Trojan.DownLoader33.1037

Technical Information

Modifies file system

Creates the following files

<Current directory>\d.cab
<Current directory>\$dpx$.tmp\73a338d1184f3c489f47c646c54ba045.tmp
<Current directory>\$dpx$.tmp\d5ac12959444a14ba0faf3c985ff5ea5.tmp
<Current directory>\$dpx$.tmp\fabda4bd22b8344b8c238d61a5a0ede4.tmp
<Current directory>\$dpx$.tmp\1242493fc8de63408a9569c99b35d1c4.tmp
<Current directory>\$dpx$.tmp\b2482174f9d60641b2f8025d39deb984.tmp
<Current directory>\$dpx$.tmp\19874eccb05f864ead5228755d139702.tmp
<Current directory>\$dpx$.tmp\188c61717213e6428f988eb62d547a98.tmp
<Current directory>\$dpx$.tmp\d2576ef8931e264488c280efa25bf95a.tmp
<Current directory>\$dpx$.tmp\cafa91c2d918d140886679703df6e3c8.tmp
<Current directory>\$dpx$.tmp\aaca6710a5650f48b11c07bdd6b3b4c6.tmp
<Current directory>\$dpx$.tmp\7382f5608d6b364ea04d66fcf7d921de.tmp
<Current directory>\$dpx$.tmp\d46ef4bb07e3684493ba540f986db0e3.tmp
<Current directory>\$dpx$.tmp\0710e0cf29e231458c95e30799b05bbc.tmp
<Current directory>\$dpx$.tmp\bdd4a88257cf1a408828f15b652680ed.tmp
<Current directory>\$dpx$.tmp\b3d41682570ef54ab6e5dea60c8bf0b4.tmp
<Current directory>\$dpx$.tmp\8a2193c0deeee444b0be81476c95985e.tmp
<Current directory>\$dpx$.tmp\6478ae24de144744a5a4919cf4d4bc28.tmp
<Current directory>\$dpx$.tmp\998f08caf6a406498947599ee7cf61ef.tmp
<Current directory>\$dpx$.tmp\15eb0169d6667942b17cca6e067b1f83.tmp
<Current directory>\$dpx$.tmp\76c0842400df144094abaf817a0b2d19.tmp
<Current directory>\$dpx$.tmp\9cac835f616b364c9506bbe2d9575802.tmp
<Current directory>\$dpx$.tmp\1e51f42f10de7c49b2e1fc1cb9b30056.tmp
<Current directory>\$dpx$.tmp\869254ccad0d6140a47037931369fab6.tmp
<Current directory>\$dpx$.tmp\7d5d17db80cc024691b2c806856ace8a.tmp
<Current directory>\$dpx$.tmp\01e2989006ae6d4dba56988d3c1dc9a2.tmp
<Current directory>\$dpx$.tmp\82ca0b5aa6c8754b928aa00c0b3c5689.tmp
<Current directory>\$dpx$.tmp\63185538033a694389fa6ee450a51bdc.tmp
<Current directory>\$dpx$.tmp\6f8a7ac9466ec44391cafd56b6537923.tmp
<Current directory>\$dpx$.tmp\0a1ad34c92d6f74585db1bcefcbe3ba6.tmp
<Current directory>\$dpx$.tmp\044148bd58311f4ea8e4c7b83dc3c8b9.tmp
<Current directory>\$dpx$.tmp\55c25c3362b92943bdf480d03b5dbc66.tmp
<Current directory>\$dpx$.tmp\37b04defb05bc64397f39492d5c76815.tmp
<Current directory>\$dpx$.tmp\cc9dfbc2b9ad5544a2da483753b90273.tmp
<Current directory>\$dpx$.tmp\02c972917dfd9044911f96701cb28c6e.tmp
<Current directory>\$dpx$.tmp\273c790c48309a4c90aadfd744b52fe4.tmp
<Current directory>\$dpx$.tmp\6ade3359d505764585556e105a60e17d.tmp
<Current directory>\$dpx$.tmp\cdf8280a09ef6b4eac1ba122eaf93903.tmp
<Current directory>\$dpx$.tmp\7c52a1e582e9774fa0dff2da82254502.tmp
<Current directory>\$dpx$.tmp\0d0c5f0f7250d342b342b615dd5ba859.tmp
<Current directory>\$dpx$.tmp\812b92329d7e4f439c2ee68e2436efa8.tmp
<Current directory>\$dpx$.tmp\b824980bf99a73409c16f19470424c93.tmp
<Current directory>\$dpx$.tmp\824875e6985c3043ba2052f129df3f03.tmp
<Current directory>\$dpx$.tmp\9ea5a44307244f4c9986405a3180a1f0.tmp
<Current directory>\$dpx$.tmp\2ba83e4aaeedd149af2746fbcbc4e105.tmp

Sets the 'hidden' attribute to the following files

<Current directory>\api-ms-win-core-console-l1-1-0.dll
<Current directory>\api-ms-win-crt-conio-l1-1-0.dll
<Current directory>\api-ms-win-crt-convert-l1-1-0.dll
<Current directory>\api-ms-win-crt-environment-l1-1-0.dll
<Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
<Current directory>\api-ms-win-crt-heap-l1-1-0.dll
<Current directory>\api-ms-win-crt-locale-l1-1-0.dll
<Current directory>\api-ms-win-crt-math-l1-1-0.dll
<Current directory>\api-ms-win-core-timezone-l1-1-0.dll
<Current directory>\api-ms-win-core-util-l1-1-0.dll
<Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
<Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
<Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
<Current directory>\api-ms-win-crt-string-l1-1-0.dll
<Current directory>\api-ms-win-crt-time-l1-1-0.dll
<Current directory>\api-ms-win-crt-utility-l1-1-0.dll
<Current directory>\msvcp140.dll
<Current directory>\opencl.dll
<Current directory>\api-ms-win-crt-private-l1-1-0.dll
<Current directory>\api-ms-win-crt-process-l1-1-0.dll
<Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
<Current directory>\api-ms-win-core-synch-l1-2-0.dll
<Current directory>\api-ms-win-core-synch-l1-1-0.dll
<Current directory>\api-ms-win-core-debug-l1-1-0.dll
<Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-1-0.dll
<Current directory>\api-ms-win-core-file-l1-2-0.dll
<Current directory>\api-ms-win-core-file-l2-1-0.dll
<Current directory>\api-ms-win-core-handle-l1-1-0.dll
<Current directory>\api-ms-win-core-heap-l1-1-0.dll
<Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
<Current directory>\api-ms-win-core-datetime-l1-1-0.dll
<Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
<Current directory>\api-ms-win-core-memory-l1-1-0.dll
<Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
<Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
<Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
<Current directory>\api-ms-win-core-profile-l1-1-0.dll
<Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
<Current directory>\api-ms-win-core-string-l1-1-0.dll
<Current directory>\api-ms-win-core-localization-l1-2-0.dll
<Current directory>\ucrtbase.dll
<Current directory>\vcruntime140.dll

Deletes the following files

<Current directory>\d.cab

Moves the following files

from <Current directory>\$dpx$.tmp\7d5d17db80cc024691b2c806856ace8a.tmp to <Current directory>\api-ms-win-core-console-l1-1-0.dll
from <Current directory>\$dpx$.tmp\fabda4bd22b8344b8c238d61a5a0ede4.tmp to <Current directory>\api-ms-win-crt-conio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\1242493fc8de63408a9569c99b35d1c4.tmp to <Current directory>\api-ms-win-crt-convert-l1-1-0.dll
from <Current directory>\$dpx$.tmp\b2482174f9d60641b2f8025d39deb984.tmp to <Current directory>\api-ms-win-crt-environment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\19874eccb05f864ead5228755d139702.tmp to <Current directory>\api-ms-win-crt-filesystem-l1-1-0.dll
from <Current directory>\$dpx$.tmp\188c61717213e6428f988eb62d547a98.tmp to <Current directory>\api-ms-win-crt-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d2576ef8931e264488c280efa25bf95a.tmp to <Current directory>\api-ms-win-crt-locale-l1-1-0.dll
from <Current directory>\$dpx$.tmp\cafa91c2d918d140886679703df6e3c8.tmp to <Current directory>\api-ms-win-crt-math-l1-1-0.dll
from <Current directory>\$dpx$.tmp\73a338d1184f3c489f47c646c54ba045.tmp to <Current directory>\api-ms-win-core-timezone-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d5ac12959444a14ba0faf3c985ff5ea5.tmp to <Current directory>\api-ms-win-core-util-l1-1-0.dll
from <Current directory>\$dpx$.tmp\aaca6710a5650f48b11c07bdd6b3b4c6.tmp to <Current directory>\api-ms-win-crt-multibyte-l1-1-0.dll
from <Current directory>\$dpx$.tmp\0710e0cf29e231458c95e30799b05bbc.tmp to <Current directory>\api-ms-win-crt-runtime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\bdd4a88257cf1a408828f15b652680ed.tmp to <Current directory>\api-ms-win-crt-stdio-l1-1-0.dll
from <Current directory>\$dpx$.tmp\b3d41682570ef54ab6e5dea60c8bf0b4.tmp to <Current directory>\api-ms-win-crt-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\8a2193c0deeee444b0be81476c95985e.tmp to <Current directory>\api-ms-win-crt-time-l1-1-0.dll
from <Current directory>\$dpx$.tmp\6478ae24de144744a5a4919cf4d4bc28.tmp to <Current directory>\api-ms-win-crt-utility-l1-1-0.dll
from <Current directory>\$dpx$.tmp\998f08caf6a406498947599ee7cf61ef.tmp to <Current directory>\msvcp140.dll
from <Current directory>\$dpx$.tmp\15eb0169d6667942b17cca6e067b1f83.tmp to <Current directory>\opencl.dll
from <Current directory>\$dpx$.tmp\7382f5608d6b364ea04d66fcf7d921de.tmp to <Current directory>\api-ms-win-crt-private-l1-1-0.dll
from <Current directory>\$dpx$.tmp\d46ef4bb07e3684493ba540f986db0e3.tmp to <Current directory>\api-ms-win-crt-process-l1-1-0.dll
from <Current directory>\$dpx$.tmp\76c0842400df144094abaf817a0b2d19.tmp to <Current directory>\api-ms-win-core-sysinfo-l1-1-0.dll
from <Current directory>\$dpx$.tmp\1e51f42f10de7c49b2e1fc1cb9b30056.tmp to <Current directory>\api-ms-win-core-synch-l1-2-0.dll
from <Current directory>\$dpx$.tmp\9ea5a44307244f4c9986405a3180a1f0.tmp to <Current directory>\api-ms-win-core-synch-l1-1-0.dll
from <Current directory>\$dpx$.tmp\82ca0b5aa6c8754b928aa00c0b3c5689.tmp to <Current directory>\api-ms-win-core-debug-l1-1-0.dll
from <Current directory>\$dpx$.tmp\63185538033a694389fa6ee450a51bdc.tmp to <Current directory>\api-ms-win-core-errorhandling-l1-1-0.dll
from <Current directory>\$dpx$.tmp\6f8a7ac9466ec44391cafd56b6537923.tmp to <Current directory>\api-ms-win-core-file-l1-1-0.dll
from <Current directory>\$dpx$.tmp\0a1ad34c92d6f74585db1bcefcbe3ba6.tmp to <Current directory>\api-ms-win-core-file-l1-2-0.dll
from <Current directory>\$dpx$.tmp\044148bd58311f4ea8e4c7b83dc3c8b9.tmp to <Current directory>\api-ms-win-core-file-l2-1-0.dll
from <Current directory>\$dpx$.tmp\55c25c3362b92943bdf480d03b5dbc66.tmp to <Current directory>\api-ms-win-core-handle-l1-1-0.dll
from <Current directory>\$dpx$.tmp\37b04defb05bc64397f39492d5c76815.tmp to <Current directory>\api-ms-win-core-heap-l1-1-0.dll
from <Current directory>\$dpx$.tmp\cc9dfbc2b9ad5544a2da483753b90273.tmp to <Current directory>\api-ms-win-core-interlocked-l1-1-0.dll
from <Current directory>\$dpx$.tmp\01e2989006ae6d4dba56988d3c1dc9a2.tmp to <Current directory>\api-ms-win-core-datetime-l1-1-0.dll
from <Current directory>\$dpx$.tmp\02c972917dfd9044911f96701cb28c6e.tmp to <Current directory>\api-ms-win-core-libraryloader-l1-1-0.dll
from <Current directory>\$dpx$.tmp\6ade3359d505764585556e105a60e17d.tmp to <Current directory>\api-ms-win-core-memory-l1-1-0.dll
from <Current directory>\$dpx$.tmp\cdf8280a09ef6b4eac1ba122eaf93903.tmp to <Current directory>\api-ms-win-core-namedpipe-l1-1-0.dll
from <Current directory>\$dpx$.tmp\7c52a1e582e9774fa0dff2da82254502.tmp to <Current directory>\api-ms-win-core-processenvironment-l1-1-0.dll
from <Current directory>\$dpx$.tmp\0d0c5f0f7250d342b342b615dd5ba859.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-0.dll
from <Current directory>\$dpx$.tmp\812b92329d7e4f439c2ee68e2436efa8.tmp to <Current directory>\api-ms-win-core-processthreads-l1-1-1.dll
from <Current directory>\$dpx$.tmp\b824980bf99a73409c16f19470424c93.tmp to <Current directory>\api-ms-win-core-profile-l1-1-0.dll
from <Current directory>\$dpx$.tmp\824875e6985c3043ba2052f129df3f03.tmp to <Current directory>\api-ms-win-core-rtlsupport-l1-1-0.dll
from <Current directory>\$dpx$.tmp\869254ccad0d6140a47037931369fab6.tmp to <Current directory>\api-ms-win-core-string-l1-1-0.dll
from <Current directory>\$dpx$.tmp\273c790c48309a4c90aadfd744b52fe4.tmp to <Current directory>\api-ms-win-core-localization-l1-2-0.dll
from <Current directory>\$dpx$.tmp\9cac835f616b364c9506bbe2d9575802.tmp to <Current directory>\ucrtbase.dll
from <Current directory>\$dpx$.tmp\2ba83e4aaeedd149af2746fbcbc4e105.tmp to <Current directory>\vcruntime140.dll

Network activity

TCP

'lp##.abbny.com':443
'lp##.haqo.net':443

UDP

DNS ASK lp##.beahh.com
DNS ASK lp##.abbny.com
DNS ASK lp##.haqo.net

Miscellaneous

Creates and executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a' (with hidden window)

Executes the following

'<SYSTEM32>\cmd.exe' /c expand d.cab -f:* . & del d.cab /a
'<SYSTEM32>\expand.exe' d.cab -f:* .

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней