Техническая информация
Вредоносные функции:
Создает и запускает на исполнение:
- '%TEMP%\pipi_dae_473.exe'
- '%TEMP%\pipi_setup_473.exe' /verysilent
- '%TEMP%\is-ESAO6.tmp\pipi_setup_473.tmp' /SL5="$1014C,6213480,71168,%TEMP%\pipi_setup_473.exe" /verysilent
- '%PROGRAM_FILES%\winrar32\bibibei19.exe'
- '%PROGRAM_FILES%\winrar32\Happy88hyt.exe'
- '%WINDIR%\DDVInstall.exe'
- '%PROGRAM_FILES%\winrar32\pipi_dae_473.exe'
Запускает на исполнение:
- '<SYSTEM32>\cmd.exe' /c c:\143257593.bat
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\±И±ИЯВ\bibibei.dll"
- '<SYSTEM32>\wscript.exe' "%PROGRAM_FILES%\winrar32\20140403000.jse"
Изменения в файловой системе:
Создает следующие файлы:
- %PROGRAM_FILES%\pipi\is-JO93F.tmp
- %PROGRAM_FILES%\pipi\is-RM5EI.tmp
- %PROGRAM_FILES%\pipi\is-H3V37.tmp
- %PROGRAM_FILES%\pipi\is-PV8MT.tmp
- %PROGRAM_FILES%\pipi\is-KI5UA.tmp
- %PROGRAM_FILES%\pipi\is-ORTHO.tmp
- %PROGRAM_FILES%\pipi\is-LIV48.tmp
- %PROGRAM_FILES%\pipi\is-U82SQ.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-FMMOH.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-J01DQ.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-D41DH.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-QRJEN.tmp
- %PROGRAM_FILES%\pipi\codec\is-3IFNV.tmp
- %PROGRAM_FILES%\pipi\codec\is-PMP80.tmp
- %PROGRAM_FILES%\pipi\codec\is-7DV1D.tmp
- %PROGRAM_FILES%\pipi\is-MI15N.tmp
- %PROGRAM_FILES%\pipi\is-CTIR1.tmp
- %PROGRAM_FILES%\pipi\is-1JJ7Q.tmp
- %PROGRAM_FILES%\pipi\is-HVBNA.tmp
- %PROGRAM_FILES%\pipi\is-NHODV.tmp
- %PROGRAM_FILES%\pipi\is-PLGLB.tmp
- %PROGRAM_FILES%\pipi\is-IQO0F.tmp
- %PROGRAM_FILES%\pipi\is-FP5IV.tmp
- %PROGRAM_FILES%\pipi\is-52E5R.tmp
- %PROGRAM_FILES%\pipi\is-SR69N.tmp
- %PROGRAM_FILES%\pipi\is-MFGN9.tmp
- %PROGRAM_FILES%\pipi\is-O5JVN.tmp
- %PROGRAM_FILES%\pipi\is-7TR33.tmp
- %PROGRAM_FILES%\pipi\is-D1FCT.tmp
- %PROGRAM_FILES%\pipi\is-QI8S5.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-JVUMD.tmp
- %PROGRAM_FILES%\pipi\config\is-0RAGH.tmp
- %PROGRAM_FILES%\pipi\config\is-BDTRI.tmp
- %PROGRAM_FILES%\pipi\config\is-097V0.tmp
- %PROGRAM_FILES%\pipi\config\is-EETNP.tmp
- %PROGRAM_FILES%\pipi\config\is-D6GTP.tmp
- %PROGRAM_FILES%\pipi\config\is-KNEMP.tmp
- %PROGRAM_FILES%\pipi\config\is-29G42.tmp
- %PROGRAM_FILES%\pipi\config\is-1THDC.tmp
- %PROGRAM_FILES%\pipi\Plugins\is-MF08J.tmp
- %PROGRAM_FILES%\pipi\Plugins\is-U9AHS.tmp
- %PROGRAM_FILES%\pipi\Plugins\is-UD74G.tmp
- %PROGRAM_FILES%\pipi\Plugins\is-FLU86.tmp
- %PROGRAM_FILES%\pipi\config\is-H2R7I.tmp
- %PROGRAM_FILES%\pipi\config\is-GMP5M.tmp
