PUA.Win32.Tomos.GC
Publish Date: 13 de listopada de 2018
PUA:Win32/Somoto (Microsoft); PUA.BetterInstaller (Symantec)
PLATFORM:
Windows
OVER ALL RISK RATING:
DAMAGE POTENTIAL::
DISTRIBUTION POTENTIAL::
REPORTED INFECTION:
INFORMATION EXPOSURE:
Low
Medium
High
Critical
Threat Type:
Potentially Unwanted Application
Destructiveness:
No
Encrypted:
In the wild::
Yes
OVERVIEW
TECHNICAL DETAILS
File size: 201,808 bytes
File type: EXE
INITIAL SAMPLES RECEIVED DATE: 06 listopada 2018
Otras modificaciones del sistema
Agrega las siguientes entradas de registro:
HKEY_CURRENT_USER\Software\Somoto\
SDP
muid = "{Random Characters}"
HKEY_CURRENT_USER\Software\Somoto\
SDP
uid = "{Random Characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
sdp
(Default) = URL:SDP Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
sdp
URL Protocol =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
sdp\shell\open\
command
(Default) = "{Malware Filename\Malware File Path}" /protocol %1
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\ProtocolExecute\sdp
WarnOnOpen = 0
HKEY_CURRENT_USER\Software\Somoto\
SDP
nc = {Hex Values}
HKEY_CURRENT_USER\Software\Somoto\
SDP
flags = 4