Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Contacter-nous !
Support 24/24 | Rules regarding submitting

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -

Nous téléphoner

0 825 300 230

Profil

Linux.Packed.967

Added to the Dr.Web virus database: 2020-10-20

Virus description added:

Technical Information

Malicious functions:
Substitutes application name for:
  • QThread
  • QProcessManager
Launches processes:
  • sh -c ps -efww | grep hpsum_service_x86 | grep -v grep | tr -s \" \" | cut -d \ -f 8 > /tmp/browseProc
  • grep hpsum_service_x86
  • tr -s
  • ps -efww
  • grep -v grep
  • cut -d -f 8
  • sh -c ps -efww | grep hpsum_service_x64 | grep -v grep | tr -s \" \" | cut -d \ -f 8 > /tmp/browseProc
  • grep hpsum_service_x64
  • sh -c ps -efww | grep SourceClient | grep -v grep | tr -s \" \" | cut -d \ -f 8 > /tmp/browseProc
  • grep SourceClient
  • sh -c which ip 1>&- 2>&-
  • which ip
  • sh -c echo $PATH
  • sh -c which sed
  • which sed
  • sh -c which rpm
  • which rpm
  • sh -c which bash
  • which bash
  • sh -c which shutdown
  • which shutdown
  • sh -c which gawk
  • which gawk
  • sh -c which grep
  • which grep
  • sh -c which cat
  • which cat
  • sh -c which nohup
  • which nohup
  • sh -c which dirname
  • which dirname
  • sh -c which cut
  • which cut
  • sh -c which ls
  • which ls
  • sh -c which uname
  • which uname
  • sh -c which df
  • which df
  • sh -c which kill
  • which kill
  • sh -c which lsmod
  • which lsmod
  • sh -c which lspci
  • which lspci
  • sh -c which dmidecode
  • which dmidecode
  • sh -c which awk
  • which awk
  • sh -c which ps
  • which ps
Performs operations with the file system:
Modifies file access rights:
  • /tmp/HPSUM/7_6_0_0/hpsum.pdb
  • /tmp/HPSUM/hpsum.ini
  • /tmp/HPSUM/hapi
Creates folders:
  • /tmp/HPSUM
  • /var/hp
  • /var/hp/log
  • /tmp/HPSUM/7_6_0_0
  • /tmp/HPSUM/Recipes
Creates or modifies files:
  • /tmp/browseProc
  • /var/hp/log/hpsum_execution_log_10-20-2020_18-03-15.raw
  • /tmp/HPSUM/engine.log
  • /var/hp/log/RunRecord0_0_0_0
  • /tmp/qipc_systemsem_hpsumsharemembinaryandengineb3a94d2568268853bf4756f6fb3fef3be19a967d
  • /tmp/HPSUM/audit.log
  • /tmp/HPSUM/7_6_0_0/hpsum.pdb
  • /tmp/HPSUM/7_6_0_0/hpsum.pdb-journal
  • /tmp/HPSUM/7_6_0_0/hpsum.pdb-wal
  • /tmp/HPSUM/7_6_0_0/hpsum.pdb-shm
  • /var/tmp/etilqs_AtsTzEahPrPAnt3
  • /var/tmp/etilqs_AtsTzEahPrPAnt3 (deleted)
  • /var/tmp/etilqs_fewsr8ZUGxWwDYR
  • /var/tmp/etilqs_fewsr8ZUGxWwDYR (deleted)
  • /var/tmp/etilqs_7MdCkI7UJjyQ7Cl
  • /var/tmp/etilqs_7MdCkI7UJjyQ7Cl (deleted)
  • /var/tmp/etilqs_9eO9DWP5RJdjlFJ
  • /var/tmp/etilqs_9eO9DWP5RJdjlFJ (deleted)
  • /var/tmp/etilqs_4nzBanRSTrZgM9Z
  • /var/tmp/etilqs_4nzBanRSTrZgM9Z (deleted)
  • /var/tmp/etilqs_8H6mnWqCRQCVgBe
  • /var/tmp/etilqs_8H6mnWqCRQCVgBe (deleted)
  • /var/tmp/etilqs_pW0LsbjuzPvfgSA
  • /var/tmp/etilqs_pW0LsbjuzPvfgSA (deleted)
  • /var/tmp/etilqs_2z1jyrKw8veQPMK
  • /var/tmp/etilqs_2z1jyrKw8veQPMK (deleted)
  • /var/tmp/etilqs_yFnuoB8UMR3H031
  • /var/tmp/etilqs_yFnuoB8UMR3H031 (deleted)
  • /var/tmp/etilqs_OYi4BBI6Ry65ThH
  • /var/tmp/etilqs_OYi4BBI6Ry65ThH (deleted)
  • /var/tmp/etilqs_s69xVySvvB5HXQH
  • /var/tmp/etilqs_s69xVySvvB5HXQH (deleted)
  • /tmp/HPSUM/database.log
  • /tmp/HPSUM/hpsum.ini.MTJ683
  • /tmp/HPSUM/hpsum.ini
  • /tmp/HPSUM/qt_temp.LhX683
  • /tmp/HPSUM/ftpserverIPv4.log
  • /tmp/HPSUM/ftpserverIPv6.log
  • /var/hp/log/hpsum_execution_log_10-20-2020_18-03-44.log
Deletes files:
  • /tmp/browseProc
  • /tmp/HPSUM/7_6_0_0/hpsum.pdb-wal
  • /tmp/HPSUM/7_6_0_0/hpsum.pdb-journal
  • /var/tmp/etilqs_AtsTzEahPrPAnt3
  • /var/tmp/etilqs_fewsr8ZUGxWwDYR
  • /var/tmp/etilqs_7MdCkI7UJjyQ7Cl
  • /var/tmp/etilqs_9eO9DWP5RJdjlFJ
  • /var/tmp/etilqs_4nzBanRSTrZgM9Z
  • /var/tmp/etilqs_8H6mnWqCRQCVgBe
  • /var/tmp/etilqs_pW0LsbjuzPvfgSA
  • /var/tmp/etilqs_2z1jyrKw8veQPMK
  • /var/tmp/etilqs_yFnuoB8UMR3H031
  • /var/tmp/etilqs_OYi4BBI6Ry65ThH
  • /var/tmp/etilqs_s69xVySvvB5HXQH
  • /tmp/HPSUM/hpsum.ini.MTJ683
  • /tmp/HPSUM/hapi
  • /var/hp/log/RunRecord0_0_0_0
  • /tmp/HPSUM/7_6_0_0/hpsum.pdb-shm
  • /tmp/qipc_systemsem_hpsumsharemembinaryandengineb3a94d2568268853bf4756f6fb3fef3be19a967d
Other:
Collects CPU information
Collects RAM information
Collects information about network activity

Recommandations pour le traitement


Linux

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

Pour 1 mois (sans enregistrement) ou 3 mois (avec enregistrement et remise pour le renouvellement)

Télécharger Dr.Web

Par le numéro de série