Avira 病毒搜索

TR/Dropper.A.40157

  • 名称
    TR/Dropper.A.40157
  • 发现日期
    2016年3月1日
  • 类型
    Malware
  • 影响
     
  • 报告的感染
     
  • 操作系统
    Windows
  • VDF 版本
    7.12.63.108 (2016-02-29 18:38)

术语“TR”指的是能够窥探数据、侵犯您的隐私或对系统进行不需要的修改的特洛伊木马。

  • VDF
    7.12.63.108 (2016-02-29 18:38)
  • 别名
    AVG: Crypt_r.BDP
    G Data: Gen:Variant.Application.Graftor.273204
    Bitdefender: Gen:Variant.Application.Graftor.273204
  • 文件
    创建以下文件:
    • %temporary internet files%\Content.IE5\QH9ZEEV0\index[1].htm
    • %temporary internet files%\Content.IE5\LV2JIAKP\main[1].css
    • %temporary internet files%\Content.IE5\LV2JIAKP\amipb[1].js
    • %temporary internet files%\Content.IE5\5KMEPSXE\footer_img[1].png
    • %temporary internet files%\Content.IE5\A9SFWXZG\cancel[1].gif
    • %temporary internet files%\Content.IE5\A9SFWXZG\cancel1[1].gif
    • %temporary internet files%\Content.IE5\QH9ZEEV0\skip[1].gif
    • %temporary internet files%\Content.IE5\QH9ZEEV0\decline[1].gif
    • %temporary internet files%\Content.IE5\5KMEPSXE\next[1].gif
    • %temporary internet files%\Content.IE5\5KMEPSXE\accept[1].gif
    • %TEMPDIR%\sample.exe:typelib
    • %USERPROFILE%\Desktop\Continue installation .lnk
    • %TEMPDIR%\amipixel.cfg
    • %temporary internet files%\Content.IE5\LV2JIAKP\finish[1].gif
    • %temporary internet files%\Content.IE5\A9SFWXZG\dm_left_image[1].png
    • %temporary internet files%\Content.IE5\QH9ZEEV0\logo[2].png
    创建以下自身的副本:
    • %TEMPDIR%\sample.exe
  • 注册表
    会添加以下注册表项目:
    • [HKEY_CLASSES_ROOT\moaners.sign.1] @ = "Inst Class"
    • [HKEY_CLASSES_ROOT\moaners.sign.1\CLSID] @ = "{bb4763a7-dd60-4632-ae31-c015cd326a15}"
    • [HKEY_CLASSES_ROOT\moaners.sign] @ = "Inst Class"
    • [HKEY_CLASSES_ROOT\moaners.sign\CurVer] @ = "moaners.sign.1"
    • [HKEY_CLASSES_ROOT\CLSID\{bb4763a7-dd60-4632-ae31-c015cd326a15}] @ = "Inst Class"
    • [HKEY_CLASSES_ROOT\CLSID\{bb4763a7-dd60-4632-ae31-c015cd326a15}\ProgID] @ = "moaners.sign.1"
    • [HKEY_CLASSES_ROOT\CLSID\{bb4763a7-dd60-4632-ae31-c015cd326a15}\VersionIndependentProgID] @ = "moaners.sign"
    • [HKEY_CLASSES_ROOT\CLSID\{bb4763a7-dd60-4632-ae31-c015cd326a15}\LocalServer32] @ = ""%FILE_PATH%"" "ServerExecutable" = "%FILE_PATH%"
    • [HKEY_CLASSES_ROOT\CLSID\{bb4763a7-dd60-4632-ae31-c015cd326a15}\TypeLib] @ = "{b1597410-d593-4cb8-8675-a5b7d7f40c4f}"
    • [HKEY_CLASSES_ROOT\CLSID\{bb4763a7-dd60-4632-ae31-c015cd326a15}\Version] @ = "1.0"
    • [HKEY_CLASSES_ROOT\TypeLib\{B1597410-D593-4CB8-8675-A5B7D7F40C4F}\1.0] @ = "InstallerLib"
    • [HKEY_CLASSES_ROOT\TypeLib\{B1597410-D593-4CB8-8675-A5B7D7F40C4F}\1.0\FLAGS] @ = "0"
    • [HKEY_CLASSES_ROOT\TypeLib\{B1597410-D593-4CB8-8675-A5B7D7F40C4F}\1.0\0\win32] @ = "%FILE_PATH%:typelib"
    • [HKEY_CLASSES_ROOT\TypeLib\{B1597410-D593-4CB8-8675-A5B7D7F40C4F}\1.0\HELPDIR] @ = "%DISKDRIVE%\xxx"
    • [HKEY_CLASSES_ROOT\Interface\{19BAFA4A-F918-4D87-B0C8-71E00955623F}] @ = "IBoot"
    • [HKEY_CLASSES_ROOT\Interface\{19BAFA4A-F918-4D87-B0C8-71E00955623F}\ProxyStubClsid] @ = "{00020424-0000-0000-C000-000000000046}"
    • [HKEY_CLASSES_ROOT\Interface\{19BAFA4A-F918-4D87-B0C8-71E00955623F}\ProxyStubClsid32] @ = "{00020424-0000-0000-C000-000000000046}"
    • [HKEY_CLASSES_ROOT\Interface\{19BAFA4A-F918-4D87-B0C8-71E00955623F}\TypeLib] @ = "{B1597410-D593-4CB8-8675-A5B7D7F40C4F}" "Version" = "1.0"
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg] "LogSessionName" = "stdout" "Active" = dword:00000001 "ControlFlags" = dword:00000001
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier] "Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa" "BitNames" = " Error Unusual Info Debug"
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy] "LogSessionName" = "stdout" "Active" = dword:00000001 "ControlFlags" = dword:00000001
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier] "Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa" "BitNames" = " Error Unusual Info Debug"
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil] "LogSessionName" = "stdout" "Active" = dword:00000001 "ControlFlags" = dword:00000001
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier] "Guid" = "8aefce96-4618-42ff-a057-3536aa78233e" "BitNames" = " Error Unusual Info Debug"
    会更改以下注册表项:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG] "Trace Level" = ""
    • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT] "EventMessageFile" = "%SYSDIR%\ESENT.dll" "CategoryMessageFile" = "%SYSDIR%\ESENT.dll" "CategoryCount" = dword:00000010 "TypesSupported" = dword:00000007
  • HTTP 请求
    • www.*****oad-way.com/index.php
    • www.*****oad-way.com/finalize.php
    • www.*****oad-way.com/Html/ae700b56-ce32-47fe-970f-652f4f1c7837/%appimageurl%
    • www.*****oad-way.com/Html/e342a2ff-c947-4dae-ac5d-f6d9119cb89f/logo.png

将可疑文件/URL 送予我们分析,帮助构建更加安全的网站。

提交您的文件/URL 或者 转到 Avira 疑难解答

为何提交可疑文件?

如果您遇到不在我们数据库中的可疑文件或网站,我们将对其进行分析,确定其是否有害。我们的分析结果将惠及数百万用户,并将纳入下一次病毒数据库更新。如果您已经拥有 Avira,则会获取此更新。尚未拥有 Avira? 请前往 获取

什么是 Avira 疑难解答?

这是我们大力发展的社区,由专业技术人员和兼职专家通力合作,为广大用户解决技术问题。这一 Avira 用户社群是提出问题的绝佳场所。