Trojan.MulDrop28.36478

Technical Information

To ensure autorun and distribution

Sets the following service settings

[HKLM\System\CurrentControlSet\Services\EASL AVI Tool Box 11.2.46] 'Start' = '00000002'
[HKLM\System\CurrentControlSet\Services\EASL AVI Tool Box 11.2.46] 'ImagePath' = '%ALLUSERSPROFILE%\EASL AVI Tool Box 11.2.46\EASL AVI Tool Box 11.2.46.exe'

Creates the following services

'EASL AVI Tool Box 11.2.46' %ALLUSERSPROFILE%\EASL AVI Tool Box 11.2.46\EASL AVI Tool Box 11.2.46.exe

Modifies file system

Creates the following files

%TEMP%\is-jnrnf.tmp\<File name>.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-k8ebt.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-v859l.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-ivk8r.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-o8vdn.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-efjji.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-c9e3p.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-lf87f.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-9s7ef.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-fv1u2.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-f8na3.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-9arbn.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-hvoin.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-5j7k5.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-udiht.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-0b2pt.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-gcviu.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-67h87.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-soboi.tmp
%LOCALAPPDATA%\avitoolbox 4.20\avitb32.exe
%LOCALAPPDATA%\avitoolbox 4.20\is-djpb1.tmp
%LOCALAPPDATA%\avitoolbox 4.20\unins000.dat
%LOCALAPPDATA%\avitoolbox 4.20\is-n0me9.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-9277i.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-jvcn9.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-rbpef.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-39re5.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-ij6to.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-tl15j.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-snk2n.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-ka8rv.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-c290a.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-r4hq7.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-ruiel.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-cps90.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-6s4vg.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-0j912.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-bq7fj.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-tjsqf.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-7rd4c.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-p4it4.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-7fpo3.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.windows.common-controls\is-7hni3.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5puuu.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-irh1o.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-nc4f5.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5k62g.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-cgsl7.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-coglf.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-g2i3j.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-05gnj.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-bqlfk.tmp
%LOCALAPPDATA%\avitoolbox 4.20\is-7m9m9.tmp
%TEMP%\is-ca362.tmp\_isetup\_iscrypt.dll
%TEMP%\is-ca362.tmp\_isetup\_shfoldr.dll
%TEMP%\is-ca362.tmp\_isetup\_setup64.tmp
%TEMP%\is-ca362.tmp\_isetup\_regdll.tmp
%LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-1m2dn.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-vlr5h.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-32vq0.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-2fuqa.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-jq4eq.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-ojpuq.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-1e0os.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-bn8n4.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-i7661.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-h5rif.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-nb567.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-a0iq6.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-vcadj.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-1qe4i.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-h0tme.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-kafkl.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-bjabh.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-hdhec.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-sef1p.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-qdnnh.tmp
%LOCALAPPDATA%\avitoolbox 4.20\language\is-2774h.tmp
%ALLUSERSPROFILE%\easl avi tool box 11.2.46\easl avi tool box 11.2.46.exe

