SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Fokin.CU
Fokin.CU is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers. Fokin.CU is compressed using the executable packer and its file size is 155,648 bytes. It uses the network connection:
  • Downloads file from http://www.foxking.cn/ao/a806.txt as c:\WINDOWS\systemst.dll.

Fokin.CU drops the following files on the hard drive:

  • e:\Autorun.inf (99 bytes)
  • E:\qxNuj.exe (155648 bytes)
  • C:\WINDOWS\msnlive.dll (1 bytes)
  • C:\WINDOWS\sample.exe (155648 bytes)
It also changes Windows registry:
  • Sets value "NoDriveTypeAutoRun"="\x95" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer".
It creates the following mutex to ensure only one instance is running: sfaee5353g#2007. It also is executed every time Windows starts.


Relevant Information