Analisado por: Adrian Cofreros   

 Plataforma:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 Classificao do risco total:
 Potencial de dano:
 Potencial de distribuição:
 infecção relatada:
 Exposição das informações:
Baixo
Medium
Alto
Crítico

  • Tipo de grayware:
    Backdoor

  • Destrutivo:
    Não

  • Criptografado:
     

  • In the Wild:
    Sim

  Visão geral

Wird ausgeführt und löscht sich dann selbst.

  Detalhes técnicos

Tipo de compactação: 208,896 bytes
Tipo de arquivo: EXE
Data de recebimento das amostras iniciais: 23 fevereiro 2013

Installation

Schleust die folgenden Dateien ein:

  • %AppDataLocal%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}\GoogleUpdate.exe
  • %AppDataLocal%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}\@
  • %Program Files%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}\GoogleUpdate.exe
  • %Program Files%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}\@

(Hinweis: %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)

Erstellt die folgenden Ordner:

  • %AppDataLocal%\Google\Desktop
  • %AppDataLocal%\Google\Desktop\Install
  • %AppDataLocal%\Google\Desktop\Install\{GUID}
  • %AppDataLocal%\Google\Desktop\Install\{GUID}\{incomprehensible path}
  • %AppDataLocal%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}
  • %AppDataLocal%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}\U
  • %AppDataLocal%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}\L
  • %Program Files%\Google\Desktop
  • %Program Files%\Google\Desktop\Install
  • %Program Files%\Google\Desktop\Install\{GUID}
  • %Program Files%\Google\Desktop\Install\{GUID}\{incomprehensible path}
  • %Program Files%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}
  • %Program Files%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}\U
  • %Program Files%\Google\Desktop\Install\{GUID}\{incomprehensible path}\{GUID}\L

(Hinweis: %Program Files%ist der Standardordner 'Programme', normalerweise C:\Programme.)

Wird ausgeführt und löscht sich dann selbst.

Andere Systemänderungen

Fügt die folgenden Registrierungsschlüssel hinzu:

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug\Parameters

Fügt die folgenden Registrierungseinträge hinzu:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Google Update = "%AppDataLocal%\Google\Desktop\Install\{GUID}\{incomprehensible path 1}\{GUID}\GoogleUpdate.exe<"

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug
Description = "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug
DisplayName = "Google Update Service (gupdate)"

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug
ErrorControl = "0"

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug
ImagePath = ""%Program Files%\Google\Desktop\Install\{GUID}\{incomprehensible path 1}\{GUID}\GoogleUpdate.exe" <"

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug
ObjectName = "LocalSystem"

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug
Start = "2"

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug
Type = "16"

HKEY_LOCAL_MACHINE\SYSTEM\{CurrentControlSet}\
Services\{box character}etadpug\Parameters
Parameters = "176"