Date discovered:10/05/2013
In the wild:Yes
Reported Infections:Medium to high
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:60.416 Bytes
MD5 checksum:57406B9A1FECEC770EC66A36185A3547
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky: Trojan-Ransom.Win32.Blocker.becg
   •  Microsoft: Trojan:Win32/Bublik.I
   •  Eset: Win32/Kryptik.BAOX

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Drops a malicious file
   • Registry modification

 Files It copies itself to the following location:
   • %HOME%\Application Data\ie_util.exe

 Registry The following registry key is added in order to run the process after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "IExplorer Util"="%HOME%\Application Data\ie_util.exe"

The following registry keys are changed:

Various Explorer settings:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\
   %character string%\OpenWithProgids]
   New value:
   • "%character string%"=hex:

 File details Programming language:
The malware program was written in MS Visual C++.

説明の挿入者 Alexander Bauer の 2013年5月11日土曜日
説明の更新者 Alexander Bauer の 2013年5月11日土曜日

戻る . . . .