マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Siggen.2236

Added to the Dr.Web virus database: 2019-10-15

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Launches processes:
  • sh
  • mkdir -p /etc/config/runone
  • cp -a /etc/config/runone/.S99utelnetd.sh.bak /etc/config/runone/.S99utelnetd.sh
  • cp /etc/config/runone/.S99utelnetd.sh.bak /etc/config/runone/.S99utelnetd.sh
  • chmod 755 /etc/config/runone/.S99utelnetd.sh
  • busybox --list
  • dirname /
  • grep -F ab*c
  • date +%s
  • whoami
  • uname -m
  • readlink /share/homes
  • readlink /share/Public
  • readlink /share/Download
  • readlink /share/Multimedia
  • readlink /share/Web
  • readlink /share/Recordings
  • tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
  • sed -n :s;/^[ ]*\[share_def][ ]*$/{:x;n;/^[ ]*\[.*][ ]*$/bs;s/[ ]*defvolmp[ ]*=[ ]*\(.*\)/\1/p;tq;bx;:q;q}
  • sed h;s/[^=]*\(=\{
  • mount
  • sed -n s/.*\(\/share\/[^ /]\+\) .*/\1/gp
  • head -n 1
  • nslookup qnap.com
  • mkdir /var/lock/.qpkgd.lck
  • mkdir -p /mnt/HDA_ROOT/.system/.qpkg
  • cat
  • chmod 755 /mnt/HDA_ROOT/.system/.qpkg/qpkgd
  • dd if=/dev/urandom bs=1 count=1
  • date -d @1557611231 +%m%d%H%M%Y.%S
  • mkdir /var/lock/.ctime.lck
  • date -d @1571140104 +%m%d%H%M%Y.%S
  • date 051200472019.11
  • touch /mnt/HDA_ROOT/.system/.qpkg/qpkgd
  • stat -c %#03a /mnt/HDA_ROOT/.system/.qpkg/qpkgd
  • stat -c %a /mnt/HDA_ROOT/.system/.qpkg/qpkgd
  • chmod 0755 /mnt/HDA_ROOT/.system/.qpkg/qpkgd
  • chattr +ai /mnt/HDA_ROOT/.system/.qpkg/qpkgd
  • date 101514482019.24
  • date +%Y
  • rm -rf /var/lock/.ctime.lck
  • stat -c %Y /mnt/HDA_ROOT/.system/.qpkg/qpkgd
  • rm -rf /var/lock/.qpkgd.lck
  • pidof -s crond
  • pidof crond
  • ps
  • sed -n s/^[ ]*\([0-9]\{
  • /mnt/HDA_ROOT/.system/.qpkg/qpkgd
  • grep -F
  • rm -f .tmp.*
  • mktemp ./.tmp.XXXXXX
  • sed y/ABCDEFGHIJKLMNOPQRSTUVWXYZ-+\//abcdefghijklmnopqrstuvwxyzabc/;s/=//g
  • openssl dgst -sha1 -binary
  • openssl base64
  • rm -f ./.tmp.1Ihs4x
Performs operations with the file system:
Modifies file access rights:
  • /mnt/HDA_ROOT/.system/.qpkg/qpkgd
Creates folders:
  • /etc/config
  • /etc/config/runone
  • /.qpkgd.lck
  • /mnt/HDA_ROOT
  • /mnt/HDA_ROOT/.system
  • /mnt/HDA_ROOT/.system/.qpkg
  • /.ctime.lck
Creates or modifies files:
  • /var/lock/.qpkgd.lck/.pid
  • /run/lock/.qpkgd.lck/.pid
  • /mnt/HDA_ROOT/.system/.qpkg/qpkgd
  • /var/lock/.ctime.lck/.pid
  • /run/lock/.ctime.lck/.pid
  • /mnt/HDA_ROOT/.system/.qpkg/.rsakey
  • /mnt/HDA_ROOT/.system/.qpkg/.tmp.1Ihs4x
Deletes files:
  • /mnt/HDA_ROOT/.system/.pid
  • /mnt/HDA_ROOT/.system/.qpkg/.tmp.*
  • /mnt/HDA_ROOT/.system/.qpkg/.tmp.1Ihs4x
Network activity:
DNS ASK:
  • qn##.com
Other:
Collects CPU information
Collects RAM information

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number