マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Packed.374

Added to the Dr.Web virus database: 2019-04-28

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
  • iptables -I INPUT -p tcp --dport 22 -j DROP
  • iptables -I INPUT -p tcp --dport 23 -j DROP
  • iptables -I OUTPUT -p tcp --sport 22 -j DROP
  • iptables -I OUTPUT -p tcp --sport 23 -j DROP
  • iptables -I INPUT -p udp --dport 5353 -j ACCEPT
  • iptables -I OUTPUT -p udp --sport 5353 -j ACCEPT
  • iptables -I PREROUTING -t nat -p udp --dport 5353 -j ACCEPT
  • iptables -I POSTROUTING -t nat -p udp --sport 5353 -j ACCEPT
Launches processes:
  • sh -c echo 3 > /proc/sys/vm/drop_caches
  • sh -c iptables -I INPUT -p tcp --dport 22 -j DROP
  • sh -c iptables -I INPUT -p tcp --dport 23 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --sport 22 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --sport 23 -j DROP
  • sh -c iptables -I INPUT -p udp --dport 5353 -j ACCEPT
  • sh -c iptables -I OUTPUT -p udp --sport 5353 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p udp --dport 5353 -j ACCEPT
  • sh -c iptables -I POSTROUTING -t nat -p udp --sport 5353 -j ACCEPT
Performs operations with the file system:
Creates or modifies files:
  • /tmp/xrun.pid
  • /proc/sys/vm/drop_caches
Network activity:
Awaits incoming connections on ports:
  • 0.0.0.0:5353
Establishes connection:
  • [:##]:5353
  • 127.0.0.1:5353
  • 8.#.8.8:53
  • <LOCAL_DNS_SERVER>
DNS ASK:
  • dh#.###nsmissionbt.com
  • ro####.bittorrent.com
  • ro####.utorrent.com
  • bt#####er.debian.org
Sends data to the following servers:
  • 21#.##9.33.59:6881
  • 87.##.162.88:6881
  • 67.###.246.10:6881
  • 82.###.103.244:6881
  • 13#.##9.18.159:6881
  • 18#.##.195.181:28182
  • 5.###.183.129:51318
  • 65.##.18.166:60000
  • 69.##.131.98:52224
  • 5.###.183.129:51265
  • 1.##.#53.210:34652
  • 93.##.124.57:18420
  • 95.###.126.101:2304
  • 76.###.250.200:6883
  • 60.##.43.193:29939
  • 37.###.39.161:6881
  • 17#.###.202.22:51454
  • 14#.###.196.74:62347
  • 17#.##5.240.0:53507
  • 95.##.146.223:43611
  • 19#.##4.179.2:26722
  • 19#.###.172.169:33951
  • 37.###.109.188:35201
  • 81.###.229.235:13473
  • 17#.##6.10.190:8090
  • 21#.###.19.188:46769
  • 67.###.138.57:49620
  • 19#.###.181.225:46039
  • 19#.###.172.169:29137
  • 42.###.143.175:50321
  • 10#.###.25.168:58653
  • 54.##.65.79:51413
  • 37.###.181.159:61971
  • 17#.###.124.146:54733
  • 17#.##.120.197:6882
  • 77.###.126.218:24918
  • 10#.###.78.124:55875
  • 80.###.63.90:6881
  • 20#.###.154.237:7990
  • 10#.###.53.209:23059
  • 95.##.0.231:7656
  • 21#.###.79.238:51498
  • 13.##.164.66:8888
  • 88.###.214.207:54883
  • 11#.##.131.238:1367
  • 15#.###.229.38:65476
  • 21#.##6.79.205:7135
  • 91.###.112.6:38061
  • 37.##.44.12:1670
  • 17#.##9.7.114:46779
  • 92.###.96.232:22365
  • 92.##.190.133:10635
  • 92.###.37.178:44464
  • 79.###.163.48:57050
  • 10#.###.205.61:30887
  • 12#.#.248.130:40959
  • 10#.##.138.67:6881
  • 91.###.64.95:6881
  • 58.##.30.179:39905
  • 92.#.#36.11:50322
  • 89.###.112.74:27771
  • 10#.###.218.192:46693
  • 18#.##5.17.10:1024
  • 12#.##.37.75:60076
  • 78.###.27.200:17753
  • 81.##.156.99:6881
  • 5.##.#30.138:6881
  • 5.###.187.90:51426
  • 21#.###.79.238:33457
  • 24.###.147.235:45121
  • 95.###.204.115:51413
  • 90.##.14.149:27598
  • 19#.###.172.169:29742
  • 68.###.115.99:50321
  • 84.##.66.90:36376
  • 82.#.#7.242:45694
  • 45.##.45.76:50321
  • 20#.##1.249.5:24129
  • 21#.##7.57.5:30387
  • 18#.##.195.195:28181
  • 49.###.112.126:7518
  • 14.###.132.71:8184
  • 21#.###.19.188:47289
  • 80.#.#7.188:6881
  • 94.###.145.125:33467
  • 18#.#.12.212:6881
  • 24.###.255.170:6881
  • 19#.##.129.220:51413
  • 82.###.97.135:38477
  • 18#.##1.64.26:6881
  • 72.##.81.154:51413
  • 18#.##.34.24:57907
  • 21#.###.19.188:36808
  • 17#.###.196.235:51417
  • 5.###.75.48:6881
  • 42.###.207.221:50027
  • 83.###.64.12:51413
  • 19#.###.164.42:51413
  • 15#.##.254.26:61920
  • 10#.###.90.132:51413
  • 37.###.121.59:30805
  • 10#.###.180.104:27131
  • 10#.##1.56.52:9090
  • 37.###.5.27:49858
  • 62.###.101.227:6881
  • 21#.##1.29.4:34697
  • 17#.##2.205.4:6910
  • 62.###.109.182:49834
  • 24.##.177.220:50321
  • 17#.##2.202.22:6957
  • 73.##.122.39:8999
  • 17#.###.110.125:51413
  • 80.###.159.85:6881
  • 82.##.211.233:39568
  • 1.###.24.107:20265
  • 70.##.253.89:42959
  • 73.###.184.167:6881
  • 18#.##3.39.132:1477
  • 10#.###.197.177:11075
  • 91.##.24.109:6881
  • 82.##.143.44:6889
  • 31.###.178.8:6881
  • 66.###.106.60:6882
  • 79.###.62.49:62032
  • 11#.###.196.94:52573
  • 83.###.31.75:55380
  • 92.###.4.78:13235
  • 66.###.92.134:19789
  • 19#.##.1.10:42915
  • 17#.###.198.137:2579
  • 1.###.125.20:7294
  • 5.###.187.90:31371
  • 5.###.183.129:46942
  • 5.###.187.90:31364
  • 5.###.188.23:46954
  • 5.###.187.90:31335
  • 17#.##2.202.22:6911
  • 91.###.27.248:12559
  • 17#.##.68.8:54576
  • 87.###.145.229:51759
  • 19#.###.39.210:47019
  • 50.##.3.85:39044
  • 95.###.85.206:60855
  • 45.#.#48.94:39277
  • 90.###.70.62:3280
  • 10#.##.236.51:51413
  • 18#.###.233.58:51413
  • 82.##.93.173:16220
  • 46.###.125.55:5736
  • 21#.###.237.240:17709
  • 92.###.194.136:51410
  • 46.###.14.207:13558
  • 17#.##.130.151:9777
  • 81.###.252.205:9089
  • 86.###.77.14:54235
  • 81.###.89.173:48037
  • 17#.###.228.35:29426
  • 89.###.12.214:6881
  • 17#.###.149.145:13588
  • 47.###.106.224:47676
  • 11#.###.196.73:64857
  • 20#.###.233.35:34134
  • 82.#.#68.23:32976
  • 84.###.179.101:39748
  • 10#.###.66.255:51413
  • 18#.##.195.199:28099
  • 37.###.193.23:30601
  • 18#.##9.56.86:6889
  • 82.##.161.87:6882
  • 93.###.46.87:6881
  • 82.##.11.121:6882
  • 77.###.70.254:61593
  • 17#.##8.67.93:6881
  • 82.###.2.92:6881
  • 10#.##7.186.83:9089
  • 88.##.59.167:35753
  • 78.##.114.125:58730
  • 81.###.17.40:54719
  • 19#.###.172.169:30859
  • 75.###.177.172:51413
  • 61.##.231.178:48010
  • 5.###.183.129:57941
  • 10#.##.126.249:48326
  • 19#.###.164.58:61134
  • 19#.##.94.38:32642
  • 86.###.189.199:16075
  • 37.##.135.142:51009
  • 11#.##2.33.159:1151
  • 17#.###.178.182:39551
  • 96.##.189.180:35039
  • 83.###.221.88:22522
  • 78.##.145.216:6881
  • 62.###.148.114:55151
  • 37.###.37.215:46249
  • 21#.###.79.238:33421
  • 12#.###.218.222:55219
  • 17#.##.92.97:50321
  • 18#.##.195.168:28168
  • 81.###.31.216:64976
  • 81.###.22.142:61448
  • 21#.###.79.238:51424
  • 18#.###.189.143:8000
  • 62.###.201.124:6961
  • 91.###.27.241:6881
  • 91.###.60.187:9089
  • 17#.###.39.155:21363
