Trojan.MulDrop28.37046

Technical Information

To ensure autorun and distribution

Sets the following service settings

[HKLM\System\CurrentControlSet\Services\EC SyncPlayer 11.4.47] 'Start' = '00000002'
[HKLM\System\CurrentControlSet\Services\EC SyncPlayer 11.4.47] 'ImagePath' = '%ALLUSERSPROFILE%\EC SyncPlayer 11.4.47\EC SyncPlayer 11.4.47.exe'

Creates the following services

'EC SyncPlayer 11.4.47' %ALLUSERSPROFILE%\EC SyncPlayer 11.4.47\EC SyncPlayer 11.4.47.exe

Modifies file system

Creates the following files

%TEMP%\is-n0aon.tmp\<File name>.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-iq61q.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-j8kdn.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-4m9c5.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-4en8g.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-lo0p0.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-ljbci.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-r5t0h.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-cja3f.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-psdhv.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-ur5hv.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-o2apd.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-aq7p5.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-f4hib.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-f7l97.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-04kp2.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-68ub9.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-e8e13.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-k1eb1.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\syncplayer32.exe
%LOCALAPPDATA%\syncplayer 2.7.3\is-kvh78.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\unins000.dat
%LOCALAPPDATA%\syncplayer 2.7.3\is-ql34e.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-27nja.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-ooluu.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-a78kt.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-5a9f5.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-j6t6r.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-f588v.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-bunuk.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-fukk5.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-h4ofl.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-lho5p.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-65ap2.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-2s3qp.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-suqrv.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-r0utl.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-mt1u2.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-j4iu7.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-gsbhi.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-3bqp3.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-4na7u.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.windows.common-controls\is-mnro5.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-0ssp1.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-qfhts.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-3mib9.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-gprj1.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-97lvq.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-qbss2.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\is-hb14k.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\is-ai88v.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\is-dv1lj.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\is-oufhj.tmp
%TEMP%\is-kqjoe.tmp\_isetup\_iscrypt.dll
%TEMP%\is-kqjoe.tmp\_isetup\_shfoldr.dll
%TEMP%\is-kqjoe.tmp\_isetup\_setup64.tmp
%TEMP%\is-kqjoe.tmp\_isetup\_regdll.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\is-qbd61.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-p433m.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-a7h9j.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-v46vn.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-l2a57.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-1ohu7.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-9gm9l.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-fbi9d.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-6acbd.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-ns4me.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-pboj3.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-uh35n.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-56ejs.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-61clg.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-5lgka.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-97p6a.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-i83qc.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-frpak.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-5oj3h.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-bckhv.tmp
%LOCALAPPDATA%\syncplayer 2.7.3\language\is-okkr1.tmp
%ALLUSERSPROFILE%\ec syncplayer 11.4.47\ec syncplayer 11.4.47.exe

Deletes the following files

%LOCALAPPDATA%\syncplayer 2.7.3\verify.dll

Moves the following files

from %LOCALAPPDATA%\syncplayer 2.7.3\is-oufhj.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\unins000.exe
from %LOCALAPPDATA%\syncplayer 2.7.3\is-4m9c5.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\postproc-51.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-4en8g.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\encodesettings.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\is-lo0p0.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\intelhw.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-ljbci.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\nvencoderkernel.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-r5t0h.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\cudaencoderkernel.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-iq61q.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\recwin7.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-psdhv.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\capture.wav
from %LOCALAPPDATA%\syncplayer 2.7.3\is-ur5hv.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\avutil-52.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-o2apd.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\avformat.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\is-aq7p5.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\postproc-52.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-f4hib.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\avdevice-55.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-f7l97.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\audioresample.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-04kp2.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\bitmap2avi.dll.intermediate.manifest
from %LOCALAPPDATA%\syncplayer 2.7.3\is-e8e13.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\camcapture.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-pboj3.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\waverec_russian.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\is-cja3f.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\screenhook.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-a78kt.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\istask.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-5a9f5.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\apngdecoder.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-j6t6r.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\servicectrl.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-bunuk.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\installhelp.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-k1eb1.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\ve64.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-fukk5.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\ve32.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-68ub9.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\pthreadvc2.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-j8kdn.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\pthreadgc2.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-65ap2.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\xvidcore.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-2s3qp.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\waverec.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\is-suqrv.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\waverec.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-r0utl.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\utlis.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-kvh78.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\textdlg.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-j4iu7.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\swscale-2.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-lho5p.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\magicskin.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-mt1u2.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\swresample-0.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-f588v.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\autosettings_spanish.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-gsbhi.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\autosettings_russian.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-uh35n.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\autosettings_portugues.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-3mib9.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\mfcm90.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\is-dv1lj.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\microsoft.vc90.crt.manifest
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\is-ai88v.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\msvcm90.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\is-qbd61.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\msvcp90.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\is-hb14k.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.crt\msvcr90.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-97lvq.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\mfc90.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-27nja.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\gsdownload.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-gprj1.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\mfc90u.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-v46vn.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\italian.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-0ssp1.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\microsoft.vc90.mfc.manifest
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.windows.common-controls\is-mnro5.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.windows.common-controls\comctl32.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-4na7u.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\chinese(traditional).ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-qbss2.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\english.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-okkr1.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\frence.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\is-qfhts.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\microsoft.vc90.mfc\mfcm90u.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\is-h4ofl.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\verify.dll
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-bckhv.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\portugues.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-i83qc.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\waverec_chinese(traditional).ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-5oj3h.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\russian.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-a7h9j.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\autosettings_italian.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-l2a57.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\autosettings_japanese.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-1ohu7.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\autosettings_frence.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-9gm9l.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\autosettings_english.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-fbi9d.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\autosettings_chinese(traditional).ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-frpak.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\spanish.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-6acbd.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\index.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-3bqp3.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\japanese.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-56ejs.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\waverec_portugues.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-p433m.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\waverec_italian.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-61clg.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\waverec_japanese.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-5lgka.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\waverec_frence.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-97p6a.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\waverec_english.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\language\is-ns4me.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\language\waverec_spanish.ini
from %LOCALAPPDATA%\syncplayer 2.7.3\is-ql34e.tmp to %LOCALAPPDATA%\syncplayer 2.7.3\syncplayer32.exe

Substitutes the following files

%LOCALAPPDATA%\syncplayer 2.7.3\verify.dll

Miscellaneous

Searches for the following windows

ClassName: 'n5700d_spBom_1142_n5700d' WindowName: ''

Creates and executes the following

'%TEMP%\is-n0aon.tmp\<File name>.tmp' /SL5="$5024C,5866883,54272,<Full path to file>"
'%LOCALAPPDATA%\syncplayer 2.7.3\syncplayer32.exe' -i

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial