KoobFace Worm

Propaga-se pelo Facebook.

Cria os seguintes arquivos:

%windir%\bill114.exe
%windir%\bk23567.dat
%windir%\fdgg34353edfgdfdf

Cria as seguintes chaves:

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]

Cria os seguintes valores:

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
“DisableAntiSpyware” = 1

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“sysfbtray”=”c:\windows\bill114.exe”

[HKCU\Software\Microsoft\Internet Explorer\Main]
“tp” = 1000

Modifica os seguintes valores:

[HKCU\Software\Microsoft\Internet Explorer\PhishingFilter]
“ShownServiceDownBalloon”=0

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=0
“EnableLUA”=0

File: setup.exe
Size: 79360
MD5: 548F819DE41E6F3FF69885E383BDD97B
http://www.virustotal.com/file-scan/report.html?id=f2efbbb9830aa981195574f08ba6f244c01a44194d2d002f12b015d6d99ec042-1309146229

File: bill114.exe
Size: 79360
MD5: 548F819DE41E6F3FF69885E383BDD97B
http://www.virustotal.com/file-scan/report.html?id=f2efbbb9830aa981195574f08ba6f244c01a44194d2d002f12b015d6d99ec042-1309146229

Anúncios

Comentários encerrados.

%d blogueiros gostam disto: