Trojan.DownLoader33.20378

Technical Information

Malicious functions

Executes the following

'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Google Chrome.exe" "Google Chrome.exe" ENABLE

Modifies file system

Creates the following files

%TEMP%\google chrome.exe
%LOCALAPPDATA%\temp:{70007900-6d00-6d00-3400-4a0071004500}
%TEMP%\hsperfdata_user\2472
%TEMP%\logs\032320.log
%TEMP%\tools\zipalign.exe
%TEMP%\tools\testkey.x509.pem
%TEMP%\tools\testkey.pk8
%TEMP%\tools\smali.jar
%TEMP%\tools\signapk.jar
%TEMP%\tools\roptipng.exe
%TEMP%\tools\baksmali.jar
%TEMP%\tools\apktool2.0.0b9.jar
%TEMP%\tools\apktool1.5.2.jar
%TEMP%\tools\adbwinusbapi.dll
%TEMP%\tools\adbwinapi.dll
%TEMP%\tools\adb.exe
%TEMP%\tools\aapt.exe
%TEMP%\tools\7za.exe
%TEMP%\20110911\tools.zip
%TEMP%\20110911\list.txt
%TEMP%\20110911\7za.exe
%TEMP%\apk tools.exe
%LOCALAPPDATA%\temp:{4a007100-5100-6a00-4e00-6e0054005900}
%PROGRAMDATA%\isolated storage\{4a007100-5100-6a00-4e00-6e0054005900}

Deletes the following files

%TEMP%\20110911\7za.exe
%TEMP%\20110911\list.txt
%TEMP%\20110911\tools.zip

Network activity

TCP

'al####i.myq-see.com':5577

UDP

DNS ASK al####i.myq-see.com

Miscellaneous

Searches for the following windows

ClassName: 'AutoHotkey' WindowName: '%TEMP%\APK Tools.exe'
ClassName: '#32771' WindowName: ''

Creates and executes the following

'%TEMP%\google chrome.exe'
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip zipalign.exe
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip roptipng.exe
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip testkey.pk8
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip baksmali.jar
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip testkey.x509.pem
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip apktool1.5.2.jar
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip smali.jar
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip apktool2.0.0b9.jar
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip AdbWinUsbApi.dll
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip adb.exe
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip Frameworks
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip 7za.exe
'%TEMP%\apk tools.exe'
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip AdbWinApi.dll
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip signapk.jar
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip aapt.exe
'%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\Google Chrome.exe" "Google Chrome.exe" ENABLE' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip signapk.jar' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip testkey.x509.pem' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip testkey.pk8' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip Frameworks' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip smali.jar' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip baksmali.jar' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip zipalign.exe' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip apktool2.0.0b9.jar' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip apktool1.5.2.jar' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip AdbWinUsbApi.dll' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip AdbWinApi.dll' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip adb.exe' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip aapt.exe' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip 7za.exe' (with hidden window)
'%TEMP%\20110911\7za.exe' x -otools %TEMP%\20110911\tools.zip roptipng.exe' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /C java -version' (with hidden window)
'%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\tools\adb.exe" version' (with hidden window)

Executes the following

'%WINDIR%\syswow64\cmd.exe' /C java -version
'%WINDIR%\syswow64\cmd.exe' /C "%TEMP%\tools\adb.exe" version
'%TEMP%\tools\adb.exe' version

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial