 ¸íĪ: Trojan.Reaver ¹ß·ÉÀϽÃ: 2017.11.15 À¯Çü: Æ®·ÎÀÌ À§Çèµµ: ÇÏ ÇØ´ç½Ã½ºÅÛ: À©µµ ÁÖ¿äÁõ»ó: ¾Ç¼ºÄÚµå È°µ¿ ¼öÇà 2017/11/15(¼ö) | |
 Trojan.Reaver ¹ß·ÉÀϽà : 11¿ù15ÀÏ À¯Çü : Æ®·ÎÀÌ À§Çèµµ : ¡Ú¡Ù¡Ù¡Ù¡Ù ÇØ´ç½Ã½ºÅÛ : À©µµ ÁÖ¿äÁõ»ó : ¾Ç¼ºÄÚµå È°µ¿ ¼öÇà Infection Length: Varies Systems Affected: Windows Trojan.Reaver is a Trojan horse that may perform malicious activities on the compromised computer. ===== Once executed, the Trojan creates the following files: •%Temp%\winhelp.dat •%Temp%\~Update.lnk •%CommonProgramFiles%\Services\winhelp.dat •%CommonProgramFiles%\Services\winhelp.cpl •%CommonProgramFiles%\Services\winhelp.cpl •%AppData%\microsoft\mmc\winhelp.dat •%AppData%\microsoft\mmc\winhelp.cpl •%AppData%\microsoft\mmc\winhelp.cpl •%AppData%\Random_name\updata.log •%AppData%\Random_name\sppsvc.exe •%AppData%\Random_name\sppsvc.exe •%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\dwm.lnk •%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\sppsvc.lnk The Trojan creates the following registry entries: •HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Parameters\"ServiceDll" = "%CommonProgramFiles%\Services\winhelp.cpl "" •HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\"DisplayName" = "Windows Multimedia Service" •HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\"Description" = "Windows Multimedia Service for media devices" Next, the Trojan connects to the following remote location: •[http://]www.fyoutside.com/DWM1UT98C6[REMOVED] The Trojan then gathers the following information from the compromised computer: •Computer name •Processor speed •IP Address •Operating system version •Memory information •Volume serial number The Trojan may then carry out the following actions on the compromised computer: •Read, write, delete, and move files •Create and end processes ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ Copyright¨Ï2000-2017 All rights reserved ÇØÄ¿Áî´º½º / ÇØÄ¿´ëÇÐ ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ |
   |