SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Dropper.A_11303
Dropper.A_11303 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.

Mutexes created
  • Nothing to report


Directory level activity
  • create - dir - C:\905c0769f9a06c95a24ddf945\


File level activity
  • delete - file - C:\Documents and Settings\TestMachine\Local Settings\Temp\8f224942d4af9d5414eda7db86e5fb73.exe
  • delete - file - C:\Documents and Settings\TestMachine\Local Settings\Temporary Internet Files\Content.IE5\1ORGYTCZ\Firefox%20Setup%2017.0[1].exe
  • delete - file - C:\Documents and Settings\TestMachine\My Documents\Downloads\ProcessExplorer\procexp.exe


Registry level activity
  • write - registry - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWinFirewall


Library level activity
  • load - library - C:\WINDOWS\system32\rpcss.dll
  • load - library - C:\WINDOWS\system32\uxtheme.dll
  • load - library - uxtheme.dll
  • load - library - OLEAUT32.DLL
  • load - library - oleaut32.dll
  • load - library - ole32.dll
  • load - library - SXS.DLL
  • load - library - USER32
  • load - library - C:\WINDOWS\system32\vb6chs.dll
  • load - library - CLBCATQ.DLL
  • load - library - KERNEL32.DLL
  • load - library - C:\WINDOWS\system32\wshom.ocx
  • load - library - C:\WINDOWS\system32\scrrun.dll


Process API calls used
  • ZwMapViewOfSection
  • VirtualProtectEx
  • NtCreateSection
  • NtFreeVirtualMemory
  • ZwMapViewOfSection


Registry API calls used
  • NtOpenKey
  • NtQueryValueKey
  • RegOpenKeyExA
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegCloseKey
  • RegCreateKeyExA
  • RegSetValueExA
  • RegCloseKey


System API calls used
  • LdrGetDllHandle
  • LdrLoadDll
  • IsDebuggerPresent
  • LdrGetProcedureAddress
  • SetWindowsHookExA
  • NtDelayExecution
  • NtDelayExecution


Filesystem API calls used
  • NtCreateFile
  • NtQueryInformationFile
  • NtSetInformationFile
  • FindFirstFileExW
  • CreateDirectoryW
  • NtReadFile
  • NtQueryDirectoryFile
  • NtOpenFile
  • DeleteFileA
  • NtReadFile

Network

UDP source >> destination
  • 192.168.30.2 >> 192.168.30.255
  • 192.168.30.254 >> 192.168.30.2


TCP source >> destination
  • 192.168.30.2 >> 192.168.30.254



Domains:
  • NA

DNS Request:
  • NA

HTTP Request:
  • NA

DLL related data
Number of DLL's imported = 1
  • MSVBVM60.DLL

Relevant Information


© SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0