SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Sasser.C
Sasser.C is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Sasser.C has a file size of 106,496 bytes. It uses the network connection:
  • Connects to "167.169.238.185" on port 445 (TCP).
  • Connects to "108.135.131.121" on port 445 (TCP).
  • Connects to "82.214.38.222" on port 445 (TCP).
  • Connects to "192.41.56.70" on port 445 (TCP).
  • Connects to "192.32.144.130" on port 445 (TCP).
  • Connects to "2.199.101.32" on port 445 (TCP).
  • Connects to "100.79.242.58" on port 445 (TCP).
  • Connects to "192.62.76.62" on port 445 (TCP).
  • Connects to "192.135.97.4" on port 445 (TCP).
  • Connects to "192.7.197.61" on port 445 (TCP).
  • Connects to "198.232.64.57" on port 445 (TCP).
  • Connects to "192.168.189.114" on port 445 (TCP).
  • Connects to "178.40.32.129" on port 445 (TCP).
  • Connects to "134.229.213.49" on port 445 (TCP).
  • Connects to "192.142.18.244" on port 445 (TCP).
  • Connects to "154.181.217.230" on port 445 (TCP).
  • Connects to "231.64.108.218" on port 445 (TCP).
  • Connects to "192.168.180.149" on port 445 (TCP).
  • Connects to "192.168.150.225" on port 445 (TCP).
  • Connects to "48.234.159.194" on port 445 (TCP).
  • Connects to "192.62.80.216" on port 445 (TCP).
  • Connects to "192.168.65.145" on port 445 (TCP).
  • Connects to "203.55.24.38" on port 445 (TCP).
  • Connects to "56.190.68.33" on port 445 (TCP).
  • Connects to "192.168.124.70" on port 445 (TCP).
  • Connects to "28.128.112.112" on port 445 (TCP).
  • Connects to "192.168.117.248" on port 445 (TCP).
  • Connects to "115.58.251.184" on port 445 (TCP).
  • Connects to "117.170.21.144" on port 445 (TCP).
  • Connects to "192.168.189.122" on port 445 (TCP).
  • Connects to "192.163.2.51" on port 445 (TCP).
  • Connects to "235.103.118.197" on port 445 (TCP).
  • Connects to "192.168.181.2" on port 445 (TCP).
  • Connects to "183.15.163.124" on port 445 (TCP).
  • Connects to "192.168.1.139" on port 445 (TCP).
  • Connects to "192.168.154.11" on port 445 (TCP).
  • Connects to "240.221.103.120" on port 445 (TCP).
  • Connects to "192.23.197.174" on port 445 (TCP).
  • Connects to "25.115.132.45" on port 445 (TCP).
  • Connects to "74.99.245.117" on port 445 (TCP).
  • Connects to "104.4.42.103" on port 445 (TCP).
  • Connects to "140.227.195.46" on port 445 (TCP).
  • Connects to "156.190.110.56" on port 445 (TCP).
  • Connects to "192.23.65.77" on port 445 (TCP).
  • Connects to "41.200.202.171" on port 445 (TCP).
  • Connects to "192.83.117.132" on port 445 (TCP).
  • Connects to "192.48.51.203" on port 445 (TCP).
  • Connects to "192.168.124.3" on port 445 (TCP).
  • Connects to "232.236.4.40" on port 445 (TCP).
  • Connects to "192.168.82.75" on port 445 (TCP).
  • Connects to "192.242.147.64" on port 445 (TCP).
  • Connects to "117.94.66.6" on port 445 (TCP).
  • Connects to "12.125.178.206" on port 445 (TCP).
  • Connects to "192.168.78.202" on port 445 (TCP).
  • Connects to "192.168.181.86" on port 445 (TCP).
  • Connects to "128.60.201.47" on port 445 (TCP).
  • Connects to "180.38.125.32" on port 445 (TCP).
  • Connects to "10.105.167.122" on port 445 (TCP).
  • Connects to "192.135.50.202" on port 445 (TCP).
  • Connects to "156.172.126.56" on port 445 (TCP).
  • Connects to "192.168.153.56" on port 445 (TCP).
  • Connects to "196.55.132.66" on port 445 (TCP).
  • Connects to "192.40.58.125" on port 445 (TCP).
  • Connects to "214.114.28.17" on port 445 (TCP).
  • Connects to "192.168.58.213" on port 445 (TCP).
  • Connects to "84.114.177.26" on port 445 (TCP).
  • Connects to "192.170.228.48" on port 445 (TCP).
  • Connects to "43.93.60.156" on port 445 (TCP).
  • Connects to "95.83.76.177" on port 445 (TCP).
  • Connects to "226.14.229.22" on port 445 (TCP).
  • Connects to "80.154.77.58" on port 445 (TCP).
  • Connects to "192.168.232.88" on port 445 (TCP).
  • Connects to "192.168.124.53" on port 445 (TCP).
  • Connects to "192.34.22.141" on port 445 (TCP).
  • Connects to "144.86.146.190" on port 445 (TCP).
  • Connects to "181.78.163.158" on port 445 (TCP).
  • Connects to "192.114.238.244" on port 445 (TCP).
  • Connects to "192.16.252.165" on port 445 (TCP).
  • Connects to "192.131.183.74" on port 445 (TCP).
  • Connects to "107.198.202.241" on port 445 (TCP).
  • Connects to "41.58.121.213" on port 445 (TCP).
  • Connects to "232.135.198.54" on port 445 (TCP).
  • Connects to "88.163.19.227" on port 445 (TCP).
  • Connects to "192.161.84.20" on port 445 (TCP).
  • Connects to "192.168.92.124" on port 445 (TCP).
  • Connects to "192.168.18.2" on port 445 (TCP).

Sasser.C drops the following files on the hard drive:

  • C:\WINDOWS\avserve2.exe (106496 bytes)
It also changes Windows registry:
  • Creates value "avserve2.exe"="C:\WINDOWS\avserve2.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: Jobaka3. JumpallsNlsTillt. It also has possible backdoor functionality [unknown] port 5554, is executed every time Windows starts.


Relevant Information