Trojan.Siggen21.60239

Technical Information

Modifies file system

Creates the following files

%TEMP%\is-oi4b6.tmp\<File name>.tmp
%ProgramFiles(x86)%\latalib\pywin32_system32\is-a40g9.tmp
%ProgramFiles(x86)%\latalib\phonon_backend\is-vnt6a.tmp
%ProgramFiles(x86)%\latalib\phonon_backend\is-ctqhi.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-ervmf.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-i8tmn.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-7mr3d.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-fsjdj.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-1tvfs.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-5jngc.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-1m5du.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-uivfg.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-bk90s.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-7a6bj.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-7pvf6.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-4ugvi.tmp
%ProgramFiles(x86)%\latalib\pywin32_system32\is-nr7dd.tmp
%ProgramFiles(x86)%\latalib\shiboken2\is-j81n6.tmp
%ProgramFiles(x86)%\latalib\shiboken2\is-2441e.tmp
%ProgramFiles(x86)%\latalib\shiboken2\is-lthit.tmp
%ProgramFiles(x86)%\latalib\unins000.dat
%ProgramFiles(x86)%\latalib\is-26ciu.tmp
%ProgramFiles(x86)%\latalib\win32com\shell\is-djhl3.tmp
%ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-3aenc.tmp
%ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-sm969.tmp
%ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-d1krh.tmp
%ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-1k13d.tmp
%ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-k7bu5.tmp
%ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-l7gnl.tmp
%ProgramFiles(x86)%\latalib\websockets\is-i0ff9.tmp
%ProgramFiles(x86)%\latalib\sqldrivers\is-jajac.tmp
%ProgramFiles(x86)%\latalib\sqldrivers\is-v67j8.tmp
%ProgramFiles(x86)%\latalib\sqldrivers\is-01qo8.tmp
%ProgramFiles(x86)%\latalib\sqldrivers\is-vvpjg.tmp
%ProgramFiles(x86)%\latalib\sqldrivers\is-oaiu7.tmp
%ProgramFiles(x86)%\latalib\sqldrivers\is-c471d.tmp
%ProgramFiles(x86)%\latalib\latalib.exe
%ProgramFiles(x86)%\latalib\imageformats\is-enb4m.tmp
%ProgramFiles(x86)%\latalib\imageformats\is-fbuqi.tmp
%ProgramFiles(x86)%\latalib\certifi\is-dlra0.tmp
%ProgramFiles(x86)%\latalib\is-osb9d.tmp
%ProgramFiles(x86)%\latalib\is-1un4h.tmp
%ProgramFiles(x86)%\latalib\is-435oq.tmp
%ProgramFiles(x86)%\latalib\is-17h7h.tmp
%ProgramFiles(x86)%\latalib\is-tb5hn.tmp
%ProgramFiles(x86)%\latalib\is-n2s8d.tmp
%ProgramFiles(x86)%\latalib\is-vrv30.tmp
%ProgramFiles(x86)%\latalib\is-i6tmv.tmp
%ProgramFiles(x86)%\latalib\is-3rifq.tmp
%ProgramFiles(x86)%\latalib\is-nsrq7.tmp
%TEMP%\is-hc4pi.tmp\_isetup\_iscrypt.dll
%TEMP%\is-hc4pi.tmp\_isetup\_isdecmp.dll
%TEMP%\is-hc4pi.tmp\_isetup\_shfoldr.dll
%TEMP%\is-hc4pi.tmp\_isetup\_setup64.tmp
%TEMP%\is-hc4pi.tmp\_isetup\_regdll.tmp
%ProgramFiles(x86)%\latalib\is-v6akt.tmp
%ProgramFiles(x86)%\latalib\is-30kep.tmp
%ProgramFiles(x86)%\latalib\is-smehc.tmp
%ProgramFiles(x86)%\latalib\is-s864j.tmp
%ProgramFiles(x86)%\latalib\is-ef3jh.tmp
%ProgramFiles(x86)%\latalib\is-e4lup.tmp
%ProgramFiles(x86)%\latalib\is-brkv2.tmp
%ProgramFiles(x86)%\latalib\is-jeflp.tmp
%ProgramFiles(x86)%\latalib\is-hdngp.tmp
%ProgramFiles(x86)%\latalib\is-5jt3k.tmp
%ProgramFiles(x86)%\latalib\is-hapj1.tmp
%ProgramFiles(x86)%\latalib\is-gkfgh.tmp
%ProgramFiles(x86)%\latalib\is-7coti.tmp
%ProgramFiles(x86)%\latalib\is-tttc5.tmp
%ProgramFiles(x86)%\latalib\is-ibbu5.tmp
%ProgramFiles(x86)%\latalib\is-qisd6.tmp
%ProgramFiles(x86)%\latalib\is-024l2.tmp
%ProgramFiles(x86)%\latalib\is-jnq5m.tmp
%ProgramFiles(x86)%\latalib\is-v0nsl.tmp
%ProgramFiles(x86)%\latalib\is-l6e3t.tmp
%ProgramFiles(x86)%\latalib\is-rjrai.tmp
%TEMP%\license.txt

Moves the following files

from %ProgramFiles(x86)%\latalib\is-nsrq7.tmp to %ProgramFiles(x86)%\latalib\unins000.exe
from %ProgramFiles(x86)%\latalib\imageformats\is-bk90s.tmp to %ProgramFiles(x86)%\latalib\imageformats\qjpegd4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-uivfg.tmp to %ProgramFiles(x86)%\latalib\imageformats\qmng4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-1m5du.tmp to %ProgramFiles(x86)%\latalib\imageformats\qmngd4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-5jngc.tmp to %ProgramFiles(x86)%\latalib\imageformats\qsvg4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-1tvfs.tmp to %ProgramFiles(x86)%\latalib\imageformats\qsvgd4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-fsjdj.tmp to %ProgramFiles(x86)%\latalib\imageformats\qtga4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-7mr3d.tmp to %ProgramFiles(x86)%\latalib\imageformats\qtgad4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-i8tmn.tmp to %ProgramFiles(x86)%\latalib\imageformats\qtiff4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-ervmf.tmp to %ProgramFiles(x86)%\latalib\imageformats\qtiffd4.dll
from %ProgramFiles(x86)%\latalib\phonon_backend\is-ctqhi.tmp to %ProgramFiles(x86)%\latalib\phonon_backend\phonon_ds94.dll
from %ProgramFiles(x86)%\latalib\phonon_backend\is-vnt6a.tmp to %ProgramFiles(x86)%\latalib\phonon_backend\phonon_ds9d4.dll
from %ProgramFiles(x86)%\latalib\pywin32_system32\is-a40g9.tmp to %ProgramFiles(x86)%\latalib\pywin32_system32\pythoncom38.dll
from %ProgramFiles(x86)%\latalib\pywin32_system32\is-nr7dd.tmp to %ProgramFiles(x86)%\latalib\pywin32_system32\pywintypes38.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-7pvf6.tmp to %ProgramFiles(x86)%\latalib\imageformats\qicod4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-7a6bj.tmp to %ProgramFiles(x86)%\latalib\imageformats\qjpeg4.dll
from %ProgramFiles(x86)%\latalib\shiboken2\is-j81n6.tmp to %ProgramFiles(x86)%\latalib\shiboken2\msvcp140.dll
from %ProgramFiles(x86)%\latalib\shiboken2\is-2441e.tmp to %ProgramFiles(x86)%\latalib\shiboken2\shiboken2.abi3.dll
from %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-3aenc.tmp to %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\wheel
from %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-sm969.tmp to %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\top_level.txt
from %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-d1krh.tmp to %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\record
from %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-1k13d.tmp to %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\metadata
