Trojan.Siggen18.52761

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKLM>\Software\Classes\Wise Folder Hider\shell\open\command] '' = '"%ProgramFiles(x86)%\Wise\Wise Folder Hider\WiseFolderHider.exe" "%1"'

Sets the following service settings

[<HKLM>\System\CurrentControlSet\Services\WiseFs] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\WiseFs] 'ImagePath' = '%WINDIR%\WiseFs64.sys'

Creates the following services

'WiseFs' %WINDIR%\WiseFs64.sys

Malicious functions

Registers file system filter

[<HKLM>\System\CurrentControlSet\Services\WiseFs] 'Group' = 'FSFilter Activity Monitor'

Modifies file system

Creates the following files

%TEMP%\autd5b5.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-2ks6u.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-hedkl.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-0500l.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-bdj4t.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-coe7d.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-0bldb.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-jphoj.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-29kq9.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-q9j9s.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-kfm38.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-o97j5.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-bkod0.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-4kq8k.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-4jtrj.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-v094k.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-df41s.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-iuak9.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-r019j.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-ntfr3.tmp
%WINDIR%\temp\udd168f.tmp
%WINDIR%\temp\uddeb1.tmp
%WINDIR%\temp\udd6c4.tmp
%ProgramFiles(x86)%\wise\wise folder hider\wisefolderhider.exe
%TEMP%\aut252.tmp
%APPDATA%\wise folder hider\config.ini
%ProgramFiles(x86)%\wise\wise folder hider\unins000.dat
%WINDIR%\temp\uddfd13.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-pp5n8.tmp
%WINDIR%\wisefs64.sys
%TEMP%\file_s64.sys
%TEMP%\is-ue6s6.tmp\introduce.url
C:\users\public\desktop\wise folder hider.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\wise folder hider\wise folder hider.lnk
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-8cei7.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-lpa7t.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-nlufk.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-ju558.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-k2crd.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-4hhbn.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-sidcr.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-e1kgh.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-gv1e4.tmp
%ProgramFiles(x86)%\wise\wise folder hider\is-pimkm.tmp
%ProgramFiles(x86)%\wise\wise folder hider\is-b4qee.tmp
%ProgramFiles(x86)%\wise\wise folder hider\is-mh51e.tmp
%ProgramFiles(x86)%\wise\wise folder hider\is-m8msg.tmp
%ProgramFiles(x86)%\wise\wise folder hider\is-ehljc.tmp
%ProgramFiles(x86)%\wise\wise folder hider\is-f78h6.tmp
%TEMP%\is-ue6s6.tmp\dmanager.dll
%TEMP%\is-ue6s6.tmp\_isetup\_setup64.tmp
%TEMP%\is-32uhm.tmp\~szblxzf.tmp
%CommonProgramFiles(x86)%\~szblxzf.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-4l6u6.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-k8hk5.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-luis8.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-n8ev6.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-hllnt.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-89h8l.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-ctncl.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-i3jh8.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-dcf1k.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-9eagu.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-jgvjr.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-e9n8s.tmp
%ProgramFiles(x86)%\wise\wise folder hider\unins000.msg
%WINDIR%\temp\udd1e6c.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-c3fqg.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-gi0gd.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-v1oc8.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-434p2.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-mkc9s.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-sveg3.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-dgij6.tmp
%ProgramFiles(x86)%\wise\wise folder hider\languages\is-9f9q4.tmp
%WINDIR%\temp\udd264a.tmp

Sets the 'hidden' attribute to the following files

%CommonProgramFiles(x86)%\~szblxzf.tmp

Deletes the following files

%TEMP%\autd5b5.tmp
%TEMP%\is-ue6s6.tmp\dmanager.dll
%TEMP%\is-ue6s6.tmp\introduce.url
%TEMP%\is-ue6s6.tmp\_isetup\_setup64.tmp
%TEMP%\is-32uhm.tmp\~szblxzf.tmp
%CommonProgramFiles(x86)%\~szblxzf.tmp
%TEMP%\aut252.tmp
%WINDIR%\temp\uddfd13.tmp
%WINDIR%\temp\udd6c4.tmp
%WINDIR%\temp\uddeb1.tmp
%WINDIR%\temp\udd168f.tmp
%WINDIR%\temp\udd1e6c.tmp
%WINDIR%\temp\udd264a.tmp

