HPsus/Botta-A

Catégorie: Comportements et fichiers suspects
Type: Suspicious behavior

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Summary

Files detected as HPsus/Botta-A exhibit suspicious behavior.

Detailed analysis

Example behaviors of HPsus/Botta-A follow:

Example 1

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\sysdiag64.exe
  • F:/cold/hott/sysdiag64.exe
Dropped Files
  • F:/cold/hott/Desktop.ini
  • F:/auTORUN.inf
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    MicrosoftCorp
    C:\Windows\sysdiag64.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\sample.exe
    c:\sample.exe:*:Enabled:Windows Messanger
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    sysdiag64.exe
    C:\Windows\sysdiag64.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MicrosoftNAPC
    C:\Windows\sysdiag64.exe
Processes Created
  • c:\windows\sysdiag64.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • justcallmescope.info

Example 2

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\dhvp.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows System Info Serivce
    dhvp.exe
Processes Created
  • c:\windows\dhvp.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
DNS Requests
  • gangbang.mytijn.org

download Essayez les produits Sophos gratuitement
Téléchargez maintenant