from %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-l7gnl.tmp to %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\license
from %ProgramFiles(x86)%\latalib\is-5jt3k.tmp to %ProgramFiles(x86)%\latalib\_overlapped.pyd
from %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\is-k7bu5.tmp to %ProgramFiles(x86)%\latalib\websockets-10.4.dist-info\installer
from %ProgramFiles(x86)%\latalib\sqldrivers\is-jajac.tmp to %ProgramFiles(x86)%\latalib\sqldrivers\qsqlpsqld4.dll
from %ProgramFiles(x86)%\latalib\sqldrivers\is-v67j8.tmp to %ProgramFiles(x86)%\latalib\sqldrivers\qsqlpsql4.dll
from %ProgramFiles(x86)%\latalib\sqldrivers\is-01qo8.tmp to %ProgramFiles(x86)%\latalib\sqldrivers\qsqlodbcd4.dll
from %ProgramFiles(x86)%\latalib\sqldrivers\is-vvpjg.tmp to %ProgramFiles(x86)%\latalib\sqldrivers\qsqlodbc4.dll
from %ProgramFiles(x86)%\latalib\sqldrivers\is-oaiu7.tmp to %ProgramFiles(x86)%\latalib\sqldrivers\qsqlited4.dll
from %ProgramFiles(x86)%\latalib\sqldrivers\is-c471d.tmp to %ProgramFiles(x86)%\latalib\sqldrivers\qsqlite4.dll
from %ProgramFiles(x86)%\latalib\shiboken2\is-lthit.tmp to %ProgramFiles(x86)%\latalib\shiboken2\shiboken2.pyd
from %ProgramFiles(x86)%\latalib\imageformats\is-4ugvi.tmp to %ProgramFiles(x86)%\latalib\imageformats\qico4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-enb4m.tmp to %ProgramFiles(x86)%\latalib\imageformats\qgifd4.dll
from %ProgramFiles(x86)%\latalib\imageformats\is-fbuqi.tmp to %ProgramFiles(x86)%\latalib\imageformats\qgif4.dll
from %ProgramFiles(x86)%\latalib\is-i6tmv.tmp to %ProgramFiles(x86)%\latalib\libffi-7.dll
from %ProgramFiles(x86)%\latalib\is-vrv30.tmp to %ProgramFiles(x86)%\latalib\libssl-1_1.dll
from %ProgramFiles(x86)%\latalib\is-n2s8d.tmp to %ProgramFiles(x86)%\latalib\pyexpat.pyd
from %ProgramFiles(x86)%\latalib\is-tb5hn.tmp to %ProgramFiles(x86)%\latalib\python3.dll
from %ProgramFiles(x86)%\latalib\is-17h7h.tmp to %ProgramFiles(x86)%\latalib\pythoncom38.dll
from %ProgramFiles(x86)%\latalib\is-435oq.tmp to %ProgramFiles(x86)%\latalib\pywintypes38.dll
from %ProgramFiles(x86)%\latalib\is-1un4h.tmp to %ProgramFiles(x86)%\latalib\select.pyd
from %ProgramFiles(x86)%\latalib\is-osb9d.tmp to %ProgramFiles(x86)%\latalib\tagging.pyd
from %ProgramFiles(x86)%\latalib\is-v6akt.tmp to %ProgramFiles(x86)%\latalib\vcruntime140.dll
from %ProgramFiles(x86)%\latalib\is-30kep.tmp to %ProgramFiles(x86)%\latalib\win32api.pyd
from %ProgramFiles(x86)%\latalib\is-smehc.tmp to %ProgramFiles(x86)%\latalib\win32evtlog.pyd
from %ProgramFiles(x86)%\latalib\is-s864j.tmp to %ProgramFiles(x86)%\latalib\win32trace.pyd
from %ProgramFiles(x86)%\latalib\is-l6e3t.tmp to %ProgramFiles(x86)%\latalib\win32wnet.pyd
from %ProgramFiles(x86)%\latalib\is-v0nsl.tmp to %ProgramFiles(x86)%\latalib\_asyncio.pyd
from %ProgramFiles(x86)%\latalib\is-3rifq.tmp to %ProgramFiles(x86)%\latalib\lscol
from %ProgramFiles(x86)%\latalib\is-jnq5m.tmp to %ProgramFiles(x86)%\latalib\_brotli.cp38-win32.pyd
from %ProgramFiles(x86)%\latalib\certifi\is-dlra0.tmp to %ProgramFiles(x86)%\latalib\certifi\cacert.pem
from %ProgramFiles(x86)%\latalib\is-024l2.tmp to %ProgramFiles(x86)%\latalib\_bz2.pyd
from %ProgramFiles(x86)%\latalib\is-qisd6.tmp to %ProgramFiles(x86)%\latalib\_ctypes.pyd
from %ProgramFiles(x86)%\latalib\is-ibbu5.tmp to %ProgramFiles(x86)%\latalib\_decimal.pyd
from %ProgramFiles(x86)%\latalib\is-tttc5.tmp to %ProgramFiles(x86)%\latalib\_elementtree.pyd
from %ProgramFiles(x86)%\latalib\is-gkfgh.tmp to %ProgramFiles(x86)%\latalib\_hashlib.pyd
from %ProgramFiles(x86)%\latalib\is-7coti.tmp to %ProgramFiles(x86)%\latalib\_lzma.pyd
from %ProgramFiles(x86)%\latalib\websockets\is-i0ff9.tmp to %ProgramFiles(x86)%\latalib\websockets\speedups.cp38-win32.pyd
from %ProgramFiles(x86)%\latalib\is-hapj1.tmp to %ProgramFiles(x86)%\latalib\_multiprocessing.pyd
from %ProgramFiles(x86)%\latalib\win32com\shell\is-djhl3.tmp to %ProgramFiles(x86)%\latalib\win32com\shell\shell.pyd
from %ProgramFiles(x86)%\latalib\is-jeflp.tmp to %ProgramFiles(x86)%\latalib\_socket.pyd
from %ProgramFiles(x86)%\latalib\is-brkv2.tmp to %ProgramFiles(x86)%\latalib\_sqlite3.pyd
from %ProgramFiles(x86)%\latalib\is-e4lup.tmp to %ProgramFiles(x86)%\latalib\_ssl.pyd
from %ProgramFiles(x86)%\latalib\is-ef3jh.tmp to %ProgramFiles(x86)%\latalib\_testcapi.pyd
from %ProgramFiles(x86)%\latalib\is-rjrai.tmp to %ProgramFiles(x86)%\latalib\_win32sysloader.pyd
from %ProgramFiles(x86)%\latalib\is-hdngp.tmp to %ProgramFiles(x86)%\latalib\_queue.pyd
from %ProgramFiles(x86)%\latalib\is-26ciu.tmp to %ProgramFiles(x86)%\latalib\latalib.exe

Network activity

Connects to

'mi####njobs.works':80

TCP

HTTP GET requests

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?43######

HTTP POST requests

http://mi####njobs.works/new/net_api

UDP

DNS ASK mi####njobs.works

Miscellaneous

Searches for the following windows

ClassName: 'Tb592d_ll10304Class_Tb592d' WindowName: ''

Creates and executes the following

'%TEMP%\is-oi4b6.tmp\<File name>.tmp' /SL5="$A024C,8498929,68096,<Full path to file>"
'%ProgramFiles(x86)%\latalib\latalib.exe'
'%ProgramFiles(x86)%\latalib\latalib.exe' 3637ebeeb78052d56cf76e09caa80f93

Executes the following

'%WINDIR%\syswow64\schtasks.exe' /Delete /F /TN "LL1030-4"
'%WINDIR%\syswow64\schtasks.exe' /Query

Technologies

Begriffe

Schulung und Training

Mythen

Technical Information

Curing recommendations

Free trial