Trojan.DownLoader23.33202

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Machine DLL Bluetooth Studio AutoConfig' = '<SYSTEM32>\vcncgtl.exe'

Creates the following services:

[<HKLM>\SYSTEM\ControlSet001\Services\Defender Launcher Experience] 'ImagePath' = '<SYSTEM32>\vcncgtl.exe'
[<HKLM>\SYSTEM\ControlSet001\Services\Defender Launcher Experience] 'Start' = '00000002'

Malicious functions:

To complicate detection of its presence in the operating system,

blocks the following features:

Windows Security Center

Executes the following:

'<SYSTEM32>\uhkqipjxj.exe' "<SYSTEM32>\vcncgtl.exe"
'%WINDIR%\Temp\jleujhosrbtb9nkw3m5.exe' -r 31347 tcp
'%TEMP%\jleujhost9hogqkw3m5uibvmr.exe'
'<SYSTEM32>\vcncgtl.exe'

Modifies file system:

Creates the following files:

<SYSTEM32>\rfhfzzqrdgf\run
<SYSTEM32>\rfhfzzqrdgf\rng
%WINDIR%\Temp\jleujhosrbtb9nkw3m5.exe
<SYSTEM32>\rfhfzzqrdgf\cfg
%TEMP%\jleujhost9hogqkw3m5uibvmr.exe
<SYSTEM32>\rfhfzzqrdgf\tst
<SYSTEM32>\uhkqipjxj.exe
<SYSTEM32>\vcncgtl.exe

Sets the 'hidden' attribute to the following files:

<SYSTEM32>\uhkqipjxj.exe
<SYSTEM32>\vcncgtl.exe

Deletes the following files:

%WINDIR%\Temp\jleujhosrbtb9nkw3m5.exe
%TEMP%\jleujhost9hogqkw3m5uibvmr.exe

Network activity:

Connects to:

'ri###nstorm.net':80
'lo####thepings.ru':80
'18#.#17.73.77':80
'18#.#06.120.168':80

TCP:

HTTP GET requests:

http://ri###nstorm.net/index.php
http://lo####thepings.ru/index.php
http://18#.#17.73.77/index.php
http://18#.#06.120.168/index.php

UDP:

DNS ASK fa####turday.net
DNS ASK vi###tree.net
DNS ASK wa####aturday.net
DNS ASK wa####housand.net
DNS ASK wa###loud.net
DNS ASK wa###loud.ru
DNS ASK fa####ousand.net
DNS ASK vi###tree.ru
DNS ASK sp####housand.net
DNS ASK sp####housand.ru
DNS ASK vi####aturday.net
DNS ASK vi####housand.net
DNS ASK sp###tree.net
DNS ASK vi###loud.net
DNS ASK sp###loud.net
DNS ASK dr###tree.ru
DNS ASK dr####housand.net
DNS ASK th###oud.net
DNS ASK dr###tree.net
DNS ASK so###stock.net
DNS ASK ar###stock.net
DNS ASK th###ree.net
DNS ASK dr###loud.net
DNS ASK fa###ree.net
DNS ASK wa###tree.net
DNS ASK fa###oud.net
DNS ASK dr####aturday.net
DNS ASK th####ousand.net
DNS ASK th####turday.net
DNS ASK th###aturday.ru
DNS ASK gl####turday.net
DNS ASK sa###ree.net
DNS ASK sp###ree.net
DNS ASK ta####aturday.net
DNS ASK ta####housand.net
DNS ASK ta####housand.ru
DNS ASK gl####ousand.net
DNS ASK sp##tree.ru
DNS ASK sa####turday.net
DNS ASK sa###aturday.ru
DNS ASK wa###reply.net
DNS ASK sp####ousand.net
DNS ASK sa###oud.net
DNS ASK sp###oud.net
DNS ASK sa####ousand.net
DNS ASK gr###loud.ru
DNS ASK eq###loud.net
DNS ASK gr####housand.net
DNS ASK gr###loud.net
DNS ASK sp####aturday.net
DNS ASK gr###tree.net
DNS ASK eq###tree.net
DNS ASK eq####housand.net
DNS ASK gl###ree.net
DNS ASK ta###loud.net
DNS ASK gl###oud.net
DNS ASK ta###tree.net
DNS ASK gr####aturday.net
DNS ASK eq####aturday.net
DNS ASK eq####aturday.ru
DNS ASK gr###throw.net
DNS ASK eq###throw.net
DNS ASK gr###stock.net
DNS ASK gr###reply.net
DNS ASK eq###whole.ru
DNS ASK eq###whole.net
DNS ASK eq###reply.net
DNS ASK gr###stock.ru
DNS ASK gl###eply.net
DNS ASK gl###eply.ru
DNS ASK ta###throw.net
DNS ASK ta###reply.net
DNS ASK eq###stock.net
DNS ASK ta###whole.net
DNS ASK gl###hole.net
DNS ASK wa###stock.ru
DNS ASK vi###whole.net
DNS ASK sp###whole.net
DNS ASK wa###stock.net
DNS ASK fa###hrow.net
DNS ASK wa###throw.net
DNS ASK fa###tock.net
DNS ASK vi###reply.net
DNS ASK vi###stock.net
DNS ASK sp###stock.net
DNS ASK gr###whole.net
DNS ASK sp###throw.net
DNS ASK sp###reply.net
DNS ASK vi###throw.net
DNS ASK vi###throw.ru
DNS ASK up###hrow.net
DNS ASK wh###stock.net
DNS ASK up###tock.net
DNS ASK wh###throw.net
DNS ASK wh###reply.net
DNS ASK wh###reply.ru
DNS ASK up###eply.net
DNS ASK up###tock.ru
DNS ASK so###throw.net
DNS ASK so###throw.ru
DNS ASK ar###throw.net
DNS ASK ar###reply.net
DNS ASK so###whole.net
DNS ASK ar###whole.net
DNS ASK so###reply.net
DNS ASK sa###hole.ru
DNS ASK sp###hole.net
DNS ASK sa###eply.net
DNS ASK sa###hole.net
DNS ASK gl###hrow.net
DNS ASK ta###stock.net
DNS ASK gl###tock.net
DNS ASK sp###eply.net
DNS ASK sp###tock.net
DNS ASK wh###whole.net
DNS ASK up###hole.net
DNS ASK sa###tock.net
DNS ASK sa###hrow.net
DNS ASK sp###hrow.net
DNS ASK sp###hrow.ru
DNS ASK dr###mark.ru
DNS ASK so###mile.net
DNS ASK wh###read.ru
DNS ASK up###han.net
DNS ASK sp###han.net
DNS ASK sp##than.ru
DNS ASK th###roke.net
DNS ASK wh###read.net
DNS ASK up###ing.net
DNS ASK th###tate.net
DNS ASK up###ile.net
DNS ASK up###ead.net
DNS ASK wh###than.net
DNS ASK ar###king.net
DNS ASK dr###broke.net
DNS ASK ta###than.net
DNS ASK gl##read.ru
DNS ASK gl###han.net
DNS ASK gl###ead.net
DNS ASK ta###mile.net
DNS ASK gl###ile.net
DNS ASK ta###read.net
DNS ASK sa###ing.net
DNS ASK sa###ead.net
DNS ASK sp###ead.net
DNS ASK sa###han.net
DNS ASK sp###ile.net
DNS ASK sp###ing.net
DNS ASK sa###ile.net
DNS ASK sa##mile.ru
DNS ASK wa###broke.ru
DNS ASK wa###broke.net
DNS ASK fa###roke.net
DNS ASK fa##news.ru
DNS ASK dr###mark.net
DNS ASK ar###king.ru
DNS ASK wa###state.net
DNS ASK wa###mark.net
DNS ASK lo####thepings.ru
DNS ASK ri###nstorm.net
DNS ASK sp####turday.net
DNS ASK fa###tate.net
DNS ASK fa###ark.net
DNS ASK wa###news.net
DNS ASK fa###ews.net
DNS ASK so###king.net
DNS ASK vi###news.net
DNS ASK dr###state.net
DNS ASK so###than.net
DNS ASK sp###news.net
DNS ASK wh###king.net
DNS ASK so###read.net
DNS ASK wh###mile.net
DNS ASK so###than.ru
DNS ASK th###ark.net
DNS ASK ar###than.net
DNS ASK th###ews.net
DNS ASK ar###mile.net
DNS ASK ar###read.net
DNS ASK dr###news.net
DNS ASK th###ing.net
DNS ASK dr###king.net
DNS ASK th###ile.net
DNS ASK ar####aturday.net
DNS ASK ar####housand.net
DNS ASK so####aturday.net
DNS ASK ar####housand.ru
DNS ASK th##mile.ru
DNS ASK dr###than.net
DNS ASK dr###than.ru
DNS ASK fa###ing.net
DNS ASK dr###read.net
DNS ASK dr###mile.net
DNS ASK th###han.net
DNS ASK th###ead.net
DNS ASK up##loud.ru
DNS ASK wh####housand.net
DNS ASK up####ousand.net
DNS ASK up###oud.net
DNS ASK wh###tree.net
DNS ASK up###ree.net
DNS ASK wh###loud.net
DNS ASK wh####aturday.net
DNS ASK so###loud.net
DNS ASK ar###loud.net
DNS ASK so####housand.net
DNS ASK ar###tree.net
DNS ASK up####turday.net
DNS ASK so###tree.net
DNS ASK so###tree.ru
DNS ASK eq###king.net
DNS ASK gr###mile.net
DNS ASK eq###mile.net
DNS ASK gr###king.net
DNS ASK vi###than.net
DNS ASK vi###than.ru
DNS ASK sp###than.net
DNS ASK eq###mile.ru
DNS ASK eq###than.net
DNS ASK ta###king.ru
DNS ASK gl###ing.net
DNS ASK ta###king.net
DNS ASK gr###read.net
DNS ASK eq###read.net
DNS ASK gr###than.net
DNS ASK fa##read.ru
DNS ASK wa###read.net
DNS ASK fa###han.net
DNS ASK fa###ead.net
DNS ASK wa###king.net
DNS ASK fa###ile.net
DNS ASK wa###mile.net
DNS ASK wa###than.net
DNS ASK sp###mile.net
DNS ASK sp###read.net
DNS ASK vi###read.net
DNS ASK vi###mile.net
DNS ASK vi###king.net
DNS ASK sp###king.net
DNS ASK sp###king.ru
'23#.#55.255.250':1900

Your browser is obsolete!

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial

他のDr.Webリソース

Your browser is obsolete!

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Trojan.DownLoader23.33202

Technical Information

Curing recommendations

Free trial

SNSでのDr.Web

他のDr.Webリソース