Win32.Xpaj.1

Technical Information

To ensure autorun and distribution

Infects the following executable files

%TEMP%\1087.tmp
%TEMP%\dcf9.tmp
%TEMP%\e6ed.tmp
%TEMP%\edb6.tmp
%TEMP%\f1de.tmp
%TEMP%\f4ce.tmp
%TEMP%\fbf4.tmp
%TEMP%\2364.tmp
%TEMP%\2961.tmp
%TEMP%\cdc2.tmp
%TEMP%\d5d2.tmp
%TEMP%\31ef.tmp
%TEMP%\4176.tmp
%TEMP%\48ab.tmp
%TEMP%\6751.tmp
%TEMP%\704c.tmp
%TEMP%\7fbf.tmp
%TEMP%\8520.tmp
%TEMP%\a397.tmp
%TEMP%\aa31.tmp
%TEMP%\3898.tmp
%TEMP%\3b98.tmp
%TEMP%\bd45.tmp
%TEMP%\b16c.tmp
%TEMP%\a842.tmp
%TEMP%\18f8.tmp
%TEMP%\1e2a.tmp
%TEMP%\2540.tmp
%TEMP%\335c.tmp
%TEMP%\3b1e.tmp
%TEMP%\4284.tmp
%TEMP%\469c.tmp
%TEMP%\5014.tmp
%TEMP%\540e.tmp
%TEMP%\13f4.tmp
%TEMP%\5af6.tmp
%TEMP%\6598.tmp
%TEMP%\6c41.tmp
%TEMP%\7319.tmp
%TEMP%\7a5f.tmp
%TEMP%\82ae.tmp
%TEMP%\8dec.tmp
%TEMP%\9a32.tmp
%TEMP%\9f65.tmp
%TEMP%\a3bc.tmp
%TEMP%\5f5d.tmp
%TEMP%\bd7c.tmp
%TEMP%\c425.tmp

Modifies file system

Creates the following files

%TEMP%\1087.tmp
%TEMP%\cdc2.tmp
%TEMP%\d5d2.tmp
%TEMP%\dcf9.tmp
%TEMP%\e6ed.tmp
%TEMP%\edb6.tmp
%TEMP%\f1de.tmp
%TEMP%\f4ce.tmp
%TEMP%\fbf4.tmp
%TEMP%\2364.tmp
%TEMP%\2961.tmp
%TEMP%\3898.tmp
%TEMP%\c425.tmp
%TEMP%\3b98.tmp
%TEMP%\4176.tmp
%TEMP%\48ab.tmp
%TEMP%\6751.tmp
%TEMP%\704c.tmp
%TEMP%\7fbf.tmp
%TEMP%\8520.tmp
%TEMP%\a397.tmp
%TEMP%\aa31.tmp
%TEMP%\bd7c.tmp
%TEMP%\bd45.tmp
%TEMP%\31ef.tmp
%TEMP%\b16c.tmp
%TEMP%\540e.tmp
%TEMP%\13f4.tmp
%TEMP%\18f8.tmp
%TEMP%\1e2a.tmp
%TEMP%\2540.tmp
%TEMP%\335c.tmp
%TEMP%\3b1e.tmp
%TEMP%\40fc.tmp
%TEMP%\4284.tmp
%TEMP%\469c.tmp
%TEMP%\5014.tmp
%TEMP%\5af6.tmp
%TEMP%\a3bc.tmp
%TEMP%\5f5d.tmp
%TEMP%\6598.tmp
%TEMP%\6c41.tmp
%TEMP%\7319.tmp
%TEMP%\7a5f.tmp
%TEMP%\82ae.tmp
%TEMP%\8a41.tmp
%TEMP%\8dec.tmp
%TEMP%\9a32.tmp
%TEMP%\9f65.tmp
%TEMP%\a842.tmp
%TEMP%\ca51.tmp

Deletes the following files

%TEMP%\40fc.tmp
%TEMP%\8a41.tmp

Moves the following files

from %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\bin\mscordmp.exe to %TEMP%\12f9.tmp
from %ProgramFiles(x86)%\winamp\plugins\in_vorbis.dll to %TEMP%\e585.tmp
from %CommonProgramFiles(x86)%\microsoft shared\help\vsbrowse.dll to %TEMP%\ed76.tmp
from %ProgramFiles(x86)%\steam\sdl2.dll to %TEMP%\f19f.tmp
from %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\swscale-ics-3.dll to %TEMP%\f402.tmp
from %ProgramFiles(x86)%\k-lite codec pack\tools\setacl_x86.exe to %TEMP%\f82b.tmp
from %CommonProgramFiles(x86)%\microsoft shared\help\msenv.dll to %TEMP%\2305.tmp
from %CommonProgramFiles(x86)%\microsoft shared\msdn\docutil.dll to %TEMP%\27ca.tmp
from %ProgramFiles(x86)%\steam\libavcodec-56.dll to %TEMP%\3181.tmp
from %ProgramFiles(x86)%\winamp\nsutil.dll to %TEMP%\d5a3.tmp
from %ProgramFiles(x86)%\winamp\plugins\gen_jumpex.dll to %TEMP%\dcb9.tmp
from %ProgramFiles(x86)%\k-lite codec pack\filters\haali\mp4.dll to %TEMP%\3878.tmp
from %ProgramFiles(x86)%\pidgin\sasl2\saslcrammd5.dll to %TEMP%\453f.tmp
from %ProgramFiles(x86)%\k-lite codec pack\filters\haali\gdsmux.exe to %TEMP%\500f.tmp
from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\ccme_ecc.dll to %TEMP%\6df9.tmp
from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\ccme_asym.dll to %TEMP%\785c.tmp
from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\ccme_ecdrbg.dll to %TEMP%\84c1.tmp
from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\ccme_base.dll to %TEMP%\8b7a.tmp
from %ProgramFiles(x86)%\steam\amf\mcl-windesktop32.dll to %TEMP%\a945.tmp
from %ProgramFiles(x86)%\steam\amf\amf-core-windesktop32.dll to %TEMP%\b08b.tmp
from %ProgramFiles(x86)%\winamp\plugins\enc_flac.dll to %TEMP%\3b39.tmp
from %ProgramFiles(x86)%\winamp\elevatorps.dll to %TEMP%\40f8.tmp
from %ProgramFiles(x86)%\microsoft visual studio .net 2003\vc7\bin\c1.dll to %TEMP%\c804.tmp
from %ProgramFiles(x86)%\pidgin\softokn3.dll to %TEMP%\b804.tmp
from %ProgramFiles(x86)%\winamp\plugins\ml_local.dll to %TEMP%\af58.tmp
from %ProgramFiles(x86)%\winamp\plugins\out_ds.dll to %TEMP%\1e09.tmp
from %ProgramFiles(x86)%\k-lite codec pack\filters\haali\mkx.dll to %TEMP%\2474.tmp
from %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\avcodec-ics-56.dll to %TEMP%\31e4.tmp
from %ProgramFiles(x86)%\k-lite codec pack\filters\ffdshow\ff_unrar.dll to %TEMP%\3939.tmp
from %CommonProgramFiles(x86)%\microsoft shared\help\atl71.dll to %TEMP%\408e.tmp
from %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\bin\fuslogvw.exe to %TEMP%\45ff.tmp
from %ProgramFiles(x86)%\winamp\plugins\in_mp4.dll to %TEMP%\4c79.tmp
from %ProgramFiles(x86)%\microsoft.net\sdk\v1.1\bin\cordbg.exe to %TEMP%\5267.tmp
from %CommonProgramFiles(x86)%\microsoft shared\office10\usp10.dll to %TEMP%\5ad5.tmp
from %ProgramFiles(x86)%\pidgin\ssl3.dll to %TEMP%\180c.tmp
from %ProgramFiles(x86)%\winamp\plugins\vis_nsfs.dll to %TEMP%\5f0d.tmp
from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\cryptocme.dll to %TEMP%\6a7b.tmp
from %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\ccme_base_non_fips.dll to %TEMP%\72ca.tmp
from %ProgramFiles(x86)%\k-lite codec pack\icaros\32-bit\avformat-ics-56.dll to %TEMP%\7906.tmp
from %ProgramFiles(x86)%\winamp\plugins\in_wm.dll to %TEMP%\81f1.tmp
from %ProgramFiles(x86)%\pidgin\libplc4.dll to %TEMP%\8927.tmp
from %ProgramFiles(x86)%\steam\bin\openvr_api.dll to %TEMP%\958e.tmp
from %ProgramFiles(x86)%\winamp\plugins\gen_tray.dll to %TEMP%\9e1b.tmp
from %ProgramFiles(x86)%\winamp\plugins\in_mod.dll to %TEMP%\a34e.tmp
from %ProgramFiles(x86)%\winamp\plugins\ml_wire.dll to %TEMP%\a812.tmp
from %ProgramFiles(x86)%\steam\libswscale-3.dll to %TEMP%\6401.tmp
from %ProgramFiles(x86)%\steam\icuuc.dll to %TEMP%\c398.tmp
from %ProgramFiles(x86)%\steam\amf\amf-component-vc-windesktop32.dll to %TEMP%\c995.tmp

