Laboratoire antivirus Avira

TR/Dropper.Gen

  • Nom
    TR/Dropper.Gen
  • La date de la découverte
    21 juil. 2016
  • Type
    Malware
  • Impact
    Moyen 
  • Infections signalées
    Moyen 
  • Système d'exploitation
    Windows

Le terme « TR » désigne un cheval de Troie qui est en mesure d’espionner vos données, de porter atteinte à votre vie privée et qui peut effectuer des modifications indésirables sur le système.

Une routine générique de reconnaissance pour reconnaitre les nouvelles fonctions communs familiales des différentes variantes.Cette routine générique de reconnaissance a été développée pour reconnaitre des variantes non connues. Elle va être perfectionne de façon continue.

  • Processus
    • %APPDATA%\Roaming\Images\image.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %executed_sample_name%.exe
  • Fichiers
    Les fichiers suivants sont créés:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %TEMPDIR%\nsgB9CD.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner64.exe
    • %APPDATA%\Roaming\Images\NsGpuCNMiner.exe
    • %APPDATA%\Roaming\Images\Data.bin
    • %APPDATA%\Roaming\Images\pools.txt
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\image.lnk
    • %APPDATA%\Roaming\Images\temp.txt
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    Les fichiers suivants sont modifiés:
    • %temporary_internet_files%\Content.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\Cookies\index.dat
    • %APPDATA%\Local\Microsoft\Windows\History\History.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\IETldCache\index.dat
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    Les fichiers suivants sont supprimés:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Images\temp.txt
    • %APPDATA%\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    Les duplications suivantes sont créées:
    • %APPDATA%\Roaming\Images\image.exe
    • C:\images.scr
    • E:\images.scr
    Les pilotes suivants sont chargés:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
    Les fichiers suivants sont exécutés:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
  • Registre
    Les entrées de registre suivantes sont ajoutées:
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34}\00-23-7d-29-a4-a9
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    Les entrées de registre suivantes sont modifiées:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    Les valeurs des clés de registre suivantes sont supprimées:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
  • Alias
    Avast: Win32:Malware-gen
    Dr. Web: Trojan.BtcMine.688
    ESET: NSIS/CoinMiner.P trojan
    G Data: Trojan.AgentWDCR.ERF
    Kaspersky Lab: HEUR:Trojan.NSIS.BitMin.gen
    Microsoft: Trojan:Win32/CoinMiner!bit

Aidez-nous à rendre le Web plus sûr en nous envoyant les fichiers/URL suspect(e)s pour analyse.

Envoyer votre fichier/URL ou Aller à Avira Answers

Pourquoi nous envoyer un fichier suspect ?

Si vous avez trouvé un fichier ou un site Internet suspect qui ne figure pas dans notre base de données, nous l'analyserons pour déterminer s'il est nuisible. Les résultats de nos recherches seront partagés avec nos millions d'utilisateurs lors de la prochaine mise à jour de la base de données de virus. Si vous utilisez Avira, vous obtiendrez également cette mise à jour. Vous n'avez pas Avira ? Téléchargez-le sur notre page d'accueil.

Qu'est-ce qu'Avira Answers ?

Il s'agit de notre communauté grandissante d'experts techniques et de spécialistes à temps partiel qui s'entraident pour résoudre les problèmes techniques. C'est l'endroit idéal pour poser vos questions aux autres utilisateurs de la communauté Avira.