SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  GenDownloader.AMM_4
GenDownloader.AMM_4 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.

Mutexes created
  • Nothing to report


Directory level activity
  • create - dir - C:\WINDOWS\Temp


File level activity
  • write - file - C:\WINDOWS\Temp\Star Wars Episode 2 - Attack Of The Clones Full Downloader.exe
  • write - file - C:\WINDOWS\Temp\Jenna Jameson - Built For Speed Downloader.exe
  • write - file - C:\WINDOWS\Temp\[DiVX] Lord of The Rings Full Downloader.exe
  • write - file - C:\WINDOWS\Temp\[DiVX] Harry Potter And The Sorcerors Stone Full Downloader.exe
  • write - file - C:\WINDOWS\Temp\CKY3 - Bam Margera World Industries Alien Workshop Full Downloader.exe
  • write - file - C:\WINDOWS\Temp\Cat Attacks Child Full Downloader.exe
  • write - file - C:\WINDOWS\Temp\PS1 Boot Disc Full Dwonloader.exe
  • write - file - C:\WINDOWS\Temp\Sony Play station boot disc - Downloader.exe
  • write - file - C:\WINDOWS\Temp\How To Hack Websites.exe
  • write - file - C:\WINDOWS\Temp\AIM Account Stealer Downloader.exe
  • write - file - C:\WINDOWS\Temp\MSN Password Hacker and Stealer.exe
  • write - file - C:\WINDOWS\Temp\Hacking Tool Collection.exe
  • write - file - C:\WINDOWS\Temp\Windows XP Full Downloader.exe
  • write - file - C:\WINDOWS\Temp\Macromedia Flash 5.0 Full Downloader.exe
  • write - file - C:\WINDOWS\Temp\DSL Modem Uncapper.exe
  • write - file - C:\WINDOWS\Temp\Internet and Computer Speed Booster.exe
  • write - file - C:\WINDOWS\Temp\ZoneAlarm Firewall Full Downloader.exe
  • write - file - C:\WINDOWS\Temp\Borland Delphi 6 Key Generator.exe
  • write - file - C:\WINDOWS\Temp\ScaryMovie 2 Full Downloader.exe
  • write - file - C:\WINDOWS\Temp\StarWars2 - CloneAttack - FullDownloader.exe
  • write - file - C:\WINDOWS\Temp\Spiderman FullDownloader.exe
  • write - file - C:\WINDOWS\Temp\Shakira FullDownloader.exe
  • write - file - C:\WINDOWS\Temp\Gladiator FullDownloader.exe
  • write - file - C:\WINDOWS\Temp\AikaQuest3Hentai FullDownloader.exe
  • write - file - C:\WINDOWS\Temp\MoviezChannelsInstaler.exe
  • write - file - C:\WINDOWS\Temp\Zidane-ScreenInstaler.exe
  • write - file - C:\WINDOWS\Temp\LordOfTheRings-FullDownloader.exe
  • write - file - C:\WINDOWS\Temp\SIMS FullDownloader.exe
  • write - file - C:\WINDOWS\Temp\Britney spears nude.exe
  • write - file - C:\WINDOWS\Temp\Quake 4 BETA.exe
  • write - file - C:\WINDOWS\Temp\Windows XP key generator.exe
  • write - file - C:\WINDOWS\Temp\Windows XP serial generator.exe
  • write - file - C:\WINDOWS\Temp\Xbox.info.exe
  • write - file - C:\WINDOWS\Temp\DivX.exe
  • write - file - C:\WINDOWS\Temp\GTA3 crack.exe
  • write - file - C:\WINDOWS\Temp\Battle.net key generator (WORKS!!).exe
  • write - file - C:\WINDOWS\Temp\Warcraft 3 battle.net serial generator.exe
  • write - file - C:\WINDOWS\Temp\Half-life WON key generator.exe
  • write - file - C:\WINDOWS\Temp\Star wars episode 2 downloader.exe
  • write - file - C:\WINDOWS\Temp\Winzip 8.0 serial.exe
  • write - file - C:\WINDOWS\Temp\Winrar crack.exe
  • write - file - C:\WINDOWS\Temp\Key generator for all windows XP versions.exe
  • write - file - C:\WINDOWS\Temp\Warcraft 3 ONLINE key generator.exe
  • write - file - C:\WINDOWS\Temp\Half-life ONLINE key generator.exe
  • write - file - C:\WINDOWS\Temp\Grand theft auto 3 CD1 crack.exe
  • write - file - C:\WINDOWS\Temp\Macromedia key generator (all products).exe
  • write - file - C:\WINDOWS\Temp\KaZaA media desktop v2.0 UNOFFICIAL.exe
  • write - file - C:\WINDOWS\Temp\Microsoft key generator, works for ALL microsoft products!!.exe
  • write - file - C:\WINDOWS\Temp\Microsoft Windows XP crack pack.exe
  • write - file - C:\WINDOWS\Temp\Hack into any computer!!.exe


Registry level activity
    • Nothing to report


    Library level activity
    • load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\7e2447113d31cd41f5ffbf8cccb5f4ca.ENU
    • load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\7e2447113d31cd41f5ffbf8cccb5f4ca.EN
    • load - library - kernel32.dll


    Process API calls used
    • ExitProcess


    Registry API calls used
    • RegOpenKeyExA
    • RegCreateKeyExA
    • RegCloseKey
    • RegOpenKeyExA


    System API calls used
    • LdrGetDllHandle
    • LdrGetProcedureAddress


    Filesystem API calls used
    • CreateDirectoryW
    • CopyFileA
    • FindFirstFileExW
    • NtCreateFile
    • NtQueryInformationFile
    • NtSetInformationFile
    • NtWriteFile
    • CopyFileA

    Network

    UDP source >> destination
    • 192.168.30.2 >> 192.168.30.255
    • 192.168.30.254 >> 192.168.30.2


    TCP source >> destination
    • 192.168.30.2 >> 192.168.30.254



    Domains:
    • NA

    DNS Request:
    • NA

    HTTP Request:
    • NA

    DLL related data
    Number of DLL's imported = 10
    • KERNEL32.DLL
    • KERNEL32.DLL
    • KERNEL32.DLL
    • KERNEL32.DLL
    • advapi32.dll
    • advapi32.dll
    • oleaut32.dll
    • oleaut32.dll
    • user32.dll
    • user32.dll


    Relevant Information