Avira Virus Lab

TR/Dropper.Gen

  • Nome
    TR/Dropper.Gen
  • Scoperto
    21/lug/2016
  • Tipo
    Malware
  • Impatto
    Livello medio 
  • Infezioni segnalate
    Livello medio 
  • Sistema operativo
    Windows

Con il termine 'TR' si intende un trojan che è in grado di scoprire dati personali, violare la privacy dell’utente ed effettuare modifiche indesiderate al sistema.

Una procedura di individuazione generica progettata per identificare caratteristiche comuni alle diverse varianti della stessa famiglia del virus.Questa speciale procedura è stata sviluppata per individuare varianti sconosciute e verrà potenziata continuamente.

  • Processi
    • %APPDATA%\Roaming\Images\image.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %executed_sample_name%.exe
  • File
    Sono stati creati i seguenti file:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %TEMPDIR%\nsgB9CD.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\NsCpuCNMiner32.exe
    • %APPDATA%\Roaming\Images\NsCpuCNMiner64.exe
    • %APPDATA%\Roaming\Images\NsGpuCNMiner.exe
    • %APPDATA%\Roaming\Images\Data.bin
    • %APPDATA%\Roaming\Images\pools.txt
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\image.lnk
    • %APPDATA%\Roaming\Images\temp.txt
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    Sono stati modificati i seguenti file:
    • %temporary_internet_files%\Content.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\Cookies\index.dat
    • %APPDATA%\Local\Microsoft\Windows\History\History.IE5\index.dat
    • %APPDATA%\Roaming\Microsoft\Windows\IETldCache\index.dat
    • %TEMPDIR%\nseCC11.tmp\inetc.dll
    • %APPDATA%\Roaming\Images\image.exe
    Sono stati eliminati i seguenti file:
    • %TEMPDIR%\nsr7619.tmp
    • %TEMPDIR%\nsg7629.tmp
    • %TEMPDIR%\nsg7629.tmp\inetc.dll
    • C:\xrdmnsxx\temp.txt
    • %TEMPDIR%\nsrB9BD.tmp
    • %TEMPDIR%\nsgB9CD.tmp
    • %APPDATA%\Roaming\Images\tmp.ini
    • %APPDATA%\Roaming\Images\temp.txt
    • %APPDATA%\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    Sono state create le seguenti copie dello stesso file:
    • %APPDATA%\Roaming\Images\image.exe
    • C:\images.scr
    • E:\images.scr
    Sono stati caricati i seguenti driver:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
    Sono in esecuzione i seguenti file:
    • %SYSDIR%\shdocvw.dll
    • %WINDIR%\Globalization\Sorting\sortdefault.nls
    • %APPDATA%\Local\Microsoft\Windows\Caches\cversions.1.db
    • %ALLUSERSPATH%\desktop.ini
    • %USERPATH%\Desktop\desktop.ini
    • %USERPATH%\Searches\desktop.ini
    • %USERPATH%\Videos\desktop.ini
    • %USERPATH%\Pictures\desktop.ini
    • %USERPATH%\Contacts\desktop.ini
    • %USERPATH%\Favorites\desktop.ini
    • %USERPATH%\Music\desktop.ini
    • %USERPATH%\Downloads\desktop.ini
    • %USERPATH%\Documents\desktop.ini
    • %USERPATH%\Links\desktop.ini
    • %USERPATH%\Saved Games\desktop.ini
    • %WINDIR%\AppPatch\sysmain.sdb
    • %SYSDIR%\en-US\shdocvw.dll.mui
    • %TEMPDIR%\nse7380.tmp
    • %TEMPDIR%\%executed_sample%
    • %TEMPDIR%\nseCC11.tmp
    • %TEMPDIR%\temp.txt
    • C:\
    • %WINDIR%\SysWOW64\en-US\SHELL32.dll.mui
    • %APPDATA%\Roaming\Images\image.exe
  • Registro
    Vengono aggiunte le seguenti entità di registro:
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\%executed_sample_name%_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
    • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34}\00-23-7d-29-a4-a9
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASAPI32
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\image_RASMANCS
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    Vengono cambiate le seguenti entità di registro:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\%executed_sample_name%_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAAB8AAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAADAs5VCEA3RAQAAAAAAAAAAAAAAAAIA AAAXAAAAAAAAAP6AAAAAAAAA5aw1NW8R55ELAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqHQEAAAAAAAAAAAADUgAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA") ("DefaultConnectionSettings": "RgAAAAQAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{58BF48AF-81A4-472D-9931-7D3DA8432D34} ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000") ("WpadNetworkName": "Network 2")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-23-7d-29-a4-a9 ("WpadDecisionReason": "0x01000000") ("WpadDecisionTime": "8Pvcj+J11AE=") ("WpadDecision": "0x03000000")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadLastNetwork": "{58BF48AF-81A4-472D-9931-7D3DA8432D34}")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASAPI32 ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\image_RASMANCS ("EnableFileTracing": "0x00000000") ("EnableConsoleTracing": "0x00000000") ("FileTracingMask": "0x0000FFFF") ("ConsoleTracingMask": "0x0000FFFF") ("MaxFileSize": "0x00001000") ("FileDirectory": "%windir%\tracing")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": "RgAAACAAAAAJAAAAAAAAAAAAAAAAAAAABAAAAAAAAABAAr6P4nXUAQAAAAAAAAAAAAAAAAMA AAAXAAAAAAAAAP6AAAAAAAAAPI88tD9Xo3oNAAAAHAAAAAAAAAAAAAAAAAAAAAAgAAAAIAAA ABAAAAEAAADtAwAACQYCAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAD/////wLDq+dQm0BG7vwCqAGw05AIAAADAqFyFAAAAAAAAAAAY0iEAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAAAAAAAgAQAA PorvLTyPPLQ/V6N6AAAAAEzSIQBM0iEAAAAAAAAAAAAAAAAAJQAAJfHyAABQ1iEAgHUhAAAA AAAAAAAAAAAAAAoAAAAAAAAAqNAhAJDTIQAAAAAAAgAAAAAAAGAAAAAgHAMAAODRIQACAAAA 9AIAABwDAAA=")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Coin": "%APPDATA%\Roaming\Images\image.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "3")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "Iº4TÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad ("WpadExpirationDays": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadNetworkName": "Network")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionReason": "1")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecisionTime": "ò¦ûâuÔ")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDecision": "0")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7}\0a-00-27-00-00-00
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDhcp": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDns": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
    I valori delle seguenti chiavi di registro vengono rimossi:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ("ProxyEnable": "0x00000000") ("ProxyServer": "") ("ProxyOverride": "") ("AutoConfigURL": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "") ("UNCAsIntranet": "0x00000000") ("AutoDetect": "0x01000000")
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap ("ProxyBypass": "") ("IntranetName": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CEB9F6DE-E816-4DBD-B613-4897B9C716D7} ("WpadDetectedUrl": "")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00 ("WpadDetectedUrl": "")
  • Aliases
    Avast: Win32:Malware-gen
    Dr. Web: Trojan.BtcMine.688
    ESET: NSIS/CoinMiner.P trojan
    G Data: Trojan.AgentWDCR.ERF
    Kaspersky Lab: HEUR:Trojan.NSIS.BitMin.gen
    Microsoft: Trojan:Win32/CoinMiner!bit

Aiutaci a rendere il web più sicuro: inviaci i file/URL sospetti da analizzare.

Invia il tuo file/URL oppure Vai ad Avira Answers

Perché inviare un file sospetto?

Se ti imbatti in un file o sito Web sospetto che non è presente nel nostro database, lo analizzeremo per stabilire se è dannoso. I risultati saranno quindi distribuiti ai milioni di nostri utenti non appena eseguiranno l'aggiornamento del database dei virus. Se utilizzi Avira, anche tu riceverai l'aggiornamento. Non avete Avira? Scaricalo dalla nostra home page.

Che cos'è Avira Answers?

È la nostra fiorente comunità di tecnici professionisti ed esperti part-time che collaborano per risolvere i problemi tecnici. È il luogo ideale per porre le tue domande a una comunità di altri utenti Avira.