SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Kryptik.FPVQ
Kryptik.FPVQ is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.

      Process Related Changes
      It creates the following mutex(es):
      • MSCTF.Shared.MUTEX.ENH"
      • HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_English_Mutex"
      • ZonesLockedCacheCounterMutex"
      • {972ED012-BC2D-4FA2-A356-BBBFFF89BDF8}"
      • HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserLexicon_Mutex"
      • CTF.Compart.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Chinese_Mutex"
      • HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Lts_Mutex"
      • !PrivacIE!SharedMemory!Mutex"
      • CTF.Asm.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • CTF.LBES.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • ZonesCacheCounterMutex"
      • MSCTF.Shared.MUTEX.IPG"
      • ZonesCounterMutex"
      • shell.{C75D3BA1-CB1F-89CE-6552-0E9EE158DE47}"
      • HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Japanese_Mutex"
      • CTF.TMD.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Lts_PhoneConverter_Mutex"
      • HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Mutex"
      • MSCTF.Shared.MUTEX.EBH"
      • 30F1B4D6-EEDA-11d2-9C23-00C04F8EF87C"
      • HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_AudioOutput_TokenEnums_MMAudioOut_Mutex"
      • CTF.TimListCache.FMPDefaultS-1-5-21-1078081533-842925246-854245398-1003MUTEX.DefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • ZoneAttributeCacheCounterMutex"
      • SHIMLIB_LOG_MUTEX"
      • CTF.Layouts.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
      • {90A2AB32-806C-475B-B95E-9623E6BCA674}"
      • HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Lex_Mutex"
      • MSCTF.Shared.MUTEX.ELH"

      It creates the following process(es):
      • C:\WINDOWS\Temp\ab86e6279a18bdfb77c6cce64c925abc.exe [ \c:\windows\temp\ab86e6279a18bdfb77c6cce64c925abc.exe ]
      • C:\WINDOWS\system32\rundll32.exe [ \rundll32.exe C:\WINDOWS\system32\shimgvw.dllImageView_Fullscreen c:\documents and settings\admin\desktop\_READ_THIS_FILE_0KT6_.jpeg ]
      • C:\WINDOWS\system32\ping.exe [ ping -n 1 127.0.0.1 ]
      • C:\WINDOWS\system32\mshta.exe
      • C:\WINDOWS\system32\cmd.exe
      • C:\WINDOWS\system32\taskkill.exe [ taskkill /f /im \ab86e6279a18bdfb77c6cce64c925abc.exe ]


          Relevant Information


          © SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0