Trojan.KillProc.31936

Technical Information

Malicious functions:

Executes the following:

'<SYSTEM32>\net1.exe' user /add m4iw1i1rrct 1gscga0ct5m
'<SYSTEM32>\net1.exe' /pid=3472
'<SYSTEM32>\net1.exe' user /add ppvkkt22wf0 m4wu1uxk1tl
'<SYSTEM32>\net1.exe' /pid=3376
'<SYSTEM32>\net1.exe' user /add e14ygmgqkdy 3neqt4fqy42
'<SYSTEM32>\net1.exe' user /add ctu1xrbwqou z0s5ruo1e2a
'<SYSTEM32>\net1.exe' user /add hbo35falcte gt5denf4gxj
'<SYSTEM32>\net1.exe' /pid=3568
'<SYSTEM32>\net1.exe' /pid=3280
'<SYSTEM32>\net1.exe' /c ""C:\vytvorit_pouzivatela.bat" "
'<SYSTEM32>\net1.exe' user /add nmsh1usnnti xoqyr2yeuis
'<SYSTEM32>\net1.exe' user /add b2xfbpw3rjp z0edycocnpj
'<SYSTEM32>\net1.exe' user /add 4qbxeopounx crqnummvthz
'<SYSTEM32>\net1.exe' /pid=3196
'<SYSTEM32>\net1.exe' user /add ho5il2z4kx0 4au2rocpcni
'<SYSTEM32>\net1.exe' /pid=3104
'<SYSTEM32>\net1.exe' user /add 0zsx3cq2b1q 33rm0q5wjwi
'<SYSTEM32>\net1.exe' /pid=3008
'<SYSTEM32>\net1.exe' user /add 31pjipjqrr1 eqfpy4pef2s
'<SYSTEM32>\net1.exe' user /add i2bqkre32rl r1lljz0zekf
'%WINDIR%\explorer.exe' user /add nwvxre5ajlq 1uuve00eloa
'<SYSTEM32>\net1.exe' /pid=3384
'<SYSTEM32>\net1.exe' /c del %systemdrive% /s /f /q
'<SYSTEM32>\net1.exe' user /add wwgcs2a4ydv xvnadcd33wh
'<SYSTEM32>\net1.exe' /pid=2968
'<SYSTEM32>\net1.exe' user /add 25hcuuzbv20 dnaylfktsp3
'<SYSTEM32>\net1.exe' user /add zn5te5yoown oy3cuz00eef
'<SYSTEM32>\net1.exe' user /add qv4nfsv14iq zh4ovmmolda
'<SYSTEM32>\net1.exe' user /add bnlgod1ro5p gbadtnoycfr
'<SYSTEM32>\net1.exe' /pid=2908
'<SYSTEM32>\net1.exe' user /add erat2r3l4u0 i315erwizjk
'<SYSTEM32>\net1.exe' /pid=3988
'<SYSTEM32>\net1.exe' user /add 44gzdqy4snv ikzwrvqqjjv
'<SYSTEM32>\net1.exe' /pid=1520
'<SYSTEM32>\net1.exe' /pid=1592
'<SYSTEM32>\net1.exe' user /add ugakjfrsxq1 jd2iixesc0c
'<SYSTEM32>\net1.exe' user /add pan45i30yw5 iqwtdpopjrq
'<SYSTEM32>\net1.exe' user /add zm2ikflqulp sweqm2bewgt
'<SYSTEM32>\net1.exe' user /add 002iczb2xne 5szxqdxc3hp
'<SYSTEM32>\net1.exe' user /add e3sostfmj30 fq3wurt3q3v
'<SYSTEM32>\net1.exe' user /add laxhh20uw1l rpaodaopixr
'<SYSTEM32>\net1.exe' user /add hvlica2oi4o wegc33yvp0e
'<SYSTEM32>\net1.exe' user /add ys0o3ajmar3 mzjki43hwos
'<SYSTEM32>\net1.exe' user /add y1j3teamh4s k1atyvd2c5j
'<SYSTEM32>\net1.exe' user /add rjr5un2jpsz cr01ncq3f22
'<SYSTEM32>\net1.exe' user /add ypmgzkrsv2y y1kb1zpehjy
'<SYSTEM32>\cmd.exe' /c ""C:\vytvorit_pouzivatela.bat" "
'%WINDIR%\explorer.exe'
'<SYSTEM32>\net1.exe' user /add ze1pk0haks2 1tviy1btz0t
'<SYSTEM32>\net1.exe' user /add pewd1jftef5 huqed0zbszm
'<SYSTEM32>\net1.exe' user /add dtvlr5yjdpq m53ibptd1fk
'<SYSTEM32>\net1.exe' user /add wjeb3nack5b yrexljkmjqp
'<SYSTEM32>\net1.exe' user /add 01a5a2clmbm 1gonqibgfi5
'<SYSTEM32>\net1.exe' user /add 04ggrn1m2xc 0hqacsqsfy3
'<SYSTEM32>\net1.exe' user /add rt5b2mb1uul 1t1p3kqynq0
'<SYSTEM32>\net1.exe' user /add x5sq0qwygg2 l2cgjvkzwsq
'<SYSTEM32>\net1.exe' user /add ghw1ypcafmy gjkrempem3a
'<SYSTEM32>\net1.exe' user /add udn2zxzokpp qgcrnuthn5g
'<SYSTEM32>\net1.exe' user /add gefah2xosbo egff0bqfnzr
'<SYSTEM32>\net1.exe' user /add qmpd3pnvgud pgd2vctrnhq
'<SYSTEM32>\net1.exe' user /add fz02j3h4pm1 i0x4hwodaje
'<SYSTEM32>\net1.exe' user /add 3equpfvtavu esp0r3emxsc
'<SYSTEM32>\net1.exe' user /add tvmnkf25hj4 m1hra40ybi3
'<SYSTEM32>\net1.exe' user /add 3sirrcepbf4 mn1pfc3vuxd
'<SYSTEM32>\net1.exe' user /add gpk1vs0obum n4lm0yfq4m4
'<SYSTEM32>\net1.exe' user /add 1onqtcivkep 3fhfqh2cbu4
'<SYSTEM32>\net1.exe' user /add nvr1povdhb5 xg2mhcnqgxj
'<SYSTEM32>\net1.exe' user /add fchjdmkmtm2 xkb01m1pxp0
'<SYSTEM32>\net1.exe' user /add pn03v54jeof i5y2i33d32l

