activity:

Connects to:

'www.pp##88.net':80
'www.bj##jh.com':80
'localhost':1036

TCP:

HTTP GET requests:

www.pp##88.net/wen/a14.exe
www.pp##88.net/wen/a15.exe
www.pp##88.net/wen/a13.exe
www.pp##88.net/wen/a11.exe
www.pp##88.net/wen/a12.exe
www.pp##88.net/wen/a16.exe
www.pp##88.net/wen/a20.exe
www.bj##jh.com/c1/c1.exe
www.pp##88.net/wen/a19.exe
www.pp##88.net/wen/a17.exe
www.pp##88.net/wen/a18.exe
www.pp##88.net/wen/a3.exe
www.pp##88.net/wen/a4.exe
www.pp##88.net/wen/a2.exe
www.bj##jh.com/c1/c1.html
www.pp##88.net/wen/a1.exe
www.pp##88.net/wen/a5.exe
www.pp##88.net/wen/a9.exe
www.pp##88.net/wen/a10.exe
www.pp##88.net/wen/a8.exe
www.pp##88.net/wen/a6.exe
www.pp##88.net/wen/a7.exe

UDP:

DNS ASK www.pp##88.net
DNS ASK www.bj##jh.com

Miscellaneous:

Searches for the following windows:

ClassName: 'Shell_TrayWnd' WindowName: '(null)'
ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
ClassName: 'MS_AutodialMonitor' WindowName: '(null)'

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней