SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  FakeAlert.DR_3
FakeAlert.DR_3 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.

Mutexes created
  • AD032


Directory level activity
    • Nothing to report


    File level activity
    • write - file - C:\WINDOWS\MSBLT.EXE
    • write - file - C:\WINDOWS\system32\CSRLT.EXE
    • write - file - C:\WINDOWS\MSBLT.EXE


    Registry level activity
    • write - registry - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunCSRLT.EXE
    • write - registry - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceMSBLT.EXE


    Library level activity
    • load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\92412484bc806819bebd3f03bbe45478.ENU
    • load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\92412484bc806819bebd3f03bbe45478.EN
    • load - library - kernel32.dll
    • load - library - oleaut32.dll
    • load - library - USER32.DLL
    • load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\92412484bc806819bebd3f03bbe45478.bin
    • load - library - USER32
    • load - library - comctl32.dll
    • load - library - User32.dll
    • load - library - shell32.dll
    • load - library - ole32.dll
    • load - library - olepro32.dll
    • load - library - C:\WINDOWS\system32\rpcss.dll
    • load - library - uxtheme.dll
    • load - library - comctl32.dll


    Process API calls used
    • NtFreeVirtualMemory
    • NtFreeVirtualMemory


    Registry API calls used
    • RegOpenKeyExA
    • RegQueryValueExA
    • RegCloseKey
    • RegCreateKeyExA
    • RegSetValueExA
    • RegCloseKey


    System API calls used
    • LdrGetDllHandle
    • LdrGetProcedureAddress
    • LdrLoadDll
    • NtDelayExecution
    • NtDelayExecution


    Filesystem API calls used
    • NtCreateFile
    • NtQueryInformationFile
    • NtSetInformationFile
    • NtReadFile
    • NtWriteFile
    • NtWriteFile

    Network

    Domains:
  • NA

    • DNS Request:
  • NA

    • HTTP Request:
  • NA

    • DLL related data
    Number of DLL's imported = 21
    • oleaut32.dll
    • advapi32.dll
    • user32.dll
    • kernel32.dll
    • kernel32.dll
    • user32.dll
    • gdi32.dll
    • version.dll
    • kernel32.dll
    • advapi32.dll
    • oleaut32.dll
    • ole32.dll
    • kernel32.dll
    • ole32.dll
    • oleaut32.dll
    • comctl32.dll
    • URLMON.DLL
    • wininet.dll
    • shell32.dll
    • shell32.dll
    • shell32.dll

    Relevant Information


    © SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0