Trojan.MulDrop36.5856

Technical Information

To ensure autorun and distribution

Creates or modifies the following files

<SYSTEM32>\tasks\c__fkrq_<File name>.exe

Modifies file system

Creates the following files

%TEMP%\670bd92\startallback.msi
%TEMP%\shi6273.tmp
%TEMP%\msi62f1.tmp
%TEMP%\msi6506.tmp
%TEMP%\msi65e1.tmp
%TEMP%\msi6631.tmp
%TEMP%\ai_extui_bin_3172\dialog.jpg
%TEMP%\ai_extui_bin_3172\completi
%TEMP%\ai_extui_bin_3172\custicon
%TEMP%\ai_extui_bin_3172\exclamic
%TEMP%\ai_extui_bin_3172\info
%TEMP%\ai_extui_bin_3172\insticon
%TEMP%\ai_extui_bin_3172\removico
%TEMP%\ai_extui_bin_3172\repairic
%TEMP%\ai_extui_bin_3172\up
%TEMP%\ai_extui_bin_3172\new
%TEMP%\ai_extui_bin_3172\banner.jpg
%TEMP%\ai_extui_bin_3172\tabback
%TEMP%\ai_extui_bin_3172\cmdlinkarrow
%TEMP%\ai_extui_bin_3172\dialog.scale125.jpg
%TEMP%\ai_extui_bin_3172\banner.svg
%TEMP%\ai_extui_bin_3172\lzmaextractor.dll
%TEMP%\ai_extui_bin_3172\dialog.svg
%TEMP%\ai_extui_bin_3172\banner.scale125.jpg
%TEMP%\ai_extui_bin_3172\banner.scale150.jpg
%TEMP%\ai_extui_bin_3172\banner.scale200.jpg
%TEMP%\ai_extui_bin_3172\dialog.scale150.jpg
%TEMP%\ai_extui_bin_3172\dialog.scale200.jpg
%TEMP%\msi672c.tmp
%TEMP%\startallback\task-kill batch file.bat
%TEMP%\startallback\startallback_3.x_patch.exe
%TEMP%\startallback\s.exe
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.hideselected.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.hideselected.svg
%TEMP%\sibsfx.d743dbf0\orbs\clover.svg
%TEMP%\sibsfx.d743dbf0\orbs\e1evenorb-pr.png
%TEMP%\sibsfx.d743dbf0\orbs\w8logo.svg
%TEMP%\sibsfx.d743dbf0\orbs\windows 7.orb
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\accessmedia.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\easyaccess.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.addremoveprograms.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.computer.manage.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.copytomenu.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.folderoptions.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.help.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.layout.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.movetomenu.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.multiverb.cmd.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.multiverb.cmdpromptasadministrator.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.open.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.opencontrolpanel.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.pastelink.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.removeproperties.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.ribbonpermissionsdialog.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.shareprivate.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.slideshow.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.systemproperties.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-dark\windows.troubleshoot.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\accessmedia.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\easyaccess.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.addremoveprograms.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.computer.manage.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.copytomenu.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.edit.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.email.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.folderoptions.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.help.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.layout.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.movetomenu.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.multiverb.cmd.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.multiverb.cmdpromptasadministrator.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.open.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.opencontrolpanel.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.pastelink.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.removeproperties.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.ribbonpermissionsdialog.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.shareprivate.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.slideshow.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.systemproperties.svg
%TEMP%\sibsfx.d743dbf0\ribbon\theme-light\windows.troubleshoot.svg
%TEMP%\sibsfx.d743dbf0\styles\plain8.msstyles
%TEMP%\sibsfx.d743dbf0\styles\windows 7.msstyles
%TEMP%\sibsfx.d743dbf0\darkmagica64.dll
%TEMP%\sibsfx.d743dbf0\darkmagicloadera64.exe
%TEMP%\sibsfx.d743dbf0\darkmagicloaderx64.exe
%TEMP%\sibsfx.d743dbf0\darkmagicloaderx86.exe
%TEMP%\sibsfx.d743dbf0\darkmagicx64.dll
%TEMP%\sibsfx.d743dbf0\darkmagicx86.dll
%TEMP%\sibsfx.d743dbf0\startallbacka64.dll
%TEMP%\sibsfx.d743dbf0\startallbackcfg.exe
%TEMP%\sibsfx.d743dbf0\startallbackloadera64.dll
%TEMP%\sibsfx.d743dbf0\startallbackloaderx64.dll
%TEMP%\sibsfx.d743dbf0\startallbackx64.dll
%TEMP%\sibsfx.d743dbf0\updatecheck.exe

Deletes following files that it created itself

%TEMP%\shi6273.tmp
%TEMP%\msi62f1.tmp
%TEMP%\msi6506.tmp
%TEMP%\msi65e1.tmp
%TEMP%\msi6631.tmp
%TEMP%\msi672c.tmp
<SYSTEM32>\tasks\c__fkrq_<File name>.exe

Miscellaneous

Searches for the following windows

ClassName: 'msctls_progress32' WindowName: ''
ClassName: 'TrayWindow' WindowName: 'TranslucentTB'

Creates and executes the following

'%TEMP%\startallback\s.exe' /S
'%TEMP%\sibsfx.d743dbf0\startallbackcfg.exe' /install /S

Executes the following

'%TEMP%\sibsfx.d743dbf0\startallbackcfg.exe' /install /S' (with hidden window)

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial