Trojan.Win64.VICERCON.F

Data de publicação: 25 março 2025

Analisado por: John Rainier Navato

Trojan.Win64.Miner.ajht (KASPERSKY)

Plataforma:

Windows

Classificao do risco total:

Potencial de dano:

Potencial de distribuição:

infecção relatada:

Exposição das informações:

Baixo

Medium

Alto

Crítico

Tipo de grayware:
Trojan
Destrutivo:
Não
Criptografado:
Não
In the Wild:
Sim

Visão geral

Canal de infecção: Aus dem Internet heruntergeladen, Fallen gelassen von anderer Malware

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Detalhes técnicos

Tipo de compactação: 487,424 bytes

Tipo de arquivo: EXE

Residente na memória: Não

Data de recebimento das amostras iniciais: 05 dezembro 2020

Carga útil: Drops files, Connects to URLs/IPs

Übertragungsdetails

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

Erstellt die folgenden Ordner:

%Windows%\Fonts\clientdb\
%Windows%\Fonts\clientdb\ds
%Windows%\Fonts\clientdb\gt
%Windows%\Fonts\Msbuild

(Hinweis: %Windows% ist der Windows Ordner, normalerweise C:\Windows oder C:\WINNT.)

Andere Systemänderungen

Fügt die folgenden Registrierungseinträge hinzu:

HKEY_CLASSES_ROOT\SHTinfo
comment = {Hex Values}

HKEY_CURRENT_ROOT\SHTinfo
intranet = {Hex Values}

HKEY_CURRENT_ROOT\SHTinfo
notice = {Hex Values}

HKEY_CURRENT_ROOT\SHTinfo
peer = {Hex Values}

HKEY_CURRENT_ROOT\SHTinfo
tunnel = {Malware Defined Values}

HKEY_CURRENT_ROOT\SHTinfo
sha1 = {Malware Defined Values}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SHTinfo
comment = {Hex Values}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SHTinfo
intranet = {Hex Values}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SHTinfo
notice = {Hex Values}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SHTinfo
peer = {Hex Values}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SHTinfo
tunnel = {Malware Defined Values}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SHTinfo
sha1 = {Malware Defined Values}

Datendiebstahl

Folgende Daten werden gesammelt:

Computer Name
Username
CPU Information
Memory Information:
- Total physical memory
- Available physical memory
- Total virtual memory
- Available virtual memory
- Total page file size
- Available page file size
Local Time

Andere Details

Fügt die folgenden Registrierungsschlüssel hinzu:

HKEY_CLASSES_ROOT\SHTinfo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SHTinfo

Es macht Folgendes:

It uses the following uncommon ports:
- 27930
It sends UDP packets to any of the following IP addresses within the network range:
- {BLOCKED}.{BLOCKED}.248.1 up to {BLOCKED}.{BLOCKED}.248.255
- {BLOCKED}.{BLOCKED}.39.1 up to {BLOCKED}.{BLOCKED}.39.255
- {BLOCKED}.{BLOCKED}.246.1 up to {BLOCKED}.{BLOCKED}.246.255
- {BLOCKED}.{BLOCKED}.4.1 up to (BLOCKED}.{BLOCKED}.4.255
- {BLOCKED}.{BLOCKED}.37.1 up to {BLOCKED}.{BLOCKED}.37.255
- {BLOCKED}.{BLOCKED}.202.1 up to {BLOCKED}.{BLOCKED}.202.255
- {BLOCKED}.{BLOCKED}.93.1 up to {BLOCKED}.{BLOCKED}.93.255
- {BLOCKED}.{BLOCKED}.186.1 up to {BLOCKED}.{BLOCKED}.{BLOCKED}.255
- {BLOCKED}.{BLOCKED}.81.1 up to {BLOCKED}.{BLOCKED}.81.255
- {BLOCKED}.{BLOCKED}.21.1 up to {BLOCKED}.{BLOCKED}.21.255
- {BLOCKED}.{BLOCKED}.39.1 up to {BLOCKED}.{BLOCKED}.39.255
- {BLOCKED}.{BLOCKED}.73.1 up to {BLOCKED}.{BLOCKED}.73.255
- {BLOCKED}.{BLOCKED}.109.1 up to {BLOCKED}.{BLOCKED}.109.255
- {BLOCKED}.{BLOCKED}.30.1 up to {BLOCKED}.{BLOCKED}.30.255
- {BLOCKED}.{BLOCKED}.201.1 up to {BLOCKED}.{BLOCKED}.201.255
- {BLOCKED}.{BLOCKED}.6.1 up to {BLOCKED}.{BLOCKED}.6.255
- {BLOCKED}.{BLOCKED}.27.1 up to {BLOCKED}.{BLOCKED}.27.255
- {BLOCKED}.{BLOCKED}.198.1 up to {BLOCKED}.{BLOCKED}.198.255
- {BLOCKED}.{BLOCKED}.137.1 up to {BLOCKED}.{BLOCKED}.137.255
- {BLOCKED}.{BLOCKED}.139.1 up to {BLOCKED}.{BLOCKED}.139.255
- {BLOCKED}.{BLOCKED}.184.1 up to {BLOCKED}.{BLOCKED}.184.255
- {BLOCKED}.{BLOCKED}.203.1 up to {BLOCKED}.{BLOCKED}.203.255
- {BLOCKED}.{BLOCKED}.17.1 up to {BLOCKED}.{BLOCKED}.17.255
- {BLOCKED}.{BLOCKED}.128.1 up to {BLOCKED}.{BLOCKED}.128.255
- {BLOCKED}.{BLOCKED}.100.1 up to {BLOCKED}.{BLOCKED}.100.255
- {BLOCKED}.{BLOCKED}.231.1 up to {BLOCKED}.{BLOCKED}.231.255
- {BLOCKED}.{BLOCKED}.51.1 up to {BLOCKED}.{BLOCKED}.51.255
- {BLOCKED}.{BLOCKED}.15.1 up to {BLOCKED}.{BLOCKED}.15.255
- {BLOCKED}.{BLOCKED}.166.1 up to {BLOCKED}.{BLOCKED}.166.255
- {BLOCKED}.{BLOCKED}.1.1 up to {BLOCKED}.{BLOCKED}.1.255
- {BLOCKED}.{BLOCKED}.145.1 up to {BLOCKED}.{BLOCKED}.145.255
- {BLOCKED}.{BLOCKED}.33.1 up to {BLOCKED}.{BLOCKED}.33.255
- {BLOCKED}.{BLOCKED}.83.1 up to {BLOCKED}.{BLOCKED}.83.255
- {BLOCKED}.{BLOCKED}.123.1 up to {BLOCKED}.{BLOCKED}.123.255
- {BLOCKED}.{BLOCKED}.58.1 up to {BLOCKED}.{BLOCKED}.58.255
- {BLOCKED}.{BLOCKED}.6.1 up to {BLOCKED}.{BLOCKED}.6.255
- {BLOCKED}.{BLOCKED}.213.1 up to {BLOCKED}.{BLOCKED}.213.255
- {BLOCKED}.{BLOCKED}.33.1 up to {BLOCKED}.{BLOCKED}.33.255
- {BLOCKED}.{BLOCKED}.168.1 up to {BLOCKED}.{BLOCKED}.168.255
- {BLOCKED}.{BLOCKED}.189.1 up to {BLOCKED}.{BLOCKED}.189.255
- {BLOCKED}.{BLOCKED}.189.1 up to {BLOCKED}.{BLOCKED}.189.255
- {BLOCKED}.{BLOCKED}.125.1 up to {BLOCKED}.{BLOCKED}.125.255
- {BLOCKED}.{BLOCKED}.121.1 up to {BLOCKED}.{BLOCKED}.121.255
- {BLOCKED}.{BLOCKED}.131.1 up to {BLOCKED}.{BLOCKED}.131.255
- {BLOCKED}.{BLOCKED}.194.1 up to {BLOCKED}.{BLOCKED}.194.255
- {BLOCKED}.{BLOCKED}.93.1 up to {BLOCKED}.{BLOCKED}.93.255
- {BLOCKED}.{BLOCKED}.112.1 up to {BLOCKED}.{BLOCKED}.112.255
- {BLOCKED}.{BLOCKED}.218.1 up to {BLOCKED}.{BLOCKED}.218.255
- {BLOCKED}.{BLOCKED}.152.1 up to {BLOCKED}.{BLOCKED}.152.255
- {BLOCKED}.{BLOCKED}.128.1 up to {BLOCKED}.{BLOCKED}.128.255
- {BLOCKED}.{BLOCKED}.235.1 up to {BLOCKED}.{BLOCKED}.235.255
- {BLOCKED}.{BLOCKED}.12.1 up to {BLOCKED}.{BLOCKED}.12.255
- {BLOCKED}.{BLOCKED}.0.1 up to {BLOCKED}.{BLOCKED}.0.255
- {BLOCKED}.{BLOCKED}.31.1 up to {BLOCKED}.{BLOCKED}.31.255
- {BLOCKED}.{BLOCKED}.56.1 up to {BLOCKED}.{BLOCKED}.56.255
- {BLOCKED}.{BLOCKED}.127.1 up to {BLOCKED}.{BLOCKED}.127.255
- {BLOCKED}.{BLOCKED}.34.1 up to {BLOCKED}.{BLOCKED}.34.255
- {BLOCKED}.{BLOCKED}.16.1 up to {BLOCKED}.{BLOCKED}.16.255
- {BLOCKED}.{BLOCKED}.168.1 up to {BLOCKED}.{BLOCKED}.168.255
- {BLOCKED}.{BLOCKED}.80.0 up to {BLOCKED}.{BLOCKED}.97.255
- {BLOCKED}.{BLOCKED}.5.0 up to {BLOCKED}.{BLOCKED}.15.255
- {BLOCKED}.{BLOCKED}.190.0 up to {BLOCKED}.{BLOCKED}.255.255
- {BLOCKED}.{BLOCKED}.25.0 up to {BLOCKED}.{BLOCKED}.50.255
- {BLOCKED}.{BLOCKED}.1.0 up to {BLOCKED}.{BLOCKED}.25.255
- {BLOCKED}.{BLOCKED}.210.0 up to {BLOCKED}.{BLOCKED}.250.255
- {BLOCKED}.{BLOCKED}.1.0 up to {BLOCKED}.{BLOCKED}.26.255
- {BLOCKED}.{BLOCKED}.252.0 up to {BLOCKED}.{BLOCKED}.255.255
- {BLOCKED}.{BLOCKED}.140.0 up to {BLOCKED}.{BLOCKED}.165.255
- {BLOCKED}.{BLOCKED}.60.0 up to {BLOCKED}.{BLOCKED}.90.255
- {BLOCKED}.{BLOCKED}.90.0 up to {BLOCKED}.{BLOCKED}.115.255
- {BLOCKED}.{BLOCKED}.85.0 up to {BLOCKED}.{BLOCKED}.120.255
- {BLOCKED}.{BLOCKED}.60.0 up to {BLOCKED}.{BLOCKED}.85.255
- {BLOCKED}.{BLOCKED}.50.0 up to {BLOCKED}.{BLOCKED}.60.255
- {BLOCKED}.{BLOCKED}.140.0 up to {BLOCKED}.{BLOCKED}.165.255
- {BLOCKED}.{BLOCKED}.150.0 up to {BLOCKED}.{BLOCKED}.175.255
- {BLOCKED}.{BLOCKED}.140.0 up to {BLOCKED}.{BLOCKED}.165.255
- {BLOCKED}.{BLOCKED}.40.0 up to {BLOCKED}.{BLOCKED}.65.255
- {BLOCKED}.{BLOCKED}.185.0 up to {BLOCKED}.{BLOCKED}.210.255
- {BLOCKED}.{BLOCKED}.100.0 up to {BLOCKED}.{BLOCKED}.110.255
- {BLOCKED}.{BLOCKED}.230.0 up to {BLOCKED}.{BLOCKED}.255.255
- {BLOCKED}.{BLOCKED}.200.0 up to {BLOCKED}.{BLOCKED}.225.255
- {BLOCKED}.{BLOCKED}.90.0 up to {BLOCKED}.{BLOCKED}.115.255
- {BLOCKED}.{BLOCKED}.185.0 up to {BLOCKED}.{BLOCKED}.200.255
- {BLOCKED}.{BLOCKED}.5.0 up to {BLOCKED}.{BLOCKED}.15.255
- {BLOCKED}.{BLOCKED}.120.0 up to {BLOCKED}.{BLOCKED}.150.255
- {BLOCKED}.{BLOCKED}.211.0 up to {BLOCKED}.{BLOCKED}.240.255
- {BLOCKED}.{BLOCKED}.85.0 up to {BLOCKED}.{BLOCKED}.100.255
- {BLOCKED}.{BLOCKED}.35.0 up to {BLOCKED}.{BLOCKED}.75.255
- {BLOCKED}.{BLOCKED}.50.0 up to {BLOCKED}.{BLOCKED}.60.255
- {BLOCKED}.{BLOCKED}.70.0 up to {BLOCKED}.{BLOCKED}.85.255
- {BLOCKED}.{BLOCKED}.20.0 up to {BLOCKED}.{BLOCKED}.38.255
- {BLOCKED}.{BLOCKED}.180.0 up to {BLOCKED}.{BLOCKED}.200.255
- {BLOCKED}.{BLOCKED}.140.0 up to {BLOCKED}.{BLOCKED}.165.255
- {BLOCKED}.{BLOCKED}.90.0 up to {BLOCKED}.{BLOCKED}.110.255
- {BLOCKED}.{BLOCKED}.145.0 up to {BLOCKED}.{BLOCKED}.175.255
- {BLOCKED}.{BLOCKED}.220.0 up to {BLOCKED}.{BLOCKED}.220.255
- {BLOCKED}.{BLOCKED}.230.0 up to {BLOCKED}.{BLOCKED}.255.255
- {BLOCKED}.{BLOCKED}.40.0 up to {BLOCKED}.{BLOCKED}.60.255
- {BLOCKED}.{BLOCKED}.185.0 up to {BLOCKED}.{BLOCKED}.200.255
- {BLOCKED}.{BLOCKED}.1.0 up to {BLOCKED}.{BLOCKED}.20.255
- {BLOCKED}.{BLOCKED}.65.0 up to {BLOCKED}.{BLOCKED}.75.255
- {BLOCKED}.{BLOCKED}.210.0 up to {BLOCKED}.{BLOCKED}.240.255
- {BLOCKED}.{BLOCKED}.75.0 up to {BLOCKED}.{BLOCKED}.90.255
- {BLOCKED}.{BLOCKED}.150.0 up to {BLOCKED}.{BLOCKED}.175.255
- {BLOCKED}.{BLOCKED}.1.0 up to {BLOCKED}.{BLOCKED}.15.255.
- {BLOCKED}.{BLOCKED}.145.0 up to {BLOCKED}.{BLOCKED}.160.255
- {BLOCKED}.{BLOCKED}.150.0 up to {BLOCKED}.{BLOCKED}.165.255
- {BLOCKED}.{BLOCKED}.230.0 up to {BLOCKED}.{BLOCKED}.255.255
- {BLOCKED}.{BLOCKED}.25.0 up to {BLOCKED}.{BLOCKED}.55.255
- {BLOCKED}.{BLOCKED}.50.0 up to {BLOCKED}.{BLOCKED}.80.255
- {BLOCKED}.{BLOCKED}.85.0 up to {BLOCKED}.{BLOCKED}.115.255
- {BLOCKED}.{BLOCKED}.10.0 up to {BLOCKED}.{BLOCKED}.30.255
- {BLOCKED}.{BLOCKED}.155.0 up to {BLOCKED}.{BLOCKED}.175.255
- {BLOCKED}.{BLOCKED}.165.0 up to {BLOCKED}.{BLOCKED}.185.255
- {BLOCKED}.{BLOCKED}.230.0 up to {BLOCKED}.{BLOCKED}.255.255
- {BLOCKED}.{BLOCKED}.85.0 up to {BLOCKED}.{BLOCKED}.105.255
- {BLOCKED}.{BLOCKED}.110.0 up to {BLOCKED}.{BLOCKED}.130.255
- {BLOCKED}.{BLOCKED}.180.0 up to {BLOCKED}.{BLOCKED}.210.255
- {BLOCKED}.{BLOCKED}.155.0 up to {BLOCKED}.{BLOCKED}.180.255
- {BLOCKED}.{BLOCKED}.60.0 up to {BLOCKED}.{BLOCKED}.70.255
- {BLOCKED}.{BLOCKED}.155.0 up to {BLOCKED}.{BLOCKED}.180.255
- {BLOCKED}.{BLOCKED}.152.0 up to {BLOCKED}.{BLOCKED}.175.255
- {BLOCKED}.{BLOCKED}.130.0 up to {BLOCKED}.{BLOCKED}.165.255
- {BLOCKED}.{BLOCKED}.210.0 up to {BLOCKED}.{BLOCKED}.245.255
- {BLOCKED}.{BLOCKED}.220.0 up to {BLOCKED}.{BLOCKED}.255.255
- {BLOCKED}.{BLOCKED}.1.0 up to {BLOCKED}.{BLOCKED}.25.255
- {BLOCKED}.{BLOCKED}.170.0 up to {BLOCKED}.{BLOCKED}.180.255
- {BLOCKED}.{BLOCKED}.40.0 up to {BLOCKED}.{BLOCKED}.70.255
- {BLOCKED}.{BLOCKED}.45.0 up to {BLOCKED}.{BLOCKED}.65.255
- {BLOCKED}.{BLOCKED}.25.0 up to {BLOCKED}.{BLOCKED}.50.255
- {BLOCKED}.{BLOCKED}.190.0 up to {BLOCKED}.{BLOCKED}.200.255
It searches and gather data found in the following files:
- C:\1f.txt
- C:\1i.txt
- C:\1p.txt
- C:\windows\1f.txt
- C:\windows\1i.txt
- C:\windows\1p.txt
- D:\1f.txt
- D:\1i.txt
- D:\1p.txt
- E:\1f.txt
- E:\1i.txt
- E:\1p.txt

Solução

Mecanismo de varredura mínima: 9.850

Primeiro arquivo padrão VSAPI: 19.978.05

Data do lançamento do primeiro padrão VSAPI: 24 março 2025

VSAPI OPR Pattern Version: 19.979.00

VSAPI OPR Pattern veröffentlicht am: 25 março 2025

Step 1

Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.

Step 2

<p> Beachten Sie, dass nicht alle Dateien, Ordner, Registrierungsschlüssel und Einträge auf Ihrem Computer installiert sind, während diese Malware / Spyware / Grayware ausgeführt wird. Dies kann auf eine unvollständige Installation oder andere Betriebssystembedingungen zurückzuführen sein. Fahren Sie mit dem nächsten Schritt fort. </ p><p> Beachten Sie, dass nicht alle Dateien, Ordner, Registrierungsschlüssel und Einträge auf Ihrem Computer installiert sind, während diese Malware / Spyware / Grayware ausgeführt wird. Dies kann auf eine unvollständige Installation oder andere Betriebssystembedingungen zurückzuführen sein. Fahren Sie mit dem nächsten Schritt fort. </ p>

Step 3

Durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt, und löschen Sie Dateien, die als Trojan.Win64.VICERCON.F entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.

Step 4

Diesen Registrierungsschlüssel löschen

[ Saber mais ]

Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.

In HKEY_CLASSES_ROOT\SHTinfo
In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SHTinfo

Step 5

Diesen Ordner suchen und löschen

[ Saber mais ]

Aktivieren Sie unbedingt das Kontrollkästchen Versteckte Elemente durchsuchen unter Weitere erweiterte Optionen, um alle verborgenen Ordner in den Suchergebnissen zu berücksichtigen.

%Windows%\Fonts\clientdb\ds
%Windows%\Fonts\clientdb\gt
%Windows%\Fonts\clientdb\
%Windows%\Fonts\Msbuild

Participe da nossa pesquisa!

Trojan.Win64.VICERCON.F

Visão geral

Detalhes técnicos

Solução

Recursos

Suporte

Sobre a Trend

Trojan.Win64.VICERCON.F

Visão geral

Detalhes técnicos

Solução

Recursos

Suporte

Sobre a Trend

Américas

Oriente Médio & África

Europa

Ásia&Pacífico