Author: Pearl Charlaine Espejo   

 

Trojan.Win32.Septic.a (Kaspersky); Trojan.Win32.Septic.irdi (NANO-Antivirus); W32/Septic.A!tr (Fortinet); Adware.SideSearch (Symantec); Application.Win32.Adware.SideSearch (Comodo)

 PLATFORM:

Windows

 OVER ALL RISK RATING:
 DAMAGE POTENTIAL::
 DISTRIBUTION POTENTIAL::
 REPORTED INFECTION:
 INFORMATION EXPOSURE:
Low
Medium
High
Critical

  • Threat Type:
    Adware

  • Destructiveness:
    No

  • Encrypted:
     

  • In the wild::
    Yes

  OVERVIEW

Llega como componente integrado en paquetes de malware/grayware/spyware.

  TECHNICAL DETAILS

File size: 184,325 bytes
File type: DLL
Memory resident: No
INITIAL SAMPLES RECEIVED DATE: 07 marca 2015

Detalles de entrada

Llega como componente integrado en paquetes de malware/grayware/spyware.

Otras modificaciones del sistema

Agrega las siguientes entradas de registro como parte de la rutina de instalación:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF286CEA-635D-40C5-A891-B40A0F520539}

Agrega las siguientes entradas de registro:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1
= "Band Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band.1\CLSID
= "{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band
= "Band Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CLSID
= "{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Band\CurVer
= "Sep.Band.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
= "Band Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\ProgID
= "Sep.Band.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\VersionIndependentProgID
= "Sep.Band"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32
= "{malware path and filename}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\InprocServer32
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}\TypeLib
= "{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1
= "Search Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search.1\CLSID
= "{C30793AF-14B2-4300-8B5D-4BFA3987050E}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search
= "Search Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CLSID
= "{C30793AF-14B2-4300-8B5D-4BFA3987050E}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Sep.Search\CurVer
= "Sep.Search.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}
= "Search Class"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\ProgID
= "Sep.Search.1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\VersionIndependentProgID
= "Sep.Search

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\InprocServer32
ThreadingModel = "Free"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C30793AF-14B2-4300-8B5D-4BFA3987050E}\TypeLib
= "{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4E627A1E-BC4B-4FAF-8DE8-1D9A54D37DA3}\1.0\
0\win32
= "{malware path and filename}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5}
= "IBand"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF286CEA-635D-40C5-A891-B40A0F520539}
= "ISepSearch"