SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Expiro.RC
Expiro.RC is a malicious threat that uses malignant tricks to download malicious malware from the Internet. The Trojan opens up firewalls and collects confidential information such as personal financial information. It also downloads additional components before the hackers get the remote access to the infected PC.

File Related Changes
It drops the following file(s) on the system:
  • "C:\WINDOWS\system32\dllhost.exe"
  • "C:\WINDOWS\system32\dmadmin.exe"
  • "C:\WINDOWS\system32\clipsrv.exe"
  • "C:\WINDOWS\system32\cisvc.exe"

It modifies the following additional file(s) on the system:
  • "C:\WINDOWS\system32\bhqokfnc.tmp"
  • "C:\WINDOWS\system32\hanbcnjg.tmp"
  • "C:\WINDOWS\system32\qppakdhm.tmp"
  • "C:\WINDOWS\system32\ebgcepjd.tmp"

Process Related Changes
It creates the following mutex(es):
  • kkq-vx_mtx1"
  • CTF.TMD.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
  • CTF.TimListCache.FMPDefaultS-1-5-21-1078081533-842925246-854245398-1003MUTEX.DefaultS-1-5-21-1078081533-842925246-854245398-1003"
  • CTF.Compart.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
  • CTF.Layouts.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
  • CTF.Asm.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"
  • CTF.LBES.MutexDefaultS-1-5-21-1078081533-842925246-854245398-1003"

It creates the following process(es):
  • C:\WINDOWS\Temp\b754bf55bbe62848a0159daa436e82e4.exe [ \c:\windows\temp\b754bf55bbe62848a0159daa436e82e4.exe ]


      Relevant Information