Skip to main content

Trojan.Win32.Swrort.3_07090b5ab6


Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 07090b5ab626578737333d3365cc2bc7

SHA1: 2891e6ef0e542f81ead844ac185d506f6a248ecf

SHA256: 718ffaa619fa1955cda12aefa3d3867bbf47f8893430259855b5f26422e50f20

SSDeep: 12288:OylTYa2MrcGK20CrDoxcuA mnyUbfDNEglcTI7:pTYa2kZracn mnVv6sMI7

Size: 770800 bytes

File type: EXE

Platform: WIN32

Entropy: Not Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2016-08-29 10:57:57

Analyzed on: Windows7 SP1 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

lsl.exe:2740
lsl.exe:1596
lsl.exe:956
SoftUpd.exe:3052
clock32.exe:3528
%original file name%.exe:440
Power.exe:2020
luoshen.exe:3732

The Trojan injects its code into the following process(es):No processes have been created.

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process lsl.exe:1596 makes changes in the file system.


The Trojan creates and/or writes to the following file(s):















































































































































































































































































&web_id
&web_id
&r&lg&ntime&cnzz_eid&showp&t&h&rnd
&t
&t
&r&lg&ntime&cnzz_eid&showp&t&h&rnd
&r&lg&ntime&cnzz_eid&showp&t&h&rnd
&web_id
&r&lg&ntime&cnzz_eid&showp&t&h&rnd
&web_id
&t
&t

<&web_id><><&web_id><>

&web_id

&<&&

<<<>>>

&web_id

&<&&

<<<>>>

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

<<<>>>

&r&lg&ntime&cnzz_eid&showp&t&h&rnd

&t

站长统计&&&k&&<><><><><>站长统计

<<<>>>

<><><><><><><><><><><>

<

<<<>>>

<><><><><><><><><><>

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

<<<>>>

<<<>>>

&r&lg&ntime&cnzz_eid&showp&t&h&rnd

&t

站长统计&&&k&&<><><><><>站长统计

<<<>>>

<&web_id><><&web_id><>

<><><><><><><><><><><><><><><><><><><><><><>

<><><><><><><><><><><>

&

&

&

&

&

&

&ls

&ls

&

&

&

&

&D

&D

&

&

&

&

&

&

&

&

<.lmd_>

<.lmd_>

&

&

&:.mby

&:.mby

&

&

&

&

&

&

&

&

&

&

&ls

&ls

&A

&A

&A

&A

&

&

&

&

&

&

&ls

&ls