Substitutes the following executable files

%ProgramFiles(x86)%\Microsoft.NET\SDK\v1.1\Bin\mscordmp.exe
%ProgramFiles(x86)%\Winamp\Plugins\in_vorbis.dll
%CommonProgramFiles(x86)%\microsoft shared\Help\vsbrowse.dll
%ProgramFiles(x86)%\Steam\SDL2.dll
%ProgramFiles(x86)%\K-Lite Codec Pack\Icaros\32-bit\swscale-ics-3.dll
%ProgramFiles(x86)%\K-Lite Codec Pack\Tools\SetACL_x86.exe
%CommonProgramFiles(x86)%\microsoft shared\Help\msenv.dll
%CommonProgramFiles(x86)%\microsoft shared\MSDN\DocUtil.dll
%ProgramFiles(x86)%\Steam\libavcodec-56.dll
%ProgramFiles(x86)%\Winamp\nsutil.dll
%ProgramFiles(x86)%\Winamp\Plugins\gen_jumpex.dll
%ProgramFiles(x86)%\K-Lite Codec Pack\Filters\Haali\mp4.dll
%ProgramFiles(x86)%\Pidgin\sasl2\saslCRAMMD5.dll
%ProgramFiles(x86)%\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
%ProgramFiles(x86)%\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll
%ProgramFiles(x86)%\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll
%ProgramFiles(x86)%\Adobe\Acrobat Reader DC\Reader\ccme_ecdrbg.dll
%ProgramFiles(x86)%\Adobe\Acrobat Reader DC\Reader\ccme_base.dll
%ProgramFiles(x86)%\Steam\amf\mcl-windesktop32.dll
%ProgramFiles(x86)%\Steam\amf\amf-core-windesktop32.dll
%ProgramFiles(x86)%\Winamp\Plugins\enc_flac.dll
%ProgramFiles(x86)%\Winamp\elevatorps.dll
%ProgramFiles(x86)%\Microsoft Visual Studio .NET 2003\Vc7\bin\c1.dll
%ProgramFiles(x86)%\Pidgin\softokn3.dll
%ProgramFiles(x86)%\Winamp\Plugins\ml_local.dll
%ProgramFiles(x86)%\Winamp\Plugins\out_ds.dll
%ProgramFiles(x86)%\K-Lite Codec Pack\Filters\Haali\mkx.dll
%ProgramFiles(x86)%\K-Lite Codec Pack\Icaros\32-bit\avcodec-ics-56.dll
%ProgramFiles(x86)%\K-Lite Codec Pack\Filters\ffdshow\ff_unrar.dll
%CommonProgramFiles(x86)%\microsoft shared\Help\atl71.dll
%ProgramFiles(x86)%\Microsoft.NET\SDK\v1.1\Bin\FUSLOGVW.exe
%ProgramFiles(x86)%\Winamp\Plugins\in_mp4.dll
%ProgramFiles(x86)%\Microsoft.NET\SDK\v1.1\Bin\cordbg.exe
%CommonProgramFiles(x86)%\microsoft shared\Office10\USP10.DLL
%ProgramFiles(x86)%\Pidgin\ssl3.dll
%ProgramFiles(x86)%\Winamp\Plugins\vis_nsfs.dll
%ProgramFiles(x86)%\Adobe\Acrobat Reader DC\Reader\cryptocme.dll
%ProgramFiles(x86)%\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll
%ProgramFiles(x86)%\K-Lite Codec Pack\Icaros\32-bit\avformat-ics-56.dll
%ProgramFiles(x86)%\Winamp\Plugins\in_wm.dll
%ProgramFiles(x86)%\Pidgin\libplc4.dll
%ProgramFiles(x86)%\Steam\bin\openvr_api.dll
%ProgramFiles(x86)%\Winamp\Plugins\gen_tray.dll
%ProgramFiles(x86)%\Winamp\Plugins\in_mod.dll
%ProgramFiles(x86)%\Winamp\Plugins\ml_wire.dll
%ProgramFiles(x86)%\Steam\libswscale-3.dll
%ProgramFiles(x86)%\Steam\icuuc.dll
%ProgramFiles(x86)%\Steam\amf\amf-component-vc-windesktop32.dll

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information