- %PROGRAM_FILES%\pipi\config\is-DSN4I.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-HTIKT.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-K5EHL.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-P4BEM.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-OQ71J.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-N5BLT.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-CSPJP.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-888AC.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-59R22.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-4SSEI.tmp
- %PROGRAM_FILES%\pipi\config\is-9CB81.tmp
- %PROGRAM_FILES%\pipi\config\is-KGLCK.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-353DH.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-86CE6.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-NDS35.tmp
- %PROGRAM_FILES%\pipi\codec\rm\is-SFE55.tmp
- %WINDIR%\077AA96E.jse
- %PROGRAM_FILES%\winrar32\bibibei19.exe
- %TEMP%\pipi_dae_473.exe
- %WINDIR%\881653CC.dll
- %WINDIR%\Client.ini
- %WINDIR%\DDVInstall.exe
- %PROGRAM_FILES%\winrar32\pipi_dae_473.exe
- %PROGRAM_FILES%\±И±ИЯВ\bibibei.dll
- %HOMEPATH%\Start Menu\Programs\±И±ИЯВ\±И±ИЯВ№Щ·ЅНшХѕ.lnk
- %HOMEPATH%\Start Menu\Programs\±И±ИЯВ\Р¶ФШ.lnk
- %PROGRAM_FILES%\±И±ИЯВ\Р¶ФШ.exe
- %TEMP%\pipi_setup_473.exe
- %TEMP%\nsw2.tmp\System.dll
- %PROGRAM_FILES%\±И±ИЯВ\±И±ИЯВ№Щ·ЅНшХѕ.url
- %PROGRAM_FILES%\±И±ИЯВ\bibibei.ico
- %PROGRAM_FILES%\winrar32\winrar32.jse
- %PROGRAM_FILES%\winrar32\20140403000.jse
- %WINDIR%\res\91555game.ico
- <SYSTEM32>\tbao.ico
- C:\7ACCBF2E.log
- %PROGRAM_FILES%\winrar32\Happy88hyt.exe
- <SYSTEM32>\fswf.ico
- %WINDIR%\res\9158vv.ico
- %WINDIR%\res\logo_1.bmp
- %WINDIR%\res\logo_2.bmp
- %WINDIR%\res\logo_3.bmp
- %WINDIR%\res\b_logo_3.bmp
- %WINDIR%\res\99cu.ico
- %WINDIR%\res\b_logo_1.bmp
- %WINDIR%\res\b_logo_2.bmp
- C:\143257593.bat
- %PROGRAM_FILES%\pipi\is-DVD62.tmp
- %PROGRAM_FILES%\pipi\is-D3CJ2.tmp
- %PROGRAM_FILES%\pipi\is-HTGF8.tmp
- %PROGRAM_FILES%\pipi\is-TOM74.tmp
- %TEMP%\is-UDTE9.tmp\wizard_recommand.bmp
- %TEMP%\is-UDTE9.tmp\topWizardSmallImageFile.bmp
- %PROGRAM_FILES%\pipi\is-C950C.tmp
- %PROGRAM_FILES%\pipi\is-E2E4E.tmp
- %PROGRAM_FILES%\pipi\is-ALQH5.tmp
- %PROGRAM_FILES%\pipi\is-U3NGD.tmp
- %PROGRAM_FILES%\pipi\is-SMFVV.tmp
- %PROGRAM_FILES%\pipi\is-9MM05.tmp
- %PROGRAM_FILES%\pipi\is-5MTNK.tmp
- %PROGRAM_FILES%\pipi\is-APS5R.tmp
- %PROGRAM_FILES%\pipi\is-HDEK6.tmp
- %TEMP%\is-UDTE9.tmp\PIPIRecommend.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\default[1].htm
- %TEMP%\is-UDTE9.tmp\gtapi_signed.dll
