11.09.2012, 05:54
Malware info:
SHA256: fccb4532dd88bbe1282feed12b4c21a9468c7bf3a4d0bcea9351b18d468561bd
SHA1: b18bd765a9b4b2e2207276213cabb53eaa386c32
MD5: a1d291755f20581f9c3a6f64fa1364c2
File size: 23.0 KБ ( 23552 bytes )
VT info (24/26):
Changes in the system:
SHA256: fccb4532dd88bbe1282feed12b4c21a9468c7bf3a4d0bcea9351b18d468561bd
SHA1: b18bd765a9b4b2e2207276213cabb53eaa386c32
MD5: a1d291755f20581f9c3a6f64fa1364c2
File size: 23.0 KБ ( 23552 bytes )
VT info (24/26):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\System\CurrentControlSet\Services\DNS Server\ImagePath: "%SysDir%\akserver.exe"
HKLM\System\CurrentControlSet\Services\DNS Server\DisplayName: "AK DNS"
HKLM\System\CurrentControlSet\Services\DNS Server\Description: "I??E??Ea»u?aIo?I»??aOoAuIµI?"
HKLM\System\CurrentControlSet\Services\Ngginx-Service\ImagePath: "%SysDir%\Systemxje.exe"
HKLM\System\CurrentControlSet\Services\Ngginx-Service\DisplayName: "Ngignx Web Service"
HKLM\System\CurrentControlSet\Services\Ngginx-Service\Description: "Sppeed up your web Service.Microsoft @Copyright"
Files:
%Temp%\patch.bat
%SysDir%\akserver.exe [VTInfo 36/42:[Aby zobaczyć linki, zarejestruj się tutaj]
]
%SysDir%\Systemxje.exe
Treść widoczna jedynie dla zarejestrowanych użytkowników