Trojan.DownLoader27.15110

Technical Information

To ensure autorun and distribution:

Creates or modifies the following files:

%HOMEPATH%\Start Menu\Programs\Startup\e290efa3f0de18e1cb01504f1db44125.exe

Modifies file system:

Creates the following files:

<Current directory>\default.txt
<Current directory>\Map\25209.JPG
<Current directory>\Map\25208.JPG
<Current directory>\Map\25207.JPG
<Current directory>\Map\25206.JPG
<Current directory>\Map\25205.JPG
<Current directory>\Map\25204.JPG
<Current directory>\Map\25203.JPG
<Current directory>\Map\25202.JPG
<Current directory>\Map\25100.JPG
<Current directory>\Map\2201.JPG
<Current directory>\Map\101.JPG
<Current directory>\Map\2101.JPG
<Current directory>\Map\2001.JPG
<Current directory>\Map\20001.JPG
<Current directory>\Map\1901.JPG
<Current directory>\Map\1801.JPG
<Current directory>\Map\1701.JPG
<Current directory>\Map\1601.JPG
<Current directory>\Map\1501.JPG
<Current directory>\Map\1401.JPG
<Current directory>\Map\1301.JPG
<Current directory>\Map\1201.JPG
<Current directory>\Map\201.JPG
<Current directory>\Map\1101.JPG
<Current directory>\Map\25210.JPG
<Current directory>\Map\5401.JPG
<SYSTEM32>\3a5e.txt
<SYSTEM32>\beibr.exe
%WINDIR%\Key_M.dll
<SYSTEM32>\didi.exe
<Current directory>\Map\NoMap.JPG
<Current directory>\Map\bkBrush.jpg
<Current directory>\Map\901.JPG
<Current directory>\Map\801.JPG
<Current directory>\Map\8001.JPG
<Current directory>\Map\6001.JPG
<Current directory>\Map\25501.JPG
<Current directory>\Map\25301.JPG
<Current directory>\Map\5001.JPG
<Current directory>\Map\41001.JPG
<Current directory>\Map\40101.jpg
<Current directory>\Map\30300.JPG
<Current directory>\Map\30200.JPG
<Current directory>\Map\30100.JPG
<Current directory>\Map\301.JPG
<Current directory>\Map\30000.JPG
<Current directory>\Map\26000.JPG
<Current directory>\Map\25701.JPG
<Current directory>\Map\5501.JPG
<Current directory>\Map\1001.JPG
<Current directory>\Map\btn_min.png
<Current directory>\Map\bkBrush.png
<Current directory>\脚本\三邪关.ini
<Current directory>\脚本\南明湖.ini
<Current directory>\脚本\南明洞.ini
<Current directory>\脚本\南林修炼之地.ini
<Current directory>\脚本\南林.ini
<Current directory>\脚本\柳正关.ini
<Current directory>\脚本\柳善府.ini
<Current directory>\脚本\花亭平原.ini
<Current directory>\脚本\虎峡谷修炼之地.ini
<Current directory>\脚本\松月关.ini
<Current directory>\脚本\虎峡谷.ini
<Current directory>\脚本\地灵洞3层.ini
<Current directory>\脚本\地灵洞2层.ini
<Current directory>\脚本\地灵洞1层.ini
<Current directory>\脚本\测试.ini
<Current directory>\脚本\冰宫.ini
<Current directory>\脚本\北海修炼之地.ini
<Current directory>\脚本\北海冰宫幻影.ini
<Current directory>\脚本\北海冰宫.ini
<Current directory>\版本号.ini
<Current directory>\脚本\百武关.ini
<Current directory>\脚本\东陵修炼之地.ini
<Current directory>\脚本\泫勃派.ini
<Current directory>\脚本\神武门.ini
<Current directory>\脚本\血魔洞1层.ini
<Current directory>\Map\Background.png
<Current directory>\点击自动更新.exe
<Current directory>\dfgsdh.dat
<Current directory>\temp
<Current directory>\提示声音.wav
<Current directory>\rxkd.dll
<Current directory>\rxdsq.dll
<Current directory>\msvcr100.dll
<Current directory>\mfc100.dll
<Current directory>\ItemDate.dll
<Current directory>\Item.dll
<Current directory>\基础主窗口.exe
<Current directory>\查线.exe
<Current directory>\脚本\血魔洞2层.ini
<Current directory>\rxjn.exe
<Current directory>\rxgg.exe
<Current directory>\脚本\正竹林.ini
<Current directory>\游戏路径.ini
<Current directory>\脚本\银币广场.ini
<Current directory>\脚本\遗忘的村庄(一般).ini
<Current directory>\脚本\遗忘的村庄(高手).ini
<Current directory>\脚本\遗忘的村庄(大师).ini
<Current directory>\脚本\遗忘的村庄(达人).ini
<Current directory>\脚本\血魔洞3层.ini
<SYSTEM32>\3a5d.txt
%TEMP%\_uninsep.bat

Deletes the following files:

<Current directory>\rxgg.exe

Network activity:

Connects to:

'42.##.193.47':1070

Miscellaneous:

Searches for the following windows:

ClassName: 'EDIT' WindowName: ''

Creates and executes the following:

'<Current directory>\rxjn.exe'
'<Current directory>\rxgg.exe'
'<SYSTEM32>\beibr.exe'

Executes the following:

'<SYSTEM32>\cmd.exe' /c ""%TEMP%\_uninsep.bat" "

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial