27.08.2012, 22:47
Ktoś tam chciał sality
Size: 10036305
Entropy: 7,91
paker
(PEiD) = Nothing found [RAR SFX]*
Win32 GUI
log wykonania
Checked for debuggers
Code injection in process: c:\xx\tachion\defaultbox\drive\c\windows\system32\aa.exe
Created process: C:\Windows\System32\aa.exe,"C:\Windows\System32\aa.exe" ,C:\Windows\System32
Defined Autostart file created: C:\autorun.inf
Defined Autostart file created: D:\autorun.inf
Defined Autostart file created: E:\autorun.inf
Defined Autostart file created: F:\autorun.inf
Defined Autostart file created: H:\autorun.inf
Defined file type created in Windows folder: C:\Windows\System32\aa.exe
Defined file type created: C:\urslgb.exe
Defined file type created: D:\opjugs.pif
Defined file type created: E:\xardhp.pif
Defined file type created: F:\lbkyx.pif
Defined file type created: H:\cffw.pif
Defined file type modified in Windows folder: C:\Windows\SYSTEM.INI
Defined file type modified: C:\AMD\Support\12-6_vista_win7_32_dd_ccc_whql\Packages\Apps\AppEx\AppEx\ABC.exe
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Windows\System32\aa.exe = C:\Windows\System32\aa.exe:*:Enabled:ipsec
Detected backdoor listening on port: 8751
Detected process privilege elevation
Enumerated running processes
Got computer name
Got system default language ID
Got user name information
Hide file from user: C:\autorun.inf
Hide file from user: C:\urslgb.exe
Hide file from user: D:\autorun.inf
Hide file from user: D:\opjugs.pif
Hide file from user: E:\autorun.inf
Hide file from user: E:\xardhp.pif
Hide file from user: F:\autorun.inf
Hide file from user: F:\lbkyx.pif
Hide file from user: H:\autorun.inf
Hide file from user: H:\cffw.pif
zapytania dns
wyłączenie tej sekcji
Security Center settings change: machine\software\microsoft\security center\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\uacdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\updatesdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\uacdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\updatesdisablenotify = 00000001
Show hidden files and folders: user\current\software\microsoft\windows\currentversion\explorer\advanced\hidden = 00000002
[Aby zobaczyć linki, zarejestruj się tutaj]
Treść widoczna jedynie dla zarejestrowanych użytkowników
Entropy: 7,91
[Aby zobaczyć linki, zarejestruj się tutaj]
paker
(PEiD) = Nothing found [RAR SFX]*
Win32 GUI
log wykonania
Checked for debuggers
Code injection in process: c:\xx\tachion\defaultbox\drive\c\windows\system32\aa.exe
Created process: C:\Windows\System32\aa.exe,"C:\Windows\System32\aa.exe" ,C:\Windows\System32
Defined Autostart file created: C:\autorun.inf
Defined Autostart file created: D:\autorun.inf
Defined Autostart file created: E:\autorun.inf
Defined Autostart file created: F:\autorun.inf
Defined Autostart file created: H:\autorun.inf
Defined file type created in Windows folder: C:\Windows\System32\aa.exe
Defined file type created: C:\urslgb.exe
Defined file type created: D:\opjugs.pif
Defined file type created: E:\xardhp.pif
Defined file type created: F:\lbkyx.pif
Defined file type created: H:\cffw.pif
Defined file type modified in Windows folder: C:\Windows\SYSTEM.INI
Defined file type modified: C:\AMD\Support\12-6_vista_win7_32_dd_ccc_whql\Packages\Apps\AppEx\AppEx\ABC.exe
Defined registry AutoStart location created or modified: machine\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Windows\System32\aa.exe = C:\Windows\System32\aa.exe:*:Enabled:ipsec
Detected backdoor listening on port: 8751
Detected process privilege elevation
Enumerated running processes
Got computer name
Got system default language ID
Got user name information
Hide file from user: C:\autorun.inf
Hide file from user: C:\urslgb.exe
Hide file from user: D:\autorun.inf
Hide file from user: D:\opjugs.pif
Hide file from user: E:\autorun.inf
Hide file from user: E:\xardhp.pif
Hide file from user: F:\autorun.inf
Hide file from user: F:\lbkyx.pif
Hide file from user: H:\autorun.inf
Hide file from user: H:\cffw.pif
zapytania dns
wyłączenie tej sekcji
Security Center settings change: machine\software\microsoft\security center\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\antivirusoverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalldisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\firewalloverride = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\uacdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\svc\updatesdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\uacdisablenotify = 00000001
Security Center settings change: machine\software\microsoft\security center\updatesdisablenotify = 00000001
Show hidden files and folders: user\current\software\microsoft\windows\currentversion\explorer\advanced\hidden = 00000002