SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Ultrareach.A
Ultrareach.A is a Hacktool. Hacktool describes tools that are used by a hacker (or unauthorized user) to attack, gain unwelcome access to or perform identification of your computer. Hack tools also generally attempt to gain information on or access hosts or bypass obvious security mechanisms inherent to the system it is installed on

      Process Related Changes
      It creates the following mutex(es):
      • ZonesLockedCacheCounterMutex"
      • c:!documents and settings!admin!privacie!"
      • CTF.Asm.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • CTF.Compart.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • CTF.Layouts.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • ConnHashTable<1468>_HashTable_Mutex"
      • SmartScreen_ClientId_Mutex"
      • MSCTF.Shared.MUTEX.AEG"
      • CTF.LBES.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • c:!documents and settings!admin!cookies!"
      • c:!documents and settings!admin!local settings!history!history.ie5!mshist012014030320140304!"
      • !BrowserEmulation!SharedMemory!Mutex"
      • c:!documents and settings!admin!local settings!history!history.ie5!"
      • MSIMGSIZECacheMutex"
      • MSCTF.Shared.MUTEX.EEH"
      • WininetConnectionMutex"
      • !IECompat!Mutex"
      • c:!documents and settings!admin!local settings!temporary internet files!content.ie5!"
      • DBWinMutex"
      • CTF.TMD.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • ZonesCounterMutex"
      • c:!documents and settings!admin!ietldcache!"
      • MSCTF.Shared.MUTEX.MK"
      • MSCTF.Shared.MUTEX.MAG"
      • _!SHMSFTHISTORY!_"
      • CTF.TimListCache.FMPDefaultS-1-5-21-1078081533-842925246-854245398-1003MUTEX.DefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • c:!documents and settings!admin!local settings!application data!microsoft!feeds cache!"
      • ZoneAttributeCacheCounterMutex"
      • ZonesCacheCounterMutex"
      • !PrivacIE!SharedMemory!Mutex"
      • c:!documents and settings!admin!iecompatcache!"
      • SmartScreen_UrsCacheMutex_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-1-5-21-1078081533-842925246-854245398-1003"

      It creates the following process(es):
      • C:\WINDOWS\Temp\5df5990318894933cf68678f1e028f80.exe [ \c:\windows\temp\5df5990318894933cf68678f1e028f80.exe ]

        Network Activity
        It attempts to connect to the following remote servers:
        • 127.xxxxxx:1033
        • 127.xxxxxx:5152


        Relevant Information