Laboratoire antivirus Avira

TR/Crypt.ZPACK.220725

  • Nom
    TR/Crypt.ZPACK.220725
  • La date de la découverte
    12 déc. 2015
  • Type
    Malware
  • Impact
    Moyen 
  • Infections signalées
    Faible 
  • Système d'exploitation
    Windows
  • Version VDF
    7.12.34.4 (2015-12-03 17:06)

La désignation 'TR' concerne un cheval de Troie qui est en mesure d’espionner vos données, de porter atteinte à votre vie privée et qui peut effectuer des modifications indésirables sur le système.

  • VDF
    7.12.34.4 (2015-12-03 17:06)
  • Alias
    Avast: Win32:Malware-gen
    AVG: Generic37.MY
    Dr. Web: Trojan.Encoder.3104
    McAfee: PWSZbot-FAOI!FBF1B81263B4
    Trend Micro: Ransom_.7C4A83A9
    Microsoft: Ransom:Win32/Tescrypt!rfn
    G Data: Trojan.GenericKD.2907449
    Kaspersky Lab: Trojan.Win32.Yakes.npyk
    Bitdefender: Trojan.GenericKD.2907449
    ESET: Win32/Filecoder.EM trojan
  • Fichiers
    Les duplications suivantes sont créées:
    • %APPDATA%\mceyg-a.exe
    Les fichiers suivants sont créés:
    • %USERPROFILE%\My Documents\recover_file_uqdsdasyc.txt
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA0PS4IJ.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CAOLUVUF.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA39NXCZ.htm
    Les fichiers suivants sont modifiés:
    • %temporary internet files%\Content.IE5\index.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1028.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1029.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1030.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1031.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1032.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1033.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1035.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1036.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1037.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1038.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1040.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1041.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1042.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1043.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1044.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1045.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1046.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1049.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1053.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1055.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2052.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2070.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.3082.rtf
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.js
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
    • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\prefs.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\sessionstore.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\urlclassifierkey3.txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@download.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][3].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@www.bing[1].txt
    • %USERPROFILE%\Cookies\biluta@www.mozilla[1].txt
    • %USERPROFILE%\Cookies\biluta@www.msn[1].txt
    • %TEMPDIR%\AUCHECK_PARSER.txt
    • %TEMPDIR%\dd_clwireg.txt
    • %TEMPDIR%\dd_depcheckdotnetfx30.txt
    • %TEMPDIR%\dd_depcheck_NETFX20_EXP_35.txt
    • %TEMPDIR%\dd_depcheck_NETFX_EXP_35.txt
    • %TEMPDIR%\dd_dotnetfx20error.txt
    • %TEMPDIR%\dd_dotnetfx20install.txt
    • %TEMPDIR%\dd_dotnetfx35error.txt
    • %TEMPDIR%\dd_dotnetfx35install.txt
    • %TEMPDIR%\dd_dotnetfx3install.txt
    • %TEMPDIR%\dd_dotNetFx40_Full_setup_decompression_log.txt
    • %TEMPDIR%\dd_msxml_retMSI4318.txt
    • %TEMPDIR%\dd_netfx20MSI205C.txt
    • %TEMPDIR%\dd_netfx20UI205C.txt
    • %TEMPDIR%\dd_NET_Framework20_Setup12EF.txt
    Les fichiers suivants sont renommés:
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1025.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1028.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1029.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1030.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1031.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1032.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1033.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1035.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1036.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1037.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1038.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1040.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1041.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1042.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1043.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1044.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1045.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1046.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1049.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1053.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.1055.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2052.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.2070.rtf
    • %DISKDRIVE%\67edd601553864307ce739a3c57414fe\eula.3082.rtf
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
    • %DISKDRIVE%\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg
    • %APPDATA%\Adobe\Acrobat\9.0\JavaScripts\glob.settings.js
    • %APPDATA%\Microsoft\Internet Explorer\brndlog.txt
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\prefs.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\sessionstore.js
    • %APPDATA%\Mozilla\Firefox\Profiles\lhn8qbrc.default\urlclassifierkey3.txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@download.mozilla[1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][3].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][2].txt
    • %USERPROFILE%\Cookies\[email protected][1].txt
    • %USERPROFILE%\Cookies\biluta@www.bing[1].txt
    • %USERPROFILE%\Cookies\biluta@www.mozilla[1].txt
    • %USERPROFILE%\Cookies\biluta@www.msn[1].txt
    • %TEMPDIR%\AUCHECK_PARSER.txt
    • %TEMPDIR%\dd_clwireg.txt
    • %TEMPDIR%\dd_depcheckdotnetfx30.txt
    • %TEMPDIR%\dd_depcheck_NETFX20_EXP_35.txt
    • %TEMPDIR%\dd_depcheck_NETFX_EXP_35.txt
    • %TEMPDIR%\dd_dotnetfx20error.txt
    • %TEMPDIR%\dd_dotnetfx20install.txt
    • %TEMPDIR%\dd_dotnetfx35error.txt
    • %TEMPDIR%\dd_dotnetfx35install.txt
    • %TEMPDIR%\dd_dotnetfx3install.txt
    • %TEMPDIR%\dd_dotNetFx40_Full_setup_decompression_log.txt
    • %TEMPDIR%\dd_msxml_retMSI4318.txt
    • %TEMPDIR%\dd_netfx20MSI205C.txt
    • %TEMPDIR%\dd_netfx20UI205C.txt
    • %TEMPDIR%\dd_NET_Framework20_Setup12EF.txt
    Les fichiers suivants sont supprimés:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA0PS4IJ.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CAOLUVUF.htm
    • %temporary internet files%\Content.IE5\QH9ZEEV0\CA39NXCZ.htm
  • Injections
    • %APPDATA%\mceyg-a.exe
  • Registre
    Les entrées de registre suivantes sont ajoutées:
    • HKEY_CURRENT_USER\Software\zsys ("ID": %hex values%)
    • HKEY_CURRENT_USER\Software\A45825718410E168 ("data": %hex values%)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Acronis": "%APPDATA%\mceyg-a.exe")
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
  • Requêtes HTTP
    • myexternalip.*****com/raw
    • regiefernando.*****ages/slideshow/sysmisc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC70D937382E75EA8265FB00E4F10D1AE48D46A5F6C4F3B99D3529422B5B2E0B029EF360D839A243CF07C02DDD9C1F43BD05431277189D9F13635B2062D3D22FB7
    • regiefernando.*****i-sys/suspendedpage.cgi?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC70D937382E75EA8265FB00E4F10D1AE48D46A5F6C4F3B99D3529422B5B2E0B029EF360D839A243CF07C02DDD9C1F43BD05431277189D9F13635B2062D3D22FB7
    • schriebershof.*****p/misc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC159C88E88ED8E7E2924FBBEF27EF682CA548E4FC2BEABCE79E0E70F5399408587B83D023FB339824ABFE511F59BDD00E5E7A0D46BD00BB828F7B4439907FA571
    • apotheke-stiepel.*****mp/misc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC422A69912817C953C6E3B1BE0432DE149A7ACEEC479DBC11708A74F4E18B27A54B42C3F3634FE5505FC2ED1AA19599F58F16A0E227D17358032CD0CF168E0BED56910172155327C62737946611CC2A5B
    • woodenden.*****ysmisc.php?D123FB3FDBE6D719F0F7EA27237BFCA4D7608843743A606142A0C1A2CC5BD00F67CFFC27044025B19732C2A3406AB5715A98D5C9E047AB6F13253AAE0344640DA7177B3605D14303A952208703A01F82CC6AC501BEFE4982046B85F0FD35B98C59AEBB15C5E67DEC122D093E0168C3DC9C686822324FDBF46EB482D0BCC1D4A37B4AC4FEE4F13A07FA50977E07EB6187EB0ECE1FE66F83257A897C4DD4B751D61AA713EA0196CB955DBBCCD53857027A14E97032B0E71D632443AC6F36643886B2B30A02B937B15B1F37E55B7516E6501BCD619D89E0F1B6A24CE42FD4C66AD850EB32DA42199954F741CDC210EA559C749455560A27B46B0B202D29B6742BCB3A7BE8812CACB4DBA7A1C0EFC98E6F214D90342855A56B8F57BDE6C1B140F2DC070096C1A2C24EE39310497D9B1DED7B4D9A51D224F3AF594D9133FCF447DC3D8359573BEE7E6AAC02CAAC9F2C59D125BD8BF2D20027D0EBC38B8D2CFD58F1C2

Aidez-nous à rendre le Web plus sûr en nous envoyant les fichiers/URL suspect(e)s pour analyse.

Envoyer votre fichier/URL ou Aller à Avira Answers

Pourquoi nous envoyer un fichier suspect ?

Si vous avez trouvé un fichier ou un site Internet suspect qui ne figure pas dans notre base de données, nous l'analyserons pour déterminer s'il est nuisible. Les résultats de nos recherches seront partagés avec nos millions d'utilisateurs lors de la prochaine mise à jour de la base de données de virus. Si vous utilisez Avira, vous obtiendrez également cette mise à jour. Vous n'avez pas Avira ? Téléchargez-le sur notre page d'accueil.

Qu'est-ce qu'Avira Answers ?

Il s'agit de notre communauté grandissante d'experts techniques et de spécialistes à temps partiel qui s'entraident pour résoudre les problèmes techniques. C'est l'endroit idéal pour poser vos questions aux autres utilisateurs de la communauté Avira.