Moves the following files

from %ProgramFiles(x86)%\wise\wise folder hider\is-f78h6.tmp to %ProgramFiles(x86)%\wise\wise folder hider\unins000.exe
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-ctncl.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\italian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-hllnt.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\japanese.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-k2crd.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\korean.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-ju558.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\kurdish(kurmanci).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-nlufk.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\kurdish.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-df41s.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\lithuanian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-iuak9.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\norwegian(bokmal).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-v094k.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\persian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-4jtrj.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\polish.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-4kq8k.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\portuguese(brazil).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-bkod0.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\portuguese(portugal).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-kfm38.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\russian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-lpa7t.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\uyghur.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-q9j9s.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\serbian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-29kq9.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\slovak.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-jphoj.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\slovenian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-0bldb.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\spanish(bolivia).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-coe7d.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\spanish(spain).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-bdj4t.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\swedish(sweden).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-0500l.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\tajik.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-hedkl.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\thai.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-2ks6u.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\turkish.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-r019j.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\ukrainian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-ntfr3.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\urdu.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-i3jh8.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\indonesian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-o97j5.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\romanian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-dcf1k.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\hungarian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-k8hk5.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\catalan.ini
from %ProgramFiles(x86)%\wise\wise folder hider\is-ehljc.tmp to %ProgramFiles(x86)%\wise\wise folder hider\wisefolderhider.exe
from %ProgramFiles(x86)%\wise\wise folder hider\is-m8msg.tmp to %ProgramFiles(x86)%\wise\wise folder hider\liveupdate.exe
from %ProgramFiles(x86)%\wise\wise folder hider\is-mh51e.tmp to %ProgramFiles(x86)%\wise\wise folder hider\wfhchecker.exe
from %ProgramFiles(x86)%\wise\wise folder hider\is-b4qee.tmp to %ProgramFiles(x86)%\wise\wise folder hider\license.txt
from %ProgramFiles(x86)%\wise\wise folder hider\is-pimkm.tmp to %ProgramFiles(x86)%\wise\wise folder hider\dmanager.dll
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-gv1e4.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\afrikaans.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-e1kgh.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\arabic.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-sidcr.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\azeri(latin).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-4hhbn.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\belarusian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-luis8.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\bengali(india).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-4l6u6.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\bulgarian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-n8ev6.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\chinese(simplified).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-jgvjr.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\greek.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-89h8l.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\chinese(traditional).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-dgij6.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\croatian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-sveg3.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\czech.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-mkc9s.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\danish.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-434p2.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\dutch(nederlands).ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-v1oc8.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\english.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-gi0gd.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\estonian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-c3fqg.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\finnish.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-pp5n8.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\french.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-9f9q4.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\georgian.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-e9n8s.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\german.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-9eagu.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\hebrew.ini
from %ProgramFiles(x86)%\wise\wise folder hider\languages\is-8cei7.tmp to %ProgramFiles(x86)%\wise\wise folder hider\languages\vietnamese.ini

Network activity

Connects to

'wi###leaner.net':80

TCP

HTTP GET requests

http://www.wi###leaner.net/install_statistics/index.php?p=##################################################################

UDP

DNS ASK wi###leaner.net

Miscellaneous

Creates and executes the following

'%CommonProgramFiles(x86)%\~szblxzf.tmp' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
'%TEMP%\is-32uhm.tmp\~szblxzf.tmp' /SL5="$B00A4,3707023,188928,%CommonProgramFiles(x86)%\~szblxzf.tmp" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
'%WINDIR%\syswow64\sc.exe' start wisefs' (with hidden window)

Executes the following

'%WINDIR%\syswow64\sc.exe' start wisefs

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней