Trojan.KillProc2.27479

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\z1qxwcd 7nd83wovj sgu4m7oc (36mho73,36mho73).mpeg.exe
%ProgramFiles%\dvd maker\shared\f1i7cm sperm [free] boobs mg9fvb2xk9 (dehod0).mpg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\nom72kl h93bklf ihthd33 (sonja).avi.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\wep6b08 bd1l5ir uncut .rar.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\s2fkave cum 7vepaqjm wifey .mpeg.exe
%ProgramFiles%\microsoft office\templates\0287zh mzwpstr8n big .mpeg.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\zc8giv9 horse 7vepaqjm gsva2xn .zip.exe
%ProgramFiles%\windows journal\templates\wpjwijv tsomq34 mzwpstr8n epyxwn .zip.exe
%ProgramFiles%\windows sidebar\shared gadgets\sperm mnho9y54 nom72kl hole young (hyo87il).avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\zc8giv9 bd1l5ir nude l9hwcs7vvnphd9 .mpeg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\cum beast [bangbus] wifey (c4w8hqa,c4w8hqa).rar.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\zc8giv9 8ok6yf epyxwn .avi.exe
%CommonProgramFiles(x86)%\microsoft shared\sperm tsomq34 uncut hole (jade).mpg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\black beast apv53deiq9fw jxqgtp nmibe2 .mpg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\8ok6yf xakmpl bq4kno kfp2yqq .mpg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\fac71w2 w6csjja14n1 tsomq34 l9hwcs7vvnphd9 (cy4xpd,rdl1tfkz).zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\ddqayq gay apv53deiq9fw glans (haj1oyikd).mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\h93bklf [bangbus] shoes .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\cum h93bklf girls zmc8ujp .mpeg.exe
%ALLUSERSPROFILE%\templates\beast xxx hot (!) .rar.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\f1i7cm mnho9y54 l9hwcs7vvnphd9 kfp2yqq gsva2xn (sandy,g6u8n4r).zip.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\4h1e2a346 bd1l5ir vjq39c1gwy feet gsva2xn .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e bd1l5ir ihthd33 jxqgtp .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe bd1l5ir hot (!) 8pfmdyy .zip.exe
%ALLUSERSPROFILE%\templates\porn 7vepaqjm boobs gsva2xn .zip.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe beast tsomq34 ihthd33 nmibe2 .mpeg.exe
C:\users\default\appdata\local\temp\w6csjja14n1 big hole .mpg.exe
C:\users\default\appdata\local\<INETFILES>\tsomq34 [bangbus] glans zn3tvn .avi.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\mzwpstr8n sgu4m7oc eigt45 .rar.exe
C:\users\default\templates\z9z7rwe h93bklf apv53deiq9fw 50+ (sonja).rar.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\z9z7rwe 8ok6yf w6csjja14n1 sgu4m7oc ash (gina).rar.exe
%TEMP%\f1i7cm xakmpl uncut zn3tvn (jade,sonja).mpg.exe
%LOCALAPPDATA%\<INETFILES>\z1qxwcd w6csjja14n1 uncut gsva2xn .avi.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\4h1e2a346 vjq39c1gwy (sandy,dehod0).mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\nude 7vepaqjm sm .rar.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\zc8giv9 beast ihthd33 .mpeg.exe
%APPDATA%\microsoft\templates\mnho9y54 [bangbus] js80j73 .mpg.exe
%APPDATA%\microsoft\windows\templates\eq7k2xcxt lpcu5ai3 epyxwn ejn547rbxhd1 .zip.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\xxx epyxwn young .zip.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\asian sperm vjq39c1gwy .rar.exe
%HOMEPATH%\templates\4h1e2a346 w6csjja14n1 wep6b08 [milf] fw58kpr41ob1w .avi.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\wpjwijv nom72kl w6csjja14n1 sgu4m7oc young (hyo87il).mpeg.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\f1i7cm gay 7nd83wovj uncut (y8oxsqa).rar.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\upfgetx cum sgu4m7oc .zip.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 [bangbus] titts rv0y8n .rar.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\black mnho9y54 big ejn547rbxhd1 .zip.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\zc8giv9 8ok6yf bq4kno .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\8ok6yf vjq39c1gwy hole .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\w6csjja14n1 mzwpstr8n [bangbus] young .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\8r3baiec cum l9hwcs7vvnphd9 cock lzxyhb7k .rar.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\8ok6yf porn hot (!) sgoibhh .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\sperm 7nd83wovj uncut lzxyhb7k .avi.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\yzw1afy nom72kl ash .avi.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\z1qxwcd horse [bangbus] sgoibhh .mpg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f07qtt xxx hot (!) ash qq6w54yfhtqrbwcslg .mpg.exe
%WINDIR%\assembly\temp\black yzw1afy ihthd33 .rar.exe
%WINDIR%\assembly\tmp\w6csjja14n1 uncut sm .avi.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\wep6b08 ihthd33 js80j73 .avi.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\f1i7cm nude [free] fw58kpr41ob1w (gina).mpeg.exe
%WINDIR%\pla\templates\s2fkave yzw1afy uncut 8bgkvshe1 .rar.exe
%WINDIR%\security\templates\4h1e2a346 beast vjq39c1gwy 8pfmdyy .avi.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\wep6b08 porn hot (!) sweet (cy4xpd,36mho73).rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\f07qtt xxx epyxwn legs qx2j1b5 .zip.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\mzwpstr8n wep6b08 7vepaqjm .mpg.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\fac71w2 beast girls (sarah).avi.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\black nom72kl mnho9y54 apv53deiq9fw ejn547rbxhd1 (sandy,rdl1tfkz).avi.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\upfgetx yzw1afy lpcu5ai3 sgu4m7oc .zip.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm 7nd83wovj nude hot (!) legs (sonja,jenna).rar.exe
%WINDIR%\syswow64\fxstmp\h93bklf 7nd83wovj vjq39c1gwy .mpeg.exe
%WINDIR%\syswow64\ime\shared\zc8giv9 sperm cum [milf] feet eigt45 .mpg.exe
%WINDIR%\syswow64\config\systemprofile\black horse porn l9hwcs7vvnphd9 wifey .avi.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\nude mnho9y54 uncut mg9fvb2xk9 .zip.exe
%WINDIR%\syswow64\fxstmp\xxx lpcu5ai3 bq4kno 50+ .mpg.exe
%WINDIR%\syswow64\ime\shared\f07qtt xakmpl [bangbus] titts ash .rar.exe
%WINDIR%\temp\8r3baiec 8ok6yf 7vepaqjm wifey .zip.exe
%WINDIR%\winsxs\installtemp\horse 8ok6yf 7vepaqjm jxqgtp shoes .zip.exe

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Tecnologías

Términos

Formación y educación

Mitos

Technical Information

Curing recommendations

Free trial