Analyse von: Joachim Suico   
 

Adware.BrowseFox.BU (Bitdefender); AdWare.Win32.Yotoon.szt (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt)

 Plattform:

Windows

 Risikobewertung (gesamt):
 Schadenspotenzial::
 Verteilungspotenzial::
 reportedInfection:
 Trend Micro Lösungen:
Niedrig
Mittel
Hoch
Kritisch

  • Malware-Typ:
    Adware

  • Zerstrerisch?:
    Nein

  • Verschlsselt?:
     

  • In the wild::
    Ja

  Überblick


  Technische Details

Dateigröße: 285,432 bytes
Dateityp: DLL
Speicherresiden: Nein
Erste Muster erhalten am: 26 April 2015

Autostart-Technik

Fügt folgende Registrierungseinträge hinzu, um bei jedem Systemstart automatisch ausgeführt zu werden.

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
InprocServer32
@ = "{malware path}\{malware name}.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32
@ = "{malware path}\{malware name}.dll"

Andere Systemänderungen

Fügt die folgenden Registrierungsschlüssel hinzu:

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
InprocServer32

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
Programmable

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
TypeLib

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
Version

HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
ProxyStubClsid

HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
ProxyStubClsid32

HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
TypeLib

HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
ProxyStubClsid

HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
ProxyStubClsid32

HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
TypeLib

HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0

HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\0

HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\0\win32

HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\FLAGS

HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\HELPDIR

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
0\win32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
FLAGS

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
HELPDIR

Fügt die folgenden Registrierungseinträge hinzu:

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Default = "Manager Class"

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
InprocServer32
ThreadingModel = "Apartment"

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
TypeLib
Default = "{hex values}"

HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\
Version
Default = "1.0"

HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Default = "IManager"

HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
ProxyStubClsid
Default = "{hex values}"

HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
ProxyStubClsid32
Default = "{hex values}"

HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
TypeLib
Default = "{hex values}"

HKEY_CLASSES_ROOT\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\
TypeLib
Version = "1.0"

HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Default = "IMdt"

HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
ProxyStubClsid
Default` = "{hex values}"

HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
ProxyStubClsid32
Default = "{hex values}"

HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
TypeLib
Default = "{hex values}"

HKEY_CLASSES_ROOT\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\
TypeLib
Version = "1.0"

HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0
Default = "XTLSLib"

HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\0\win32
Default = "{malware path}\{malware name}.dll"

HKEY_CLASSES_ROOT\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\
1.0\FLAGS
Default = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Default = "Manager Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\InprocServer32
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\TypeLib
Default = "{hex values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}\Version
Default = "1.0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Default = "IManager"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\ProxyStubClsid
Default = "{hex values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\ProxyStubClsid32
Default = "{hex values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\TypeLib
Default = "{hex values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}\TypeLib
Version = "1.0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Default = "IMdt"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\ProxyStubClsid
Default = "{hex values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\ProxyStubClsid32
Default = "{hex values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\TypeLib
Default = "{hex values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}\TypeLib
Version = "1.0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0
Default = "XTLSLib"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
0\win32
Default = "{malware path}\{malware name}.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}\1.0\
FLAGS
Default = "0"