PUA_REVIVER.GA
PUP.Optional.RegistryReviver (Malwarebytes); Win64/RegistryReviver.A (ESET-NOD32)
PLATFORM:
Windows
OVER ALL RISK RATING:
DAMAGE POTENTIAL::
DISTRIBUTION POTENTIAL::
REPORTED INFECTION:
INFORMATION EXPOSURE:
Low
Medium
High
Critical
Threat Type:
Potentially Unwanted Application
Destructiveness:
No
Encrypted:
In the wild::
Yes
OVERVIEW
Puede haberlo instalado manualmente un usuario.
Este malware modifica la configuración de zona de Internet Explorer.
TECHNICAL DETAILS
File size: 10,714,056 bytes
File type: EXE
INITIAL SAMPLES RECEIVED DATE: 23 lutego 2017
Detalles de entrada
Puede haberlo instalado manualmente un usuario.
Instalación
Infiltra los archivos siguientes:
- %System Root%\257e493e-fb12-4d60-a596-554667391420.exe
- %Program Files%\ReviverSoft\Smart Monitor\msvcp100.dll
- %Program Files%\ReviverSoft\Smart Monitor\msvcr100.dll
- %Program Files%\ReviverSoft\Smart Monitor\ReviverSoftSmartMonitor.exe
- %Program Files%\ReviverSoft\Smart Monitor\ReviverSoftSmartMonitor.mab
- %Program Files%\ReviverSoft\Smart Monitor\ReviverSoftSmartMonitorService.exe
- %Program Files%\ReviverSoft\Smart Monitor\ReviverSoftSmartMonitorService.mab
- %Program Files%\ReviverSoft\Smart Monitor\apps.json
- %Program Files%\ReviverSoft\Smart Monitor\SystemInfo-vc100-mt.dll
- %Program Files%\ReviverSoft\Smart Monitor\SystemInfo-vc100-mt.mab
- %Program Files%\ReviverSoft\Smart Monitor\Plugins\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4.dll
- %Program Files%\ReviverSoft\Smart Monitor\Plugins\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4.dll
- %Program Files%\ReviverSoft\Smart Monitor\Plugins\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4.mab
- %Program Files%\ReviverSoft\Smart Monitor\Plugins\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4.mab
- %Program Files%\ReviverSoft\Smart Monitor\Uninstall.exe
- %Program Files%\ReviverSoft\Registry Reviver\nfo
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Bulgarian.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Bulgarian1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Bulgarian2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Croatian.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Croatian1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Croatian2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Czech.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Czech1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Czech2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Danish.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Danish1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Danish2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Dutch.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Dutch1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Dutch2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\English.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\English1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\English2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Finnish.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Finnish1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Finnish2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\French.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\French1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\French2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\German.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\German1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\German2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Greek.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Greek1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Greek2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Hungarian.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Hungarian1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Hungarian2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Indonesian.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Indonesian1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Indonesian2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Italian.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Italian1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Italian2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Japanese.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Japanese1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Japanese2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Norwegian.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Norwegian1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Norwegian2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Polish.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Polish1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Polish2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Portuguese.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Portuguese1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Portuguese2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Romanian.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Romanian1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Romanian2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Russian.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Russian1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Russian2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\SimpChinese.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\SimpChinese1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\SimpChinese2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Spanish.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Spanish1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Spanish2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Swedish.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Swedish1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Swedish2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Thai.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Thai1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Thai2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\TradChinese.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\TradChinese1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\TradChinese2
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Turkish.xml
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Turkish1
- %Program Files%\ReviverSoft\Registry Reviver\defaults\Turkish2
- %Program Files%\ReviverSoft\Registry Reviver\binary_archive_converter.exe
- %Program Files%\ReviverSoft\Registry Reviver\msvcp100.dll
- %Program Files%\ReviverSoft\Registry Reviver\msvcr100.dll
- %Program Files%\ReviverSoft\Registry Reviver\FileExtensionManager-vc100-mt.dll
- %Program Files%\ReviverSoft\Registry Reviver\RegistryReviver.exe
- %Program Files%\ReviverSoft\Registry Reviver\RegistryReviverUpdater.exe
- %Program Files%\ReviverSoft\Registry Reviver\Uninstall.exe
- %Program Files%\ReviverSoft\Registry Reviver\tray.exe
- %Program Files%\ReviverSoft\Registry Reviver\ReviverSoftSmartMonitorSetup.exe
- %ProgramData%\ReviverSoft\Registry Reviver\{SID}\Settings.xml
- %ProgramData%\ReviverSoft\Registry Reviver\CommonSettings.xml
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\ReviverSoft\Registry Reviver\Uninstall.lnk
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\ReviverSoft\Registry Reviver\Registry Reviver.lnk
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Bulgarian.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Croatian.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Czech.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Danish.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Dutch.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\English.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Finnish.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\French.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\German.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Greek.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Hungarian.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Indonesian.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Italian.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Japanese.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Korean.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Norwegian.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Polish.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Portuguese.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Romanian.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Russian.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\SimpChinese.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Spanish.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Swedish.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Thai.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\TradChinese.xml
- %ProgramData%\ReviverSoft\Registry Reviver\Language\Turkish.xml
- %Windows%\Tasks\Start Registry Reviver for {Computer Name}@{Username}(logon).job
- %Desktop%\Registry Reviver.lnk
- %User Temp%\ns{random 1}.tmp
- %User Temp%\ns{random 2}.tmp\System.dll
- %User Temp%\ns{random 2}.tmp\ga_utility.exe
- %User Temp%\ns{random 2}.tmp\nsExec.dll
- %User Temp%\ns{random 2}.tmp\ns18A1.tmp
- %User Temp%\ns{random 2}.tmp\ioSpecial.ini
- %User Temp%\ns{random 2}.tmp\modern-wizard.bmp
- %User Temp%\ns{random 2}.tmp\nsEnvVariables.dll
- %User Temp%\ns{random 2}.tmp\InstallOptions.dll
- %User Temp%\ns{random 2}.tmp\linker.dll
- %User Temp%\ns{random 2}.tmp\nsProcess.dll
- %User Temp%\ns{random 2}.tmp\nsSessionSIDW.dll
- %User Temp%\ns{random 3}.tmp\execDos.dll
- %User Temp%\ns{random 3}.tmp\System.dll
- %User Temp%\ns{random 3}.tmp\nsProcess.dll
(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).
. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).. %Windows% es la carpeta de Windows, que suele estar en C:\Windows o C:\WINNT).. %Desktop% es la carpeta Escritorio del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}\Escritorio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Escritorio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Escritorio).. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).)Crea las carpetas siguientes:
- %Program Files%\ReviverSoft
- %Program Files%\ReviverSoft\Smart Monitor
- %Program Files%\ReviverSoft\Smart Monitor\Plugins
- %Program Files%\ReviverSoft\Registry Reviver
- %ProgramData%\ReviverSoft
- %ProgramData%\ReviverSoft\Registry Reviver
- %ProgramData%\ReviverSoft\Registry Reviver\{SID}
- %ProgramData%\ReviverSoft\Registry Reviver\Language
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\ReviverSoft
- %ProgramData%\Microsoft\Windows\Start Menu\Programs\ReviverSoft\Registry Reviver
- %User Temp%\ns{random 2}.tmp
- %User Temp%\ns{random 3}.tmp
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).)Otras modificaciones del sistema
Agrega las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Reviver
AppDir = "%Program Files%\ReviverSoft\Registry Reviver"
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Reviver
Language = "English.xml"
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Reviver
OriginalLang = "English.xml"
Modificación de la página de inicio y de la página de búsqueda del explorador Web
Este malware modifica la configuración de zona de Internet Explorer.
SOLUTION
Minimum scan engine: 9.850
SSAPI Pattern-Datei: 1.865.00
SSAPI Pattern veröffentlicht am: 17 de sierpnia de 2017