Date discovered:29/12/2012
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:No
File size:204.712 Bytes
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky: Trojan-Dropper.Win32.Injector.gvlp
   •  Sophos: Troj/Zbot-DHN
   •  Bitdefender: Trojan.Agent.AXSY
   •  Avast: Win32:Trojan-gen
   •  Microsoft: Trojan:Win32/Meredrop
   •  Grisoft: Dropper.Generic7.AEHP
   •  Eset: Win32/Kryptik.ARIS
   •  Sunbelt: Trojan.Win32.Generic!BT
   •  GData: Trojan.Agent.AXSY
   •  Norman: Trojan W32/Reveton.AN

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Can be used to modify system settings that allow or augment potential malware behaviour.
   • Registry modification

 Files The following file is created:

– Non malicious file:
   • %ALLUSERSPROFILE%\Anwendungsdaten\dsgsdgdsgdsgw_%random numbers%.pad

 Registry The following registry keys are changed:

– HKLM\SYSTEM\ControlSet001\Services\winmgmt\Parameters
   Old value:
   • "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
   New value:
   • "ServiceDll"="%malware execution directory%\%malware dll%"

– HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters
   Old value:
   • "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
   New value:
   • "ServiceDll"="%malware execution directory%\%malware dll%"

 Miscellaneous Trusted file pretending:
Its process pretends to be the following trusted process: nslookup.exe

説明の挿入者 Martin Muench の 2012年12月30日日曜日
説明の更新者 Martin Muench の 2012年12月30日日曜日

戻る . . . .