[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to virus>' = '<Full path to virus>:*:Enabled:ipsec'
To complicate detection of its presence in the operating system,
forces the system hide from view:
hidden files
blocks the following features:
User Account Control (UAC)
Windows Security Center
Injects code into
the following system processes:
<SYSTEM32>\cmd.exe
<SYSTEM32>\cscript.exe
%WINDIR%\Explorer.EXE
<SYSTEM32>\ctfmon.exe
a large number of user processes.
Modifies file system :
Creates the following files:
%TEMP%\dslotv.exe
%TEMP%\winndjv.exe
%TEMP%\mimcay.exe
%TEMP%\winkbms.exe
%TEMP%\rluyd.exe
%TEMP%\winyvsne.exe
C:\autorun.inf
C:\twruf.exe
%TEMP%\windbqtl.exe
%TEMP%\windkftnl.exe
%TEMP%\winvnjuts.exe
%TEMP%\winkcegs.exe
%TEMP%\nwlukn.exe
%TEMP%\winnworl.exe
<DRIVERS>\gtmkv.sys
%TEMP%\jdcdj.exe
Sets the 'hidden' attribute to the following files:
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\drdwhh.exe
C:\autorun.inf
C:\twruf.exe
Deletes the following files:
%TEMP%\mimcay.exe
%TEMP%\windbqtl.exe
%TEMP%\winnworl.exe
%TEMP%\winndjv.exe
%TEMP%\dslotv.exe
%TEMP%\winkbms.exe
%TEMP%\windkftnl.exe
%TEMP%\winkcegs.exe
%TEMP%\winvnjuts.exe
%TEMP%\nwlukn.exe
%TEMP%\jdcdj.exe
<DRIVERS>\gtmkv.sys
Network activity:
Connects to:
'46.##5.103.219':80
'pa###p.com.ds':80
TCP:
HTTP GET requests:
46.##5.103.219/sobakavolos.gif?76###########
pa###p.com.ds/sobaka1.gif?75###########
UDP:
DNS ASK pa###p.com.ds
'85.##4.47.139':6953
'94.##6.162.132':4294
'1.###.138.163':5141
'12#.#7.76.102':6740
'17#.#23.133.97':5905
'49.##7.184.0':6260
'92.##.214.217':6822
'18#.#4.11.190':4477
'11#.#63.246.13':7456
'86.##5.92.172':5020
'84.##2.248.226':5610
'18#.#21.232.187':8030
'95.#6.12.9':6910
'19#.#01.193.50':6580
'12#.#69.199.186':6822
'1.##.99.246':6882
'20#.#11.244.180':6590
'13#.#92.28.175':5415
'11#.#3.209.170':5620
'27.#.56.158':5506
'59.##2.90.21':6274
'77.##.226.48':5951
'41.##7.220.211':6228
'20#.#62.6.154':6228
'89.##.28.145':4505
'12#.#36.66.77':4996
'21#.#0.10.187':6704
'20#.#82.70.74':4804
'17#.#13.58.84':5141
'11#.#3.252.34':8032
'20#.#1.24.61':5164
'77.##.227.26':4343
'22#.#01.152.222':8116
'58.##6.123.77':6065
'37.##7.2.104':4579
'12#.#9.102.88':5610
'89.##3.156.128':5380
'60.##9.33.106':5405
'18#.#12.137.85':5240
'89.##.239.206':6260
'10#.#47.103.136':4539
'49.##4.215.233':4900
'11#.#48.25.156':6442
'20#.#77.156.229':4343
'13#.#49.11.228':5415
'5.##.197.254':5300
'41.##1.233.51':6636
'12#.#9.102.85':7620
'18#.#9.62.194':5540
'77.##.236.110':6856
'18#.#.71.138':7866
'20#.#03.240.250':6208
'13#.#92.25.106':5372
'10#.51.97.0':6028
'18#.#0.223.47':8091
'64.##4.98.137':4310
'89.#3.14.40':3412
'62.##8.71.162':6650
'17#.#31.254.183':9674
'20#.#77.39.91':5951
'27.#1.3.116':5884
'10#.#1.97.244':5415
'13#.#92.86.188':7990
'18#.#54.203.57':6130
'13#.#95.4.109':7220
'11#.#90.240.60':6964
'89.##.41.228':4375
'86.##2.110.65':6065
'19#.#55.50.162':7379
'1.#.1.139':6228
'20#.#04.237.224':4936
'11#.#63.246.18':5210
'12#.9.38.86':9674
'17#.#3.201.155':6028
'11#.#41.191.207':7866
'86.##1.133.253':6420
'18#.#36.212.118':7360
'12#.#75.36.168':7948
'18#.224.9.8':5218
'20#.#23.217.36':11010
'87.##1.31.79':5107
'19#.#6.127.169':5805
'20#.#08.96.135':6166
'31.##.224.38':5740
'11#.#4.91.21':4510
'46.##4.146.172':7538
'91.##4.82.107':9674
'85.##6.62.109':6704
'92.##.84.109':1473
'20#.#0.57.62':5517
'24#.#2.113.228':5517
'83.##.19.124':5517
'86.##3.176.84':5517
'10#.#2.38.78':5517
'85.#5.85.85':5517
'48.#.73.23':5517
'37.##.182.68':5517
'16#.#.101.249':5517
'21#.#0.126.141':5630
'20#.#5.100.171':6820
'92.##.84.199':1473
'94.##.206.19':1473
'18#.#8.58.176':8040
'89.##9.236.171':5517
'77.##2.85.173':4956
'81.##0.94.112':6724
'62.##.100.157':4516
'17#.#9.91.121':6455
'12#.#3.168.139':3510
'11#.#2.184.146':5029
'94.##6.132.230':7140
'46.##.110.15':4544
'18#.#.157.35':7866
'15#.#37.116.11':4492
'19#.#7.247.164':6511
'86.##1.161.117':6535
'18#.#2.158.25':7866
'20#.#2.176.224':5140
'89.#7.63.12':6688
'20#.#3.53.194':7866
'18#.#08.176.7':6130
'13#.#95.76.180':5650
'12#.#38.178.189':4510
'12#.#38.180.155':6286
'19#.#75.86.5':6420
'20#.#08.197.227':6718
'16#.#00.94.217':5616
'20#.#13.137.232':8020
'89.##.169.72':4180
'21#.#04.207.164':5888
'18#.#2.132.131':6820
'20#.#60.55.45':4660
'12#.#36.245.204':8030
'13#.#.185.117':5421
'19#.#04.209.39':9674
'79.##9.230.17':6228
'19#.#99.205.131':4343
'13#.#.124.237':6390
'20#.#2.112.130':5176
'17#.80.7.21':5044
'17#.#56.160.186':5415
Miscellaneous:
Searches for the following windows:
ClassName: 'Shell_TrayWnd' WindowName: '(null)'
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni