SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Rbot.DYL_2
Rbot.DYL_2 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers. Rbot.DYL_2 is compressed using the executable packer and its file size is 811,008 bytes. It also changes Windows registry:
  • Creates key "HKLM\Software\Licenses".
  • Sets value "{K7C0DB872A3F777C0}"="v\\xf0\x15\x89\x12\x1er\x8e\x090N6\xf1\xdf<7\xe0\xb6\xe6A \x82\xff\xff\xff\xff\xff\xff\xff\xff\xcb\x87\xdfE\x870\x0c\xc3\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" in key "HKLM\Software\Licenses".
  • Creates key "HKCR\CLSID\{703F0E50-4994-EF9E-E8A9-D29A875F15BA}".
  • Sets value "{IC6E3D0636B8B23B2}"="\x01" in key "HKLM\Software\Licenses".
  • Sets value "{0C6E3D0636B8B23B2}"="V>\xa8\x0e\x0b\xa2\xa7\xa6A\x06S\x98\xb2\xa1D\xa3R
  • \x92f\xbc\xb6\x01\xab\x99\xe8\x09\x9b\x1f\xb1R=~\xe3\x0b=\xce\xd0\xc6a}\xbb\x8cC\xfa\xff\xfca\xed\xec6WM\x9d(\xbe\xca/\xe0c\x0849\x03\x9d\x842y6\xb9\xd3-\x93\x10\x1f\xac~]o\x8b\x1f
It creates the following mutex to ensure only one instance is running: 10A::DAAF5CC75B. DILLOCREATE. DILLOOEP. RAL3BBE6CE7. 3BBE6CE7::WK. It also contains anti-debugging code.


Relevant Information