Analyse von: Pearl Charlaine Espejo   
 

Trojan.Win32.Septic.a (Kaspersky); Trojan.Win32.Septic.irdi (NANO-Antivirus); W32/Septic.A!tr (Fortinet); Adware.SideSearch (Symantec); Application.Win32.Adware.SideSearch (Comodo)

 Plattform:

Windows

 Risikobewertung (gesamt):
 Schadenspotenzial::
 Verteilungspotenzial::
 reportedInfection:
 Trend Micro Lösungen:
Niedrig
Mittel
Hoch
Kritisch

  • Malware-Typ:
    Adware

  • Zerstrerisch?:
    Nein

  • Verschlsselt?:
     

  • In the wild::
    Ja

  Überblick

Wird als eine Komponente eines Malware-/Grayware-/Spyware-Pakets übertragen.

  Technische Details

Dateigröße: 184,325 bytes
Dateityp: DLL
Speicherresiden: Nein
Erste Muster erhalten am: 07 März 2015

Übertragungsdetails

Wird als eine Komponente eines Malware-/Grayware-/Spyware-Pakets übertragen.

Andere Systemänderungen

Fügt die folgenden Registrierungsschlüssel hinzu:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF286CEA-635D-40C5-A891-B40A0F520539}

Fügt die folgenden Registrierungseinträge hinzu:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1
= "Band Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1\CLSID
= "{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band
= "Band Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CLSID
= "{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CurVer
= "Sep.Band.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
= "Band Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID
= "Sep.Band.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\VersionIndependentProgID
= "Sep.Band"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32
= "{malware path and filename}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\TypeLib
= "{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1
= "Search Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1\CLSID
= "{C30793AF-14B2-4300-8B5D-4BFA3987050E}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search
= "Search Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CLSID
= "{C30793AF-14B2-4300-8B5D-4BFA3987050E}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CurVer
= "Sep.Search.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}
= "Search Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\ProgID
= "Sep.Search.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\VersionIndependentProgID
= "Sep.Search

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32
ThreadingModel = "Free"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\TypeLib
= "{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\
0\win32
= "{malware path and filename}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5}
= "IBand"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF286CEA-635D-40C5-A891-B40A0F520539}
= "ISepSearch"