SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Dropper.A_10660
Dropper.A_10660 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.

Mutexes created
  • SamaelLovesMe


Directory level activity
  • create - dir - C:\.Trash-100
  • create - dir - C:\.Trash-100\db\
  • create - dir - C:\.Trash-100\db\


File level activity
  • delete - file - version
  • write - file - C:\.Trash-100\db\version
  • delete - file - framework_exe
  • write - file - C:\.Trash-100\db\framework_exe
  • write - file - C:\.Trash-100\ActivateDesktop.exe
  • delete - file - C:\.Trash-100\registry_tool.exe


Registry level activity
    • Nothing to report


    Library level activity
    • load - library - kernel32.dll
    • load - library - kernel32.dll


    Process API calls used
    • NtCreateSection
    • ZwMapViewOfSection
    • NtFreeVirtualMemory
    • CreateProcessInternalW
    • ExitProcess


    Registry API calls used
      • Nothing to report


      System API calls used
      • LdrGetDllHandle
      • LdrGetProcedureAddress
      • LdrGetProcedureAddress


      Filesystem API calls used
      • NtWriteFile
      • NtCreateFile
      • CreateDirectoryW
      • NtOpenFile
      • NtSetInformationFile
      • DeleteFileA
      • NtQueryInformationFile
      • NtReadFile
      • NtCreateFile

      Network

      UDP source >> destination
      • 192.168.30.5 >> 8.8.8.8


      TCP source >> destination
      • 192.168.30.5 >> 87.240.129.179



      Domains:
      • s1039196-29777.pa.infobox.ru with IP -
      • api.vk.com with IP - 87.240.129.177

      DNS Request:
      • s1039196-29777.pa.infobox.ru
      • api.vk.com

      HTTP Request:
      • GET URI - http://api.vk.com/method/wall.get.xml
      • GET URI - http://api.vk.com/method/wall.get.xml
      • GET URI - http://api.vk.com/method/wall.get.xml
      • GET URI - http://api.vk.com/method/wall.get.xml
      • GET URI - http://api.vk.com/method/wall.get.xml

      DLL related data
      Number of DLL's imported = 5
      • KERNEL32.dll
      • USER32.dll
      • ole32.dll
      • OLEAUT32.dll
      • WS2_32.dll


      Relevant Information