SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Sabsik.FL_60
Sabsik.FL_60 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive

Mutexes created
  • Nothing to report


Directory level activity
    • Nothing to report


    File level activity
    • write - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\jnduf.bat
    • write - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\jnduf~.tmp
    • delete - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\Start.bat
    • delete - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\6e1b9c5bdd8b92f9c801c4f6cc62a632.bin
    • delete - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\jnduf~.tmp
    • delete - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\jnduf.bat


    Registry level activity
    • write - registry - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\AssociationsModRiskFileTypes


    Library level activity
    • load - library - KERNEL32
    • load - library - kernel32.dll
    • load - library - Ntdll.dll
    • load - library - C:\gxrhj\dll\jCUQWZ.dll
    • load - library - KERNEL32.DLL
    • load - library - ADVAPI32.dll
    • load - library - advapi32
    • load - library - mscoree.dll
    • load - library - gpupdate
    • load - library - mscoree.dll


    Process API calls used
    • NtFreeVirtualMemory
    • CreateProcessInternalW
    • WriteProcessMemory
    • ExitProcess


    Registry API calls used
      • Nothing to report


      System API calls used
      • LdrGetDllHandle
      • LdrGetProcedureAddress
      • LdrLoadDll
      • LdrGetProcedureAddress


      Filesystem API calls used
      • CopyFileA
      • NtOpenFile
      • NtQueryInformationFile
      • NtCreateFile
      • NtWriteFile
      • NtSetInformationFile
      • NtWriteFile

      Network

      UDP source >> destination
      • 192.168.30.254 >> 192.168.30.6
      • 192.168.30.6 >> 192.168.30.255


      TCP source >> destination



        Domains:
        • NA

        DNS Request:
        • NA

        HTTP Request:
        • NA

        DLL related data
        Number of DLL's imported = 0
        • Nothing to report


        Relevant Information