Trojan.DownLoader12.29235

Technical Information

To ensure autorun and distribution:

Creates or modifies the following files:

%WINDIR%\Tasks\SA.DAT

Malicious functions:

Executes the following:

'<SYSTEM32>\svchost.exe' -k netsvcs

Modifies file system :

Creates the following files:

%CommonProgramFiles%\Microsoft Shared\Stationery\brvrjrke.exe
%CommonProgramFiles%\System\ado\tsektjkj.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\ehbebsrn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\nsqjttkv.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\njbsvtll.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\sjwzlskk.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\res\lhbtcvlt.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\hltjtlne.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\jjjthqtn.exe
%PROGRAM_FILES%\FireFox\chrome\toolkit\content\global\cpow\ketssrzn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bcwvzwbh.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\czjevcet.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\xrljqjzn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\vkjljzrn.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bhrhnkht.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\tlcwjrwt.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bnbtzwxt.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\bzqlkhrh.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\qjllsjhl.exe
%CommonProgramFiles%\Microsoft Shared\Stationery\elwtjnbj.exe

Network activity:

Connects to:

'65.##2.133.151':139
'65.##2.63.150':139
'65.##2.51.181':139
'65.#62.8.2':139
'65.##2.32.23':139
'65.##2.140.159':139
'65.##2.47.10':139
'65.##2.52.228':139
'65.##2.54.81':139
'65.##2.183.172':139
'65.##2.137.120':139
'65.##2.251.111':139
'65.##2.62.69':139
'65.##2.119.238':139
'65.##2.110.43':139
'65.##2.102.192':139
'65.##2.49.91':139
'65.##2.245.150':139
'65.##2.116.223':139
'65.##2.44.218':139
'65.##2.162.208':139
'65.##2.16.150':139
'65.##2.32.74':139
'65.##2.57.205':445
'65.##2.224.57':445
'65.##2.105.165':445
'65.##2.62.84':139
'65.##2.204.138':139
'65.##2.27.169':445
'65.##2.166.169':445
'65.##2.225.51':445
'65.##2.169.77':445
'65.##2.122.33':445
'65.##2.77.95':445
'65.##2.103.123':139
'65.##2.115.99':139
'65.##2.171.112':139
'65.##2.72.147':139
'65.##2.111.201':139
'65.##2.97.18':139
'65.##2.30.150':139
'65.##2.217.10':139
'65.##2.62.201':139
'65.##2.97.52':139
'65.##2.35.219':139
'65.##2.5.126':139
'65.##2.146.53':445
'65.##2.156.145':445
'65.##2.155.99':445
'65.##2.49.11':445
'65.##2.74.13':445
'65.##2.172.156':445
'65.##2.14.218':445
'65.##2.143.119':445
'65.##2.221.1':445
'65.##2.6.173':445
'65.#62.1.6':445
'65.##2.1.222':445
'65.##2.85.13':445
'65.##2.20.134':445
'65.##2.87.245':445
'65.##2.100.40':445
'65.##2.29.170':445
'65.##2.163.194':445
'65.##2.233.196':445
'65.##2.159.36':445
'65.##2.191.98':445
'65.##2.214.243':445
'65.##2.45.219':445
'65.##2.169.77':139
'65.##2.166.169':139
'65.##2.77.95':139
'65.##2.27.169':139
