TR/BitCoinMiner.ME.1

Zusammenfassung

Name

TR/BitCoinMiner.ME.1
Entdeckt am

09.12.2017
VDF Version

7.14.37.152 (2017-12-09 09:16)

Vollständige Beschreibung

Bei der Bezeichnung 'TR' handelt es sich um ein Trojanisches Pferd, dass in der Lage ist, ihre Daten auszuspähen, Ihre Privatsphäre zu verletzen und nicht erwünschte Änderungen am System vornehmen kann.

VDF

7.14.37.152 (2017-12-09 09:16)
Netzwerkaktivität

Array
Prozesse

Array
Dateien
Die folgenden Dateien werden erstellt:
- %TEMPDIR%\cudart32_65.dll
- %WINDIR%\debug\lsmose.exe
Die folgenden Dateien werden geändert:
- %TEMPDIR%\cudart32_65.dll
- %WINDIR%\debug\lsmose.exe
Die folgenden Treiber werden geladen:
- %WINDIR%\Globalization\Sorting\sortdefault.nls
- %TEMPDIR%\%executed_sample%
- \??\C:
- %TEMPDIR%\80EB2F5C
- %TEMPDIR%\cudart32_65.dll
- %WINDIR%\debug\lsmose.exe
Die folgenden Dateien werden ausgeführt:
- %WINDIR%\Globalization\Sorting\sortdefault.nls
- %TEMPDIR%\%executed_sample%
- \??\C:
- %TEMPDIR%\80EB2F5C
- %TEMPDIR%\cudart32_65.dll
- %WINDIR%\debug\lsmose.exe
Registry
Folgende Registryeinträge werden hinzugefügt:
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters ("Hostname": "")
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters ("Domain": "")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableConsoleTracing": "0")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("FileTracingMask": "4294901760")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("ConsoleTracingMask": "4294901760")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("MaxFileSize": "1048576")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("FileDirectory": "%windir%\tracing")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ("DefaultConnectionSettings": "<INVALID POINTER>")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ("DefaultConnectionSettings": "F `Lq #3QO! #3QO!8(8(@e0.` `PH 40]b")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB} ("WpadDecisionReason": "1")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB} ("WpadDecisionTime": "`Lq")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB} ("WpadDecision": "3")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB} ("WpadNetworkName": "Network")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB}
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "`Lq")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "3")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB}\0a-00-27-00-00-00
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB}")
Folgende Registryeinträge werden geändert:
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters ("Hostname": "")
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters ("Domain": "")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableConsoleTracing": "0")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("FileTracingMask": "4294901760")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("ConsoleTracingMask": "4294901760")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("MaxFileSize": "1048576")
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("FileDirectory": "%windir%\tracing")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ("DefaultConnectionSettings": "<INVALID POINTER>")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ("DefaultConnectionSettings": "F `Lq #3QO! #3QO!8(8(@e0.` `PH 40]b")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB} ("WpadDecisionReason": "1")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB} ("WpadDecisionTime": "`Lq")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB} ("WpadDecision": "3")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB} ("WpadNetworkName": "Network")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB}
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "`Lq")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "3")
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad\{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB}\0a-00-27-00-00-00
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{A9C7A8AA-FA05-4B0C-BF08-962D58BC6FFB}")
Alias

Avast: Win32:Malware-gen

Dr. Web: Trojan.BtcMine.1596

ESET: a variant of Win32/Packed.EnigmaProtector.J potentially unwanted application

G Data: Application.BitCoinMiner.XY

Microsoft: Trojan:Win32/Smominru.A

Avira Virenlabor

TR/BitCoinMiner.ME.1