Injects code into

the following system processes:

<SYSTEM32>\cmd.exe
%WINDIR%\explorer.exe
<SYSTEM32>\net1.exe
<SYSTEM32>\net.exe

Terminates or attempts to terminate

the following system processes:

%WINDIR%\Explorer.EXE

the following user processes:

skype.exe
chrome.exe
iexplore.exe

Modifies file system :

Creates the following files:

C:\1ft4hayofup.exe
C:\jw3kkbq3du1.exe
C:\lqyrzhdiqrf.exe
C:\tihaws2gqjh.exe
C:\3crmflaer0l.exe
C:\my4vgcdjl3u.exe
C:\5crmvesl2op.exe
C:\trd5qxyht22.exe
C:\ynwcxvgcq4h.exe
C:\vytvorit_pouzivatela.bat
C:\xjpbzlcx1ms.exe
C:\yhr3w4ih05y.exe
C:\lj5feswlcgq.exe
C:\43f1spawpic.exe

Sets the 'hidden' attribute to the following files:

C:\tihaws2gqjh.exe
C:\1ft4hayofup.exe
C:\jw3kkbq3du1.exe
C:\3crmflaer0l.exe
C:\my4vgcdjl3u.exe
C:\5crmvesl2op.exe
C:\lqyrzhdiqrf.exe
C:\xjpbzlcx1ms.exe
C:\trd5qxyht22.exe
C:\ynwcxvgcq4h.exe
C:\yhr3w4ih05y.exe
C:\lj5feswlcgq.exe
C:\43f1spawpic.exe

Deletes itself.

Miscellaneous:

Searches for the following windows:

ClassName: 'Proxy Desktop' WindowName: '(null)'
ClassName: 'Shell_TrayWnd' WindowName: '(null)'

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial