Cotação de desconto para licenças múltiplas

Mudar de região

English Español Português
Banco de Dados de Ameaças Minhocas Worm.Kapucen.A

Worm.Kapucen.A

Por Domesticus em Minhocas
Traduzir Para:


O Worm.Kapucen.A é um worm de rede, que tem como alvo os sistemas operacionais do Windows. O Worm.Kapucen.A é capaz de se espalhar através de mídia removível ou de redes par-a-par. Ao infectar um computador, o Worm.Kapucen.A vai se conectar à Internet e se comunicar com um servidor remoto, via HTTP. O Worm.Kapucen.A também coloca uma cópia de si mesmo no \svchost.exe, e então cria um arquivo \Log.txt.

Outros Nomes

15 fornecedores de segurança sinalizaram este arquivo como malicioso.

Antivirus Vendor Detecção
Symantec W32.Ecup
Sophos W32/Kapucen-D
Prevx1 Cloaked Malware
Panda W32/Puce.I.worm
NOD32 Win32/Kapucen.NAM
Microsoft Worm:Win32/Puce.gen!B
eTrust-Vet Win32/Puce.F
Comodo Worm.Win32.Kapucen.~B
ClamAV Worm.W32.Puce
CAT-QuickHeal Win32.Worm.Puce.gen!B.4
AVG Win32/Puce.E
AhnLab-V3 Win32/IRCBot.worm.variant
a-squared P2P-Worm.Win32.Kapucen.b!IK
TrendMicro WORM_KAPUCEN.B
Symantec Trojan Horse

SpyHunter detecta e remove Worm.Kapucen.A

Detalhes Sobre os Arquivos do Sistema

Worm.Kapucen.A pode criar o(s) seguinte(s) arquivo(s):
Expandir todos | Recolher todos
# Nome do arquivo MD5 Detecções
1. svchost.exe 8dfc24fd74b0fbb4369b54fd39e5a1f7 0
Arquivos Adicionais

Relatório de análise

Informação geral

Family Name: Trojan.Kapucen.A
Signature status: No Signature

Known Samples

MD5: 2ce1b578ed684c1384e2fcef574adea4
SHA1: 224aa58aaa92adb1aa1be24c9beeb6cb2d797dfd
SHA256: 6EE6DE486C43B00F8B6E35203634047544BBC20431C71B2B745A1882FCB9ECF8
Tamanho do Arquivo: 106.50 KB, 106496 bytes
MD5: f3b5063f655710fbe8ce3a77237983b2
SHA1: 8feb248a3678da666007f096bc64cbcbfb0838f7
SHA256: B6C4C271B5B31E72F273EC3ED69C7FBE19C8DE44495FAEA7B942BCD1C74B3F4B
Tamanho do Arquivo: 106.50 KB, 106496 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 210
Potentially Malicious Blocks: 21
Whitelisted Blocks: 180
Unknown Blocks: 9

Visual Map

? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x x x x 0 0 x 0 x x x 0 0 x x x x x x x x x 0 0 1 1 0 1 1 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\svchost.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\log.txt Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496

Registry Modifications

Key::Value Dados API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::windowsservicesstartup C:\Users\Gxddfjnw\AppData\Local\Temp\svchost.exe 1 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 闺ȁ ਪˣ鈯ˣ遙̃豤̃অˣ炑̃龡^濖̃賬̃P獖}偫~엦1਷ˣ邯̃뫯ʃdᵂċᵆċeဈ엦1:¶i ꙥžr֢ RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::windowsservicesstartup C:\Users\Kjsqotwn\AppData\Local\Temp\svchost.exe 1 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • AdjustTokenPrivileges
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
  • ShellExecute
User Data Access
  • GetUserObjectInformation
Anti Debug
  • NtQuerySystemInformation

Shell Command Execution

open Log.txt
C:\Users\Gxddfjnw\AppData\Local\Temp\svchost.exe 1
C:\Users\Kjsqotwn\AppData\Local\Temp\svchost.exe 1

Tendendo

Mais visto

Carregando...