需要修复电脑?
聘请专家
Virus:TR/Spy.Esdino.A
Date discovered:17/10/2012
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:3767656 Bytes
MD5 checksum:7c8909aecc35fb8587dbf1c2f41372b8
VDF version:7.11.46.122 - Wednesday, October 17, 2012
IVDF version:7.11.46.122 - Wednesday, October 17, 2012

 General Method of propagation:
   • No own spreading routine


Alias:
   •  Norman: Aggressive commersial W32/EoRezo.CNZ


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Opens website in web browser

 Files The following files are created:

– Non malicious file:
   • %appdata%\tuto4pc_br_4\tuto4pc_br_4\1.0\conf.cyl

– Temporary files that might be deleted afterwards:
   • %temp%\mfi3.tmp
   • %temp%\gch4.tmp
   • %temp%\mfi5.tmp
   • %temp%\gch6.tmp

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • upd.al**********00001.com
   • com.sucom**********.com


Checks for an internet connection by contacting the following web site:
   • http://www.edest**********.com.br/?utm_source=P23&utm_medium=banner%2Bor%2Btxt&utm_campaign=P23


Event handler:
It creates the following Event handlers:
   • GetKeyState
   • GetAsyncKeyState
   • CopyFile
   • GetWindowDirectory
   • IsProcessorFeaturePresent
   • CreateProcess
   • CreateFile
   • GetDriveType
   • CreateToolhelp32Snapshot


String:
Furthermore it contains the following strings:
   • MAIL FROM:
   • RCPT TO:
   • HELO
   • USER
   • PASS
   • LIST
   • TYPE
   • SYST
   • REST
   • PASV
   • PORT
   • RETR
   • CONNECT
   • NOTICE
   • PART
   • JOIN
   • MODE
   • JOIN
   • PASS
   • USER
   • QUIT

说明添加者: Wensin Lee 打开 2012年10月18日星期四
说明更新者: Wensin Lee 打开 2012年10月18日星期四

反馈 . . . .
https:// 为了你的安全,此窗口已加密。