Deletes the following files

%LOCALAPPDATA%\avitoolbox 4.20\verify.dll

Moves the following files

from %LOCALAPPDATA%\avitoolbox 4.20\is-7m9m9.tmp to %LOCALAPPDATA%\avitoolbox 4.20\unins000.exe
from %LOCALAPPDATA%\avitoolbox 4.20\is-ivk8r.tmp to %LOCALAPPDATA%\avitoolbox 4.20\postproc-51.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-o8vdn.tmp to %LOCALAPPDATA%\avitoolbox 4.20\encodesettings.ini
from %LOCALAPPDATA%\avitoolbox 4.20\is-efjji.tmp to %LOCALAPPDATA%\avitoolbox 4.20\intelhw.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-c9e3p.tmp to %LOCALAPPDATA%\avitoolbox 4.20\nvencoderkernel.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-lf87f.tmp to %LOCALAPPDATA%\avitoolbox 4.20\cudaencoderkernel.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-k8ebt.tmp to %LOCALAPPDATA%\avitoolbox 4.20\recwin7.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-fv1u2.tmp to %LOCALAPPDATA%\avitoolbox 4.20\capture.wav
from %LOCALAPPDATA%\avitoolbox 4.20\is-f8na3.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avutil-52.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-9arbn.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avformat.ini
from %LOCALAPPDATA%\avitoolbox 4.20\is-hvoin.tmp to %LOCALAPPDATA%\avitoolbox 4.20\postproc-52.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-5j7k5.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avdevice-55.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-udiht.tmp to %LOCALAPPDATA%\avitoolbox 4.20\audioresample.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-0b2pt.tmp to %LOCALAPPDATA%\avitoolbox 4.20\bitmap2avi.dll.intermediate.manifest
from %LOCALAPPDATA%\avitoolbox 4.20\is-67h87.tmp to %LOCALAPPDATA%\avitoolbox 4.20\camcapture.dll
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-nb567.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_russian.ini
from %LOCALAPPDATA%\avitoolbox 4.20\is-9s7ef.tmp to %LOCALAPPDATA%\avitoolbox 4.20\screenhook.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-rbpef.tmp to %LOCALAPPDATA%\avitoolbox 4.20\istask.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-39re5.tmp to %LOCALAPPDATA%\avitoolbox 4.20\apngdecoder.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-ij6to.tmp to %LOCALAPPDATA%\avitoolbox 4.20\servicectrl.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-snk2n.tmp to %LOCALAPPDATA%\avitoolbox 4.20\installhelp.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-soboi.tmp to %LOCALAPPDATA%\avitoolbox 4.20\ve64.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-ka8rv.tmp to %LOCALAPPDATA%\avitoolbox 4.20\ve32.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-gcviu.tmp to %LOCALAPPDATA%\avitoolbox 4.20\pthreadvc2.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-v859l.tmp to %LOCALAPPDATA%\avitoolbox 4.20\pthreadgc2.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-ruiel.tmp to %LOCALAPPDATA%\avitoolbox 4.20\xvidcore.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-cps90.tmp to %LOCALAPPDATA%\avitoolbox 4.20\waverec.ini
from %LOCALAPPDATA%\avitoolbox 4.20\is-6s4vg.tmp to %LOCALAPPDATA%\avitoolbox 4.20\waverec.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-0j912.tmp to %LOCALAPPDATA%\avitoolbox 4.20\utlis.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-djpb1.tmp to %LOCALAPPDATA%\avitoolbox 4.20\textdlg.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-tjsqf.tmp to %LOCALAPPDATA%\avitoolbox 4.20\swscale-2.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-r4hq7.tmp to %LOCALAPPDATA%\avitoolbox 4.20\magicskin.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-bq7fj.tmp to %LOCALAPPDATA%\avitoolbox 4.20\swresample-0.dll
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-tl15j.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_spanish.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-7rd4c.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_russian.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-a0iq6.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_portugues.ini
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-nc4f5.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfcm90.dll
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-bqlfk.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\microsoft.vc90.crt.manifest
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-05gnj.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\msvcm90.dll
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-1m2dn.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\msvcp90.dll
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\is-g2i3j.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.crt\msvcr90.dll
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-cgsl7.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfc90.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-9277i.tmp to %LOCALAPPDATA%\avitoolbox 4.20\gsdownload.dll
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5k62g.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfc90u.dll
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-2fuqa.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\italian.ini
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-5puuu.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\microsoft.vc90.mfc.manifest
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.windows.common-controls\is-7hni3.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.windows.common-controls\comctl32.dll
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-7fpo3.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\chinese(traditional).ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-coglf.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\english.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-2774h.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\frence.ini
from %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\is-irh1o.tmp to %LOCALAPPDATA%\avitoolbox 4.20\microsoft.vc90.mfc\mfcm90u.dll
from %LOCALAPPDATA%\avitoolbox 4.20\is-c290a.tmp to %LOCALAPPDATA%\avitoolbox 4.20\verify.dll
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-qdnnh.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\portugues.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-bjabh.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_chinese(traditional).ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-sef1p.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\russian.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-32vq0.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_italian.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-jq4eq.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_japanese.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-ojpuq.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_frence.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-1e0os.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_english.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-bn8n4.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\autosettings_chinese(traditional).ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-hdhec.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\spanish.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-i7661.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\index.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-p4it4.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\japanese.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-vcadj.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_portugues.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-vlr5h.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_italian.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-1qe4i.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_japanese.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-h0tme.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_frence.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-kafkl.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_english.ini
from %LOCALAPPDATA%\avitoolbox 4.20\language\is-h5rif.tmp to %LOCALAPPDATA%\avitoolbox 4.20\language\waverec_spanish.ini
from %LOCALAPPDATA%\avitoolbox 4.20\is-n0me9.tmp to %LOCALAPPDATA%\avitoolbox 4.20\avitb32.exe

Substitutes the following files

%LOCALAPPDATA%\avitoolbox 4.20\verify.dll

Miscellaneous

Searches for the following windows

ClassName: 'r56d1_aviTB_1124_r56d1' WindowName: ''

Creates and executes the following

'%TEMP%\is-jnrnf.tmp\<File name>.tmp' /SL5="$50246,5421338,54272,<Full path to file>"
'%LOCALAPPDATA%\avitoolbox 4.20\avitb32.exe' -i

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial