La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Win32.HLLW.Bice.38

Aggiunto al database dei virus Dr.Web: 2016-11-10

La descrizione è stata aggiunta:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'Explorer.exe <SYSTEM32>\blackice.exe'
  • [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'run' = '<SYSTEM32>\blackice.exe'
Malicious functions:
Injects code into
the following system processes:
  • %WINDIR%\Explorer.EXE
Terminates or attempts to terminate
the following user processes:
  • NAVAPW32.EXE
  • nod32.exe
  • ccapp.exe
  • AVP.EXE
  • 360tray.exe
  • ashAvast.exe
  • AVP.COM
Modifies file system:
Creates the following files:
  • <SYSTEM32>\blackice.ini
  • <SYSTEM32>\kernel.dll
  • <SYSTEM32>\blackice.exe
Sets the 'hidden' attribute to the following files:
  • <SYSTEM32>\blackice.exe
Deletes the following files:
  • <SYSTEM32>\blackice.ini
Network activity:
Connects to:
  • 'fm###d.zj.com':80
TCP:
HTTP GET requests:
  • http://fm###d.zj.com/blackice3/url.txt
UDP:
  • DNS ASK fm###d.zj.com