DR/Comet.C - Dropper

In alte limbi

Scurta descriere

Descriere completa

Statistici

Nume:	DR/Comet.C
Descoperit pe data de:	04/07/2006
Tip:	Dropper
ITW:	Nu
Numar infectii raportate:	Scazut
Potential de raspandire:	Scazut
Potential de distrugere:	Scazut spre mediu
Fisier static:	Da
Marime:	117.320 Bytes
MD5:	5d4bafc55c27545a1121ffad220408f3
Versiune VDF:	6.35.00.115
Versiune IVDF:	6.35.00.141

General Metoda de raspandire:
   • Nu are rutina proprie de raspandire

Sistem de operare:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Efecte secundare:
   • Creeaza fisiere malware

Imediat dupa lansarea in executie, pe ecran este afisat:

Fisiere Creeaza urmatoarele directoare:
   • %PROGRAM FILES%\Screensavers.com
   • %PROGRAM FILES%\Screensavers.com\Installer
   • %PROGRAM FILES%\Screensavers.com\Installer\bin

Sunt create fisierele:

– %PROGRAM FILES%\Screensavers.com\Installer\bin\ScreensaversInst.dll Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: ADSPY/Comet.c.1.A

– %PROGRAM FILES%\Screensavers.com\Installer\bin\siuninst.exe Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: ADSPY/Comet.M

Registrii sistemului Urmatoarele chei sunt adaugate in registrii sistemului:

– HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\
   ScreensaversInstaller
   • "UninstallString"=""%PROGRAM FILES%\Screensavers.com\Installer\bin\siuninst.exe""
   • "DisplayName"="Screensavers Installer"

– HKCR\Interface\{B64C73D7-459E-4816-91F9-1348F8E36984}\TypeLib
   • "Version"="1.0"
   • "(Default)"="{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}"

– HKCR\Interface\{B64C73D7-459E-4816-91F9-1348F8E36984}\
   ProxyStubClsid32
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– HKCR\Interface\{B64C73D7-459E-4816-91F9-1348F8E36984}\
   ProxyStubClsid
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– HKCR\Interface\{B64C73D7-459E-4816-91F9-1348F8E36984}
   • "(Default)"="IInstaller"

– HKCR\Interface\{883EA659-ED80-46F9-9ED2-83327F67789F}
   • "(Default)"="ISinstaller"

– HKCR\Interface\{760ACA60-79C3-4875-9D19-B14A5B3FEA77}
   • "(Default)"="_ISinstallerEvents"

– HKCR\TypeLib\{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}\1.0\HELPDIR
   • "(Default)"="%PROGRAM FILES%\Screensavers.com\Installer\bin\"

– HKCR\TypeLib\{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}\1.0\0\win32
   • "(Default)"="%PROGRAM FILES%\Screensavers.com\Installer\bin\ScreensaversInst.dll"

– HKCR\TypeLib\{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}\1.0\0
– HKCR\TypeLib\{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}\1.0\FLAGS
   • "(Default)"="0"

– HKCR\TypeLib\{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}\1.0
   • "(Default)"="ScreensaversInstaller 1.0 Type Library"

– HKCR\TypeLib\{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}]
– HKCR\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}\
   Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
– HKCR\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}\
   Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
– HKCR\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}\
   Implemented Categories
– HKCR\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}\TypeLib
   • "(Default)"="{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}"

– HKCR\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}\Programmable
– HKCR\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}\
   VersionIndependentProgID
   • "(Default)"="ScreensaversInstaller.Installer"

– HKCR\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}\ProgID
   • "(Default)"="ScreensaversInstaller.Installer.1"

– HKCR\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}
   • "(Default)"="Installer Class"

– HKCR\ScreensaversInstaller.Installer\CurVer
   • "(Default)"="ScreensaversInstaller.Installer.1"

– HKCR\ScreensaversInstaller.Installer\CLSID
   • "(Default)"="{722D2939-A14A-41A9-9EAC-AB8F4E295819}"

– HKCR\ScreensaversInstaller.Installer
   • "(Default)"="Installer Class"

– HKCR\ScreensaversInstaller.Installer.1\CLSID
   • "(Default)"="{722D2939-A14A-41A9-9EAC-AB8F4E295819}"

– HKCR\ScreensaversInstaller.Installer.1
   • "(Default)"="Installer Class"

– HKCR\CLSID\{88D758A3-D33B-45FD-91E3-67749B4057FA}\
   Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
– HKCR\CLSID\{88D758A3-D33B-45FD-91E3-67749B4057FA}\
   Implemented Categories
– HKCR\CLSID\{88D758A3-D33B-45FD-91E3-67749B4057FA}\TypeLib
   • "(Default)"="{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}"

– HKCR\CLSID\{88D758A3-D33B-45FD-91E3-67749B4057FA}\
   VersionIndependentProgID
   • "(Default)"="ScreensaversInstaller.Sinstaller"

– HKCR\CLSID\{88D758A3-D33B-45FD-91E3-67749B4057FA}\ProgID
   • "(Default)"="ScreensaversInstaller.Sinstaller.1"

– HKCR\CLSID\{88D758A3-D33B-45FD-91E3-67749B4057FA}]
   • "(Default)"="Sinstaller Class"

– HKCR\ScreensaversInstaller.Sinstaller\CurVer
   • "(Default)"="ScreensaversInstaller.Sinstaller.1"

– HKCR\ScreensaversInstaller.Sinstaller\CLSID
   • "(Default)"="{88D758A3-D33B-45FD-91E3-67749B4057FA}"

– HKCR\ScreensaversInstaller.Sinstaller
   • "(Default)"="Sinstaller Class"

– HKCR\ScreensaversInstaller.Sinstaller.1\CLSID
   • "(Default)"="{88D758A3-D33B-45FD-91E3-67749B4057FA}"

– HKCR\ScreensaversInstaller.Sinstaller.1
   • "(Default)"="Sinstaller Class"

– HKCR\Interface\{883EA659-ED80-46F9-9ED2-83327F67789F}\TypeLib
   • "Version"="1.0"
   • "(Default)"="{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}"

– HKCR\Interface\{883EA659-ED80-46F9-9ED2-83327F67789F}\
   ProxyStubClsid32
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– HKCR\Interface\{883EA659-ED80-46F9-9ED2-83327F67789F}\
   ProxyStubClsid
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– HKCR\Interface\{760ACA60-79C3-4875-9D19-B14A5B3FEA77}\TypeLib
   • "Version"="1.0"
   • "(Default)"="{0AB5B0D8-2B74-4C1C-8FA4-E52550B8B45B}"

– HKCR\Interface\{760ACA60-79C3-4875-9D19-B14A5B3FEA77}\
   ProxyStubClsid32
   • "(Default)"="{00020420-0000-0000-C000-000000000046}"

– HKCR\Interface\{760ACA60-79C3-4875-9D19-B14A5B3FEA77}\
   ProxyStubClsid
   • "(Default)"="{00020420-0000-0000-C000-000000000046}"

– HKCR\CLSID\{88D758A3-D33B-45FD-91E3-67749B4057FA}\
   Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
– HKCR\CLSID\{88D758A3-D33B-45FD-91E3-67749B4057FA}\Programmable
– HKCR\CLSID\{722D2939-A14A-41A9-9EAC-AB8F4E295819}\InprocServer32
   • "ThreadingModel"="Apartment"
   • "(Default)"="%PROGRAM FILES%\Screensavers.com\Installer\bin\ScreensaversInst.dll"

– HKCR\CLSID\{88D758A3-D33B-45FD-91E3-67749B4057FA}\InprocServer32
   • "ThreadingModel"="Apartment"
   • "(Default)"="%PROGRAM FILES%\Screensavers.com\Installer\bin\ScreensaversInst.dll"

Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Pentru o descriere scurta click aici.

Descriere introdusa de Marius T. Nicolae la Wed, 02 Aug 2006 11:22 (GMT+1)
Descriere actualizata de Marius T. Nicolae la Tue, 08 Aug 2006 16:01 (GMT+1)

» About Malware
» About Phishing
» Viruses In the Wild

« back