Análisis realizado por : Pearl Charlaine Espejo   
 Alias

Trojan.Win32.Septic.a (Kaspersky); Trojan.Win32.Septic.irdi (NANO-Antivirus); W32/Septic.A!tr (Fortinet); Adware.SideSearch (Symantec); Application.Win32.Adware.SideSearch (Comodo)

 Plataforma:

Windows

 Riesgo general:
 Potencial de destrucción:
 Potencial de distribución:
 Infección divulgada:
 Revelación de la información:
Bajo
Medio
High
Crítico

  • Tipo de malware
    Adware

  • Destructivo?
    No

  • Cifrado
     

  • In the Wild:

  Resumen y descripción

Llega como componente integrado en paquetes de malware/grayware/spyware.

  Detalles técnicos

Tamaño del archivo 184,325 bytes
Tipo de archivo DLL
Residente en memoria No
Fecha de recepción de las muestras iniciales 07 marzo 2015

Detalles de entrada

Llega como componente integrado en paquetes de malware/grayware/spyware.

Otras modificaciones del sistema

Agrega las siguientes entradas de registro como parte de la rutina de instalación:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF286CEA-635D-40C5-A891-B40A0F520539}

Agrega las siguientes entradas de registro:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1
= "Band Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1\CLSID
= "{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band
= "Band Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CLSID
= "{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CurVer
= "Sep.Band.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
= "Band Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID
= "Sep.Band.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\VersionIndependentProgID
= "Sep.Band"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32
= "{malware path and filename}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\TypeLib
= "{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1
= "Search Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1\CLSID
= "{C30793AF-14B2-4300-8B5D-4BFA3987050E}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search
= "Search Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CLSID
= "{C30793AF-14B2-4300-8B5D-4BFA3987050E}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CurVer
= "Sep.Search.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}
= "Search Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\ProgID
= "Sep.Search.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\VersionIndependentProgID
= "Sep.Search

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32
ThreadingModel = "Free"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\TypeLib
= "{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\
0\win32
= "{malware path and filename}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5}
= "IBand"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF286CEA-635D-40C5-A891-B40A0F520539}
= "ISepSearch"