Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Date discovered:23/03/2010
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:42.050 Bytes
MD5 checksum:63c25b44951de483ad5b566c8c89be2c
VDF version:
IVDF version: - Tuesday, March 23, 2010

 General Aliases:
   •  Kaspersky: Backdoor.Win32.IRCBot.suz
   •  F-Secure: Backdoor.Win32.IRCBot.suz
   •  Bitdefender: Trojan.Generic.5905157
     GData: Trojan.Generic.5905157
     DrWeb: Trojan.Packed.21565

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Third party control
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following location:
   • %recycle bin%\R-1-5-21-1482476501-1644491937-682003330-1013\vcleaner.exe

The following file is created:

%recycle bin%\R-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

 Registry The following registry key is added in order to run the process after reboot:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   • "Taskman"="%recycle bin%\R-1-5-21-1482476501-1644491937-682003330-1013\vcleaner.exe"

 IRC To deliver system information and to provide remote control it connects to the following IRC Server:

Server: hubs.ish**********.com
Port: 1110

 Injection It injects itself as a remote thread into a process.

    Process name:
   • explorer.exe

 Miscellaneous Mutex:
It creates the following Mutex:
   • fsmgr

 File details Programming language:
The malware program was written in MS Visual C++.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description insérée par Petre Galan le vendredi 3 juin 2011
Description mise à jour par Petre Galan le vendredi 3 juin 2011

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.