FÜR NUTZER

Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche

Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Alle: -
Offen: -
Letzte Anfrage: -

Rufen Sie uns an

+7 (495) 789-45-86

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

Sign in to Dr.Web vxCube

Analyse von virenabhängigen Vorfällen

Virenbibliothek

Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

Mythen über Virenschutzsoftware

Win32.HLLW.Autoruner2.2252

Added to the Dr.Web virus database: 2014-01-19

Virus description added: 2014-01-21

Technical Information

Malicious functions:

To bypass firewall, removes or modifies the following registry keys:

[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\System32.exe' = '%TEMP%\System32.exe:*:Enabled:System32.exe'

Creates and executes the following:

'%TEMP%\System32.exe'

Executes the following:

'<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\System32.exe" "System32.exe" ENABLE

Modifies file system :

Creates the following files:

%WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
%WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
%TEMP%\System32.exe

Moves the following files:

from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
from %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new to %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch

Network activity:

Connects to:

'vo#####dragon.no-ip.biz':1177

UDP:

DNS ASK vo#####dragon.no-ip.biz