'65.##2.122.33':139
'65.##2.225.51':139
'65.##2.142.220':139
'65.##2.192.142':139
'65.##2.187.216':139
'65.#62.2.89':139
'65.##2.230.82':139
'65.##2.224.57':139
'65.##2.165.91':445
'65.##2.61.165':445
'65.##2.91.81':445
'65.##2.210.248':445
'65.##2.35.73':445
'65.##2.90.191':445
'65.##2.105.165':139
'65.##2.57.205':139
'65.#62.7.97':445
'65.##2.186.168':445
'65.##2.1.137':445
'65.#62.2.89':445
'65.##2.42.228':139
'65.##2.103.242':139
'65.##2.39.225':139
'65.##2.76.250':139
'65.##2.154.77':139
'65.##2.11.21':139
'65.##2.174.184':139
'65.##2.24.146':139
'65.##2.184.188':139
'65.##2.34.251':139
'65.##2.42.234':139
'65.##2.195.145':139
'65.##2.211.208':139
'65.##2.81.250':139
'65.##2.94.135':139
'65.##2.82.88':139
'65.##2.194.217':139
'65.##2.87.119':139
'65.##2.128.185':139
'65.##2.222.165':139
'65.##2.209.189':139
'65.##2.1.231':139
'65.##2.149.95':139
'65.##2.155.110':139
'65.##2.91.234':139
'65.##2.13.132':139
'65.##2.69.21':139
'65.##2.169.68':139
'65.##2.195.91':139
'65.##2.231.179':139
'65.##2.250.124':139
'65.##2.79.112':139
'65.##2.74.145':139
'65.##2.255.62':139
'65.##2.168.147':139
'65.##2.127.131':139
'65.##2.245.127':139
'65.##2.177.189':139
'65.##2.144.61':139
'65.##2.19.169':139
'65.##2.184.245':139
'65.##2.32.116':139
'65.##2.92.148':139
'65.#62.56.8':139
'65.##2.97.159':139
'65.##2.45.141':139
'65.##2.251.111':445
'65.#62.8.2':445
'65.##2.44.218':445
'65.##2.162.208':445
'65.##2.116.223':445
'65.##2.32.23':445
'65.##2.140.159':445
'65.##2.183.172':445
'65.##2.133.151':445
'65.##2.51.181':445
'65.##2.63.150':445
'65.##2.32.74':445
'65.##2.192.142':445
'65.##2.102.192':445
'65.##2.142.220':445
'65.##2.230.82':445
'65.##2.187.216':445
'65.##2.49.91':445
'65.##2.245.150':445
'65.##2.16.150':445
'65.##2.119.238':445
'65.##2.110.43':445
'65.##2.62.69':445
'65.##2.103.123':445
'65.##2.62.84':445
'65.##2.62.201':445
'65.##2.97.52':445
'65.##2.217.10':445
'65.##2.204.138':445
'65.##2.120.203':139
'65.##2.178.49':139
'65.##2.1.209':139
'65.##2.37.204':139
'65.##2.209.37':139
'65.##2.5.126':445
'65.##2.52.228':445
'65.##2.111.201':445
'65.##2.47.10':445
'65.##2.137.120':445
'65.##2.54.81':445
'65.##2.97.18':445
'65.##2.30.150':445
'65.##2.35.219':445
'65.##2.171.112':445
'65.##2.72.147':445
'65.##2.115.99':445
'65.##2.243.33':445
'65.#62.1.91':445
'65.##2.208.140':445
'65.##2.78.175':445
'65.##2.245.146':445
'65.##2.56.244':445
'65.##2.98.209':445
'65.##2.59.45':445
'65.##2.132.95':445
'65.##2.76.191':445
'65.##2.102.115':445
'65.##2.143.241':445
'65.##2.150.224':445
'65.##2.191.161':139
'65.##2.183.164':139
'65.##2.65.107':139
'65.##2.115.84':139
'65.##2.49.179':139
'65.##2.16.73':445
'65.##2.216.15':445
'65.##2.251.241':445
'65.##2.164.207':445
'65.##2.241.241':445
'65.##2.184.173':445
'65.##2.55.227':445
'65.##2.109.242':445
'65.##2.226.250':445
'65.##2.151.67':445
'65.##2.23.182':445
'65.##2.11.243':445
'65.##2.90.229':445
'65.##2.41.38':445
'65.##2.242.150':445
'65.##2.84.170':445
'65.##2.53.185':445
'65.##2.124.230':445
'65.##2.31.67':445
'65.##2.48.182':445
