Win32.HLLW.Autoruner2.23939

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '%HOMEPATH%\aegvvp.exe'

Malicious functions:

Executes the following:

'<SYSTEM32>\svchost.exe'

Injects code into

the following system processes:

<SYSTEM32>\svchost.exe

Modifies file system:

Creates the following files:

%HOMEPATH%\aegvvp.exe

Sets the 'hidden' attribute to the following files:

%HOMEPATH%\aegvvp.exe

Network activity:

UDP:

DNS ASK mu###.###tal-protection.net.ru
DNS ASK sl###.##fehousenumber.com
'mu###.###tal-protection.net.ru':19700
'sl###.##fehousenumber.com':19700

Miscellaneous:

Searches for the following windows:

ClassName: 'Ujsub Ostcqh Mhi' WindowName: 'Fmyuqb Yoda Kfa'
ClassName: 'Mqxelly Gdpa Inyg' WindowName: 'Nohokpo Ybagn Kfpg'
ClassName: 'Kbmiecdyjnac Tr' WindowName: 'Crulxehxwc Ethysm'
ClassName: 'Jyuvdsxql, Rwiuv' WindowName: 'Dicksn. Rgqh. Rjfj'
ClassName: 'Xgxqx Dvbyvogqj' WindowName: 'Hvgds Kxqtlfess'
ClassName: 'Eaiimmiu, Eitcy Mwt' WindowName: 'Rispngtc, Iaxnfa We'
ClassName: 'W' WindowName: 'Dukiuui Ycqcrqh, Kruxuegja Pxr'
ClassName: 'Eitcy Mwt' WindowName: 'Rispngtc, Iaxnfa We, Eaiimmiu'
ClassName: 'Ktle. Jeoly Vvs Sae' WindowName: 'Nfgslxcnsps Begx'
ClassName: 'Uwnbyqqo Iicph. Y' WindowName: 'Badygira, Xocq. Xp'
ClassName: 'Fmkgtaft Mbas Rb' WindowName: 'Eaxg. Ksnjx Accb'
ClassName: 'Xkpjbpwaj Gpbucc' WindowName: 'Dwkjdf, Uwkufk Uj'
ClassName: 'Nbeqjh, Jtlbe, D' WindowName: 'Tyjjs, Sgtm Npf'
ClassName: 'Atydiauw Xq. Dqcl' WindowName: 'Fsxspl Errc Ygjvw'
ClassName: 'D' WindowName: 'Tyjjs, Sgtm Npf, Nbeqjh, Jtlbe'
ClassName: 'Glguktjwxe Dhe, V' WindowName: 'Eujc Ixslfi. Xfyxu'
ClassName: 'Rwiuv' WindowName: 'Dicksn. Rgqh. Rjfj, Jyuvdsxql'
ClassName: 'V' WindowName: 'Eujc Ixslfi. Xfyxu, Glguktjwxe Dhe'
ClassName: 'C' WindowName: 'Xmjt Bgtmaetr Werxx, Gava Kg. Naai'
ClassName: 'Gava Kg. Naai, C' WindowName: 'Xmjt Bgtmaetr Werxx'
ClassName: 'Odbmhnvh. Xxxpev L' WindowName: 'Jdlqoax. Qvwcxy'
ClassName: 'Jibid. Ibcixd' WindowName: 'Xnjgg, Wstf, Ofpb, Gck'
ClassName: 'Yxb. Xlj Eviyvp, P' WindowName: 'Xoj, Uqvfhhx Ac'
ClassName: 'Bsahnx Fwh Snhj' WindowName: 'Lhpadl, Kfsh Kt, Cp'
ClassName: 'P' WindowName: 'Xoj, Uqvfhhx Ac, Yxb. Xlj Eviyvp'
ClassName: 'Sjeksk Syyi. Vaupb' WindowName: 'Kqdd. Ixjmwlar Sf'
ClassName: 'Lqoioqxhu Iirqh Lgb' WindowName: 'Rxquhakt. Pyl Mtjn'
ClassName: 'Vdoca, Kyvkat, J' WindowName: 'Jod. Vjsqpws Oqe Lq'
ClassName: 'Gck, Jibid. Ibcixd' WindowName: 'Xnjgg, Wstf, Ofpb'
ClassName: 'J' WindowName: 'Jod. Vjsqpws Oqe Lq, Vdoca, Kyvkat'
ClassName: 'Ujtr, Sphnb Cecwh E' WindowName: 'Ikckxmfa Omihxqb B'
ClassName: 'Kgvfkn Juamitl. T' WindowName: 'Lyxxsfui Cxfrm A'
ClassName: 'Sphnb Cecwh E' WindowName: 'Ikckxmfa Omihxqb B, Ujtr'
ClassName: 'Kruxuegja Pxr, W' WindowName: 'Dukiuui Ycqcrqh'
ClassName: 'Fyvvatv Kqswcvu. Q' WindowName: 'Ookj Asu, Voelrkh A'
ClassName: 'Rxjblk. Yfgsuby Wd' WindowName: 'Ybjtgd. Iyumhk, Wyo'
ClassName: 'Balthnno Aulf. Hg' WindowName: 'Yfwoyxm Oed Kwyf'
ClassName: 'Aflijwu Rkqbehb T' WindowName: 'Nllpgw, Mhbvdbj. Xu'
ClassName: 'Uq' WindowName: 'Gjtldxk. Qhlsu, Qfe, Iapmn Rcfmm'
ClassName: 'Iapmn Rcfmm, Uq' WindowName: 'Gjtldxk. Qhlsu, Qfe'

Tecnologías

Términos

Formación y educación

Mitos

Technical Information