Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Virus:TR/Mediyes.EB.1
Date discovered:24/04/2012
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:289280 Bytes
MD5 checksum:130ca53bb6f270a54cab5db7545b8c50
VDF version:7.11.28.140 - Tuesday, April 24, 2012
IVDF version:7.11.28.140 - Tuesday, April 24, 2012

 General Method of propagation:
   • No own spreading routine


Alias:
   •  Grisoft: Mediyes.A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
    Can be used to execute malicious code
    Can be used to modify system settings that allow or augment potential malware behaviour.

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • http://www.**********.com/u13/**********.html
   • http://blog.**********.com/envoy_0769@yeah/


Event handler:
It creates the following Event handlers:
   • IoCreateSymbolicLink
   • IoDriverObjectType
   • GetAsyncKeyState
   • GetDesktopWindow
   • GetStartupInfoA
   • DeviceIoControl
   • LoadResource
   • LockResource
   • keybd_event
   • mouse_event
   • OpenProcess


String:
Furthermore it contains the following strings:
   • launchcrossfire.exe
   • DosDevices\BackInCKB
   • DosDevices\BackInCMU
   • DosDevices\BackInCKB
   • built by: WinDDK
   • Driver\Mouclass
   • Driver\Kbdclass
   • Driver\i8042prt
   • Driver\Mouhid
   • Driver\Kbdhid
   • crossfire.exe
   • BackInC.sys
   • 360tray.exe
   • qqlogin.exe


Trusted file pretending:
Its process pretends to be the following trusted process: wssl.dll

 File details Programming language:
The malware program was written in MS Visual C++.

Description insérée par Wensin Lee le jeudi 26 avril 2012
Description mise à jour par Wensin Lee le jeudi 26 avril 2012

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.