- %TEMP%\is-UDTE9.tmp\jpg2bmp.dll
- %TEMP%\is-ESAO6.tmp\pipi_setup_473.tmp
- %TEMP%\is-UDTE9.tmp\_isetup\_RegDLL.tmp
- %TEMP%\is-UDTE9.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-UDTE9.tmp\setupwelcome.jpg
- %TEMP%\is-UDTE9.tmp\setupwelcome.bmp
- %TEMP%\is-UDTE9.tmp\google_logo.bmp
- %TEMP%\is-UDTE9.tmp\baidu_logo.bmp
- %TEMP%\is-UDTE9.tmp\topWizardSmallImageFile.jpg
- %TEMP%\is-UDTE9.tmp\google_logo.jpg
- %TEMP%\is-UDTE9.tmp\baidu_logo.jpg
- %TEMP%\is-UDTE9.tmp\wizard_recommand.jpg
Присваивает атрибут 'скрытый' для следующих файлов:
- %PROGRAM_FILES%\winrar32\20140403000.jse
- %PROGRAM_FILES%\winrar32\winrar32.jse
Удаляет следующие файлы:
- %PROGRAM_FILES%\pipi\jfCacheMgr.exe
- %TEMP%\nsw2.tmp\System.dll
Перемещает следующие файлы:
- %PROGRAM_FILES%\pipi\codec\rm\is-HTIKT.tmp в %PROGRAM_FILES%\pipi\codec\rm\hxltcolor.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-K5EHL.tmp в %PROGRAM_FILES%\pipi\codec\rm\pncrt.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-888AC.tmp в %PROGRAM_FILES%\pipi\codec\rm\drv2.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-OQ71J.tmp в %PROGRAM_FILES%\pipi\codec\rm\drvc.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-P4BEM.tmp в %PROGRAM_FILES%\pipi\codec\rm\raac.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-NDS35.tmp в %PROGRAM_FILES%\pipi\codec\rm\rv20.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-SFE55.tmp в %PROGRAM_FILES%\pipi\codec\rm\rv30.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-59R22.tmp в %PROGRAM_FILES%\pipi\codec\rm\ralf.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-86CE6.tmp в %PROGRAM_FILES%\pipi\codec\rm\rv10.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-QRJEN.tmp в %PROGRAM_FILES%\pipi\codec\rm\14_43260.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-FMMOH.tmp в %PROGRAM_FILES%\pipi\codec\rm\28_83260.dll
- %PROGRAM_FILES%\pipi\codec\is-PMP80.tmp в %PROGRAM_FILES%\pipi\codec\CoreAVC.ax
- %PROGRAM_FILES%\pipi\codec\is-7DV1D.tmp в %PROGRAM_FILES%\pipi\codec\MPCVideoDec.ax
- %PROGRAM_FILES%\pipi\codec\rm\is-J01DQ.tmp в %PROGRAM_FILES%\pipi\codec\rm\atrc.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-N5BLT.tmp в %PROGRAM_FILES%\pipi\codec\rm\dnet3260.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-CSPJP.tmp в %PROGRAM_FILES%\pipi\codec\rm\drv1.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-D41DH.tmp в %PROGRAM_FILES%\pipi\codec\rm\cook.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-JVUMD.tmp в %PROGRAM_FILES%\pipi\codec\rm\ddnt3260.dll
- %PROGRAM_FILES%\pipi\codec\rm\is-353DH.tmp в %PROGRAM_FILES%\pipi\codec\rm\rv40.dll
- %PROGRAM_FILES%\pipi\config\is-H2R7I.tmp в %PROGRAM_FILES%\pipi\config\tab2_down.bmp
- %PROGRAM_FILES%\pipi\config\is-GMP5M.tmp в %PROGRAM_FILES%\pipi\config\tab2_norm.bmp
- %PROGRAM_FILES%\pipi\config\is-097V0.tmp в %PROGRAM_FILES%\pipi\config\enumwindow.ini
- %PROGRAM_FILES%\pipi\config\is-1THDC.tmp в %PROGRAM_FILES%\pipi\config\partner.ini
- %PROGRAM_FILES%\pipi\config\is-DSN4I.tmp в %PROGRAM_FILES%\pipi\config\tab2_over.bmp
- %PROGRAM_FILES%\pipi\Plugins\is-U9AHS.tmp в %PROGRAM_FILES%\pipi\Plugins\KmTransmit.dll
- %PROGRAM_FILES%\pipi\Plugins\is-UD74G.tmp в %PROGRAM_FILES%\pipi\Plugins\KmUdx.dll
- %PROGRAM_FILES%\pipi\Plugins\is-FLU86.tmp в %PROGRAM_FILES%\pipi\Plugins\KmHashFile.dll
- %PROGRAM_FILES%\pipi\Plugins\is-MF08J.tmp в %PROGRAM_FILES%\pipi\Plugins\KmLiveStream.dll
- %PROGRAM_FILES%\pipi\config\is-KGLCK.tmp в %PROGRAM_FILES%\pipi\config\acl.cnc.conf
- %PROGRAM_FILES%\pipi\config\is-D6GTP.tmp в %PROGRAM_FILES%\pipi\config\acl.crtc.conf
- %PROGRAM_FILES%\pipi\codec\rm\is-4SSEI.tmp в %PROGRAM_FILES%\pipi\codec\rm\sipr.dll
- %PROGRAM_FILES%\pipi\config\is-9CB81.tmp в %PROGRAM_FILES%\pipi\config\acl.cmcc.conf
- %PROGRAM_FILES%\pipi\config\is-KNEMP.tmp в %PROGRAM_FILES%\pipi\config\acl.edu.conf
- %PROGRAM_FILES%\pipi\config\is-0RAGH.tmp в %PROGRAM_FILES%\pipi\config\clienttype.ini
- %PROGRAM_FILES%\pipi\config\is-BDTRI.tmp в %PROGRAM_FILES%\pipi\config\config.ini
- %PROGRAM_FILES%\pipi\config\is-29G42.tmp в %PROGRAM_FILES%\pipi\config\acl.greatwall.conf
- %PROGRAM_FILES%\pipi\config\is-EETNP.tmp в %PROGRAM_FILES%\pipi\config\acl.telecom.conf
- %PROGRAM_FILES%\pipi\is-U3NGD.tmp в %PROGRAM_FILES%\pipi\jpg2bmp.dll
- %PROGRAM_FILES%\pipi\is-SMFVV.tmp в %PROGRAM_FILES%\pipi\KmBugslayerUtil.dll
- %PROGRAM_FILES%\pipi\is-9MM05.tmp в %PROGRAM_FILES%\pipi\JfCheck.dll
- %PROGRAM_FILES%\pipi\is-ALQH5.tmp в %PROGRAM_FILES%\pipi\jfres_plug.dll
- %PROGRAM_FILES%\pipi\is-NHODV.tmp в %PROGRAM_FILES%\pipi\KmFileTypeSetting.exe
- %PROGRAM_FILES%\pipi\is-HVBNA.tmp в %PROGRAM_FILES%\pipi\libdb43.dll
- %PROGRAM_FILES%\pipi\is-MI15N.tmp в %PROGRAM_FILES%\pipi\MCCKMPlayerX.dll
- %PROGRAM_FILES%\pipi\is-PLGLB.tmp в %PROGRAM_FILES%\pipi\KmLiveEngine.dll
- %PROGRAM_FILES%\pipi\is-IQO0F.tmp в %PROGRAM_FILES%\pipi\KmLiveUpdate.exe
- %PROGRAM_FILES%\pipi\is-DVD62.tmp в %PROGRAM_FILES%\pipi\baidu_logo.JPG
- %PROGRAM_FILES%\pipi\is-D3CJ2.tmp в %PROGRAM_FILES%\pipi\dbghelp.dll
- %PROGRAM_FILES%\pipi\is-C950C.tmp в %PROGRAM_FILES%\pipi\unins000.exe
- %PROGRAM_FILES%