'65.##2.9.201':445
'65.##2.100.23':445
'65.##2.91.79':445
'65.##2.194.165':445
'65.#62.89.5':445
'65.##2.32.183':445
'65.##2.53.109':445
'65.##2.171.160':445
'65.#62.27.1':445
'65.##2.76.191':139
'65.##2.59.45':139
'65.##2.143.241':139
'65.##2.98.209':139
'65.##2.102.115':139
'65.##2.132.95':139
'65.##2.31.67':139
'65.##2.48.182':139
'65.##2.9.201':139
'65.##2.100.23':139
'65.##2.91.79':139
'65.##2.208.140':139
'65.##2.16.73':139
'65.##2.184.173':139
'65.##2.241.241':139
'65.##2.164.207':139
'65.##2.216.15':139
'65.##2.251.241':139
'65.##2.78.175':139
'65.#62.1.91':139
'65.##2.56.244':139
'65.##2.150.224':139
'65.##2.245.146':139
'65.##2.242.150':139
'65.##2.90.229':139
'65.##2.53.185':139
'65.##2.11.243':139
'65.##2.84.170':139
'65.##2.41.38':139
'65.##2.132.92':139
'65.##2.20.16':139
'65.##2.217.122':139
'65.##2.168.97':139
'65.##2.156.46':139
'65.##2.109.242':139
'65.##2.53.109':139
'65.#62.89.5':139
'65.#62.27.1':139
'65.##2.194.165':139
'65.##2.171.160':139
'65.##2.32.183':139
'65.##2.226.250':139
'65.##2.55.227':139
'65.##2.23.182':139
'65.##2.124.230':139
'65.##2.151.67':139
'65.##2.168.97':445
'65.#62.1.6':139
'65.##2.221.1':139
'65.##2.6.173':139
'65.##2.156.145':139
'65.##2.172.156':139
'65.##2.14.218':139
'65.##2.91.81':139
'65.##2.165.91':139
'65.##2.35.73':139
'65.##2.143.119':139
'65.##2.210.248':139
'65.##2.146.53':139
'65.##2.45.219':139
'65.##2.191.98':139
'65.##2.163.194':139
'65.##2.85.13':139
'65.##2.214.243':139
'65.##2.233.196':139
'65.##2.74.13':139
'65.##2.155.99':139
'65.##2.49.11':139
'65.##2.159.36':139
'65.##2.1.222':139
'65.##2.179.7':445
'65.##2.110.124':445
'65.##2.44.18':445
'65.##2.227.72':445
'65.##2.178.216':445
'65.##2.44.131':445
'65.##2.111.107':445
'65.##2.11.233':445
'65.##2.207.236':445
'65.##2.70.89':445
'65.##2.237.44':445
'65.##2.72.152':445
'65.##2.1.137':139
'65.#62.7.97':139
'65.##2.186.168':139
'65.##2.61.165':139
'65.##2.90.191':139
'65.##2.52.183':445
'65.##2.22.245':445
'65.##2.25.13':445
'65.##2.79.148':445
'65.##2.248.251':445
'65.##2.237.86':445
'65.##2.48.182':9988
'65.##2.194.165':9988
'65.##2.31.67':9988
'65.##2.102.115':9988
'65.##2.143.241':9988
'65.##2.32.183':9988
'65.##2.226.250':9988
'65.##2.109.242':9988
'65.##2.23.182':9988
'65.##2.124.230':9988
'65.##2.151.67':9988
'65.##2.98.209':9988
'65.##2.20.16':445
'65.##2.115.84':445
'65.##2.132.92':445
'65.##2.156.46':445
'65.##2.217.122':445
'65.##2.49.179':445
'65.##2.56.244':9988
'65.##2.78.175':9988
'65.##2.183.164':445
'65.##2.65.107':445
'65.##2.191.161':445
'65.##2.207.236':139
'65.##2.243.33':139
'65.##2.237.44':139
'65.##2.70.89':139
'65.##2.44.131':139
'65.##2.100.40':139
'65.##2.87.245':139
'65.##2.20.134':139
'65.##2.29.170':139
'65.##2.111.107':139
'65.##2.11.233':139
'65.##2.110.124':139
'65.##2.79.148':139
'65.##2.22.245':139
'65.##2.237.86':139
'65.##2.52.183':139
'65.##2.248.251':139
'65.##2.25.13':139
'65.##2.44.18':139
'65.##2.179.7':139
'65.##2.178.216':139
'65.##2.72.152':139
'65.##2.227.72':139

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней