Date discovered:03/07/2013
In the wild:No
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low
VDF version: - Wednesday, July 3, 2013
IVDF version: - Wednesday, July 3, 2013

 General Method of propagation:
   • No own spreading routine

     AVG: Startpage.TQC
   •  Eset: Win32/Vittalia.C
     DrWeb: Adware.Downware.744

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

Side effects:
   • Registry modification

Right after execution the following information is displayed:

 Files The following files are created:

– Temporary files that might be deleted afterwards:
   • %HOME%\Application Data\temp\c12afondo.bmp.zip
   • %HOME%\Local Settings\Application Data\temp\c12aheader.bmp.zip

%HOME%\Local Settings\Application Data\temp\2.txt
%HOME%\Local Settings\Application Data\temp\c12aInstaller.exe Furthermore it gets executed after it was fully created.
%HOME%\Local Settings\Application Data\temp\c12aInstaller.INI Furthermore it gets executed after it was fully created.

 Registry The following registry keys are added:

   • "ActiveService"="TapiSrv"

   • "ActiveService"="RasMan"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • **********stcp.ddbbvt.eu
   • media.comes**********.com
   • d.ad**********.com
   • pf.**********vit.com
   • media.ea**********.com
   • srv15.mars**********.com

説明の挿入者 Wensin Lee の 2013年7月5日金曜日
説明の更新者 Wensin Lee の 2013年7月5日金曜日

戻る . . . .
https:// このウィンドウは暗号化されています。