  • 12#.##6.40.227:6881
  • 21#.##6.79.27:5976
  • 20#.###.192.205:20222
  • 14#.###.181.63:38630
  • 11#.##2.3.12:9737
  • 67.###.63.254:6882
  • 17#.##1.3.62:17349
  • 18#.##.195.177:28148
  • 17#.##.184.174:44822
  • 61.###.55.221:6881
  • 17#.##.26.64:5747
  • 21#.##6.79.7:6886
  • 21#.##6.79.27:5962
  • 17#.##8.14.89:12766
  • 12#.###.140.233:16740
  • 37.###.9.216:63075
  • 14#.##.243.168:26151
  • 12#.###.178.125:51413
  • 62.##.252.187:27850
  • 77.##.41.2:43123
  • 18#.##.16.120:30996
  • 99.##.169.199:50598
  • 37.##.18.48:61137
  • 89.###.87.31:44901
  • 68.###.68.213:50321
  • 46.#.#6.33:64869
  • 90.###.26.47:59650
  • 77.###.106.86:58303
  • 10#.###.171.236:59740
  • 10#.##3.48.18:59696
  • 96.##.172.102:64987
  • 86.##.145.160:51413
  • 18#.##6.142.80:8498
  • 73.###.19.195:51782
  • 73.##.192.58:6882
  • 11#.##.140.22:33848
  • 17#.###.109.153:51100
  • 93.###.150.87:19660
  • 37.##.26.203:61404
  • 20#.##.96.56:60785
  • 73.#.#11.140:18624
  • 17#.##.88.26:1047
  • 93.##.196.122:6881
  • 36.###.162.87:9224
  • 73.###.34.30:50321
  • 17#.##.96.232:38104
  • 73.#.#19.193:6881
  • 19#.##.167.55:24480
  • 94.###.133.164:6889
  • 18#.##.142.114:16888
  • 46.##.15.152:18124
  • 15#.###.90.107:26663
  • 21#.##.52.219:51413
  • 80.###.97.133:6881
  • 62.###.107.127:55051
  • 11#.##.113.39:24437
  • 16#.###.85.102:51413
  • 21#.##6.79.205:6910
  • 21#.##6.79.205:7151
  • 21#.##6.79.27:12286
  • 20#.#.50.224:59892
  • 93.###.66.140:26110
  • 5.###.183.129:57958
  • 51.##.135.104:53878
  • 11#.##.212.230:8000
  • 19#.###.233.162:61516
  • 85.###.203.224:7881
  • 46.###.176.42:18161
  • 20#.###.127.61:30619
  • 75.###.2.193:41232
  • 82.##.131.158:18081
  • 86.###.24.84:50007
  • 68.###.14.206:43718
  • 17#.##4.60.4:51413
  • 65.###.168.39:50321
  • 18#.###.28.211:31965
  • 17#.##1.19.29:6881
  • 86.##.14.219:19944
  • 92.###.132.84:34395
  • 37.##.250.96:59431
  • 5.###.162.62:51413
  • 21#.###.79.205:49858
  • 17#.##2.202.22:6913
  • 91.###.221.187:51413
  • 21#.##.6.33:51413
  • 5.###.183.129:46946
  • 37.###.118.187:64807
  • 24.###.104.216:6883
  • 47.#.#8.188:65259
  • 59.#.27.4:6881
  • 24.###.58.127:6881
  • 82.##.138.73:61927
  • 10#.##.30.45:12842
  • 92.##.163.228:6881
  • 61.###.104.249:6881
  • 10#.##5.82.71:30193
  • 22#.###.231.183:6881
  • 11#.##.162.120:7741
  • 1.###.89.108:7966
  • 12#.##6.32.6:18889
  • 81.###.57.144:6882
  • 21#.##6.79.238:6962
  • 46.###.184.37:62147
  • 84.##.179.149:6881
  • 11#.###.235.24:24158
  • 90.###.93.113:6881
  • 46.###.25.120:51413
  • 92.###.188.228:34922
  • 85.##.187.196:1080
  • 77.##.140.115:41014
  • 18#.##6.34.54:43147
  • 68.##.90.122:5771
  • 5.###.185.57:3963
  • 19#.###.100.188:7881
  • 19#.###.51.103:51413
  • 81.#.#10.160:48847
  • 81.###.151.71:11632
  • 86.##.216.247:6889
  • 95.##.68.190:48319
  • 46.###.41.81:51413
  • 2.###.194.66:35778
  • 80.##.135.18:36434
  • 90.###.81.94:6881
  • 15#.###.172.250:26085
  • 58.###.96.152:40550
  • 11#.###.15.115:51413
  • 37.###.100.42:31915
  • 21#.##0.196.40:6881
  • 21#.##6.79.7:51425
  • 93.#.#52.175:36057
  • 18#.##0.30.177:6889
  • 92.###.30.196:17346
  • 99.###.250.110:1024
  • 76.###.22.97:6882
  • 37.##.199.136:10031

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number