Date discovered:03/07/2013
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  AVG: Startpage.TQC
   •  Eset: Win32/Vittalia.C
   •  DrWeb: Adware.Downware.744

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Registry modification

Right after execution the following information is displayed:

 Files The following files are created:

– Temporary files that might be deleted afterwards:
   • %HOME%\Application Data\temp\c12afondo.bmp.zip
   • %HOME%\Local Settings\Application Data\temp\c12aheader.bmp.zip

– %HOME%\Local Settings\Application Data\temp\2.txt
– %HOME%\Local Settings\Application Data\temp\c12aInstaller.exe Furthermore it gets executed after it was fully created.
– %HOME%\Local Settings\Application Data\temp\c12aInstaller.INI Furthermore it gets executed after it was fully created.

 Registry The following registry keys are added:

– [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control]
   • "ActiveService"="TapiSrv"

– [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control]
   • "ActiveService"="RasMan"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • **********stcp.ddbbvt.eu
   • media.comes**********.com
   • d.ad**********.com
   • pf.**********vit.com
   • media.ea**********.com
   • srv15.mars**********.com

説明の挿入者 Wensin Lee の 2013年7月5日金曜日
説明の更新者 Wensin Lee の 2013年7月5日金曜日

戻る . . . .