Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Date discovered:24/08/2013
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:116.224 Bytes
MD5 checksum:3ecf858ffd7838e119df1f0fd820e434
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky: Trojan-Dropper.Win32.Dapato.daqx
   •  Sophos: Mal/Generic-S
   •  Microsoft: Trojan:Win32/Napolar.A
   •  AVG: Dropper.Generic8.BTRR
   •  Eset: Win32/Agent.VAE trojan
   •  GData: Trojan.Agent.BAEK
   •  DrWeb: Trojan.PWS.Panda.4784

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Can be used to execute malicious code
   • Downloads a malicious file

 Files It copies itself to the following location:
   • %userprofile%\Start Menu\Programs\Startup\lsass.exe

It tries to download a file:

– The location is the following:
   • www4.0**********0.com/2013/08/25/19/5**********.png
It is saved on the local hard drive under: %userprofile%\Application Data\0003CB21.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Crypt.ZPACK.Gen8

 Registry The following registry key is added:

– [HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\
   • "ParseAutoexec"="1"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS server is contacted:
   • www.**********25.com/
Accesses internet resources:
   • vcx.a**********k.com/PoM.php
   • www4.0**********0.com/2013/08/25/19/541584649.png

 File details Programming language:
The malware program was written in Delphi.

Die Beschreibung wurde erstellt von Soe-liang Tan am Montag, 26. August 2013
Die Beschreibung wurde geändert von Soe-liang Tan am Montag, 26. August 2013

zurück . . . .