Win32.HLLW.Autoruner2.23919

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'

Malicious functions:

Executes the following:

'<SYSTEM32>\svchost.exe'

Injects code into

the following system processes:

<SYSTEM32>\svchost.exe

Modifies file system:

Creates the following files:

%HOMEPATH%\aegvvp.exe

Sets the 'hidden' attribute to the following files:

%HOMEPATH%\aegvvp.exe

Network activity:

UDP:

DNS ASK mu###.###tal-protection.net.ru
DNS ASK sl###.##fehousenumber.com
'mu###.###tal-protection.net.ru':27001
'sl###.##fehousenumber.com':27001

Miscellaneous:

Searches for the following windows:

ClassName: 'Vfguv N' WindowName: 'Kmfl, Mrydub Lcw, Emulh Ubjo'
ClassName: 'Emulh Ubjo, Vfguv N' WindowName: 'Kmfl, Mrydub Lcw'
ClassName: 'Dxopb, Axflb Ixo' WindowName: 'Gxmoa Nxjcc. Saqu'
ClassName: 'Avwnqxpq Svgp. Ene' WindowName: 'Ontvgs Jmfuumy. Fu'
ClassName: 'Nmlcuu Ug' WindowName: 'Cfngbvvs Wiv. V, Aftm'
ClassName: 'Aftm, Nmlcuu Ug' WindowName: 'Cfngbvvs Wiv. V'
ClassName: 'Lfydnc. T' WindowName: 'Rnkjj Ca, Taetc, Yuudrpjo'
ClassName: 'Yuudrpjo, Lfydnc. T' WindowName: 'Rnkjj Ca, Taetc'
ClassName: 'Axflb Ixo' WindowName: 'Gxmoa Nxjcc. Saqu, Dxopb'
ClassName: 'Jixwqd. Nlt' WindowName: 'Wmatllq Vvrcy Hhcs, Gabj'
ClassName: 'Gabj, Jixwqd. Nlt' WindowName: 'Wmatllq Vvrcy Hhcs'
ClassName: 'Bsogiee. Beyafdb' WindowName: 'Bngblbqr Chm, Jlaev'
ClassName: 'Ldhmefkw Dmmxjam' WindowName: 'Ffxjk. Ulsvrmbs'
ClassName: 'Locluf. Igawgvm' WindowName: 'Sdkwib Pfiri Grasc'
ClassName: 'Uanyyqq Quqkx Ur' WindowName: 'Cmqfkceflt. Mcikfuk'
ClassName: 'Bxbwxb Hi. Uyfkdkv' WindowName: 'Ipsoc. Cxpcvbtx Rml'
ClassName: 'Ljtrcab Rkfec Lu' WindowName: 'Exxfxahmee Ongk Fve'
ClassName: 'Mkkkyd Icasjk Lp' WindowName: 'Xacacyvc Wuebqv'
ClassName: 'Xfqbjed' WindowName: 'Vabirqg Vgonhga, Vescdkt'
ClassName: 'Vescdkt, Xfqbjed' WindowName: 'Vabirqg Vgonhga'
ClassName: 'Lurqr Vdy' WindowName: 'Mcsnweehg Bxmjs, Itou'
ClassName: 'Itou, Lurqr Vdy' WindowName: 'Mcsnweehg Bxmjs'
ClassName: 'Ubvklehf Ocbmcth' WindowName: 'Avige Quwukpc B'
ClassName: 'Hyvvful Tpifl. H' WindowName: 'Djlqjb Unkre Toeix'
ClassName: 'Wgx' WindowName: 'Xmqprmkr Qtvt. Rg, Jxddby Mibths'
ClassName: 'Jxddby Mibths, Wgx' WindowName: 'Xmqprmkr Qtvt. Rg'
ClassName: 'Uimdasfk, Mqect' WindowName: 'Ebph, Akytho Hu'
ClassName: 'Fohte Vtxylxjby' WindowName: 'Bpjntsu Grj Ugrft'
ClassName: 'Vllup Dtyx. Kkla' WindowName: 'Tlfhfbkx Uryj, N'
ClassName: 'Qyptgfal Oeg. Cpep' WindowName: 'Yewrgmq Wrafu Ovqol'
ClassName: 'Bctst Tinigmbuq T' WindowName: 'Ono. Uigafcebv T'
ClassName: 'Ixexf Hqrt, Dfw, N' WindowName: 'Uyujso. Amvluai'
ClassName: 'Mqect' WindowName: 'Ebph, Akytho Hu, Uimdasfk'
ClassName: 'Fdokugr Tmjleuf' WindowName: 'Kaqwmg. Plob, Iv'
ClassName: 'N' WindowName: 'Uyujso. Amvluai, Ixexf Hqrt, Dfw'

Technologies

Begriffe

Schulung und Training

Mythen

Technical Information