Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Virus:TR/Drop.Dapato.daqx.1
Date discovered:24/08/2013
Type:Trojan
Subtype:Dropper
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:116.224 Bytes
MD5 checksum:3ecf858ffd7838e119df1f0fd820e434
VDF version:7.11.98.10 - Saturday, August 24, 2013
IVDF version:7.11.98.10 - Saturday, August 24, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-Dropper.Win32.Dapato.daqx
   •  Sophos: Mal/Generic-S
     Microsoft: Trojan:Win32/Napolar.A
     AVG: Dropper.Generic8.BTRR
   •  Eset: Win32/Agent.VAE trojan
     GData: Trojan.Agent.BAEK
     DrWeb: Trojan.PWS.Panda.4784


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
    Can be used to execute malicious code
   • Downloads a malicious file

 Files It copies itself to the following location:
   • %userprofile%\Start Menu\Programs\Startup\lsass.exe




It tries to download a file:

The location is the following:
   • www4.0**********0.com/2013/08/25/19/5**********.png
It is saved on the local hard drive under: %userprofile%\Application Data\0003CB21.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Crypt.ZPACK.Gen8

 Registry The following registry key is added:

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\
   Winlogon]
   • "ParseAutoexec"="1"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS server is contacted:
   • www.**********25.com/
Accesses internet resources:
   • vcx.a**********k.com/PoM.php
   • www4.0**********0.com/2013/08/25/19/541584649.png

 File details Programming language:
The malware program was written in Delphi.

Description insérée par Soe-liang Tan le lundi 26 août 2013
Description mise à jour par Soe-liang Tan le lundi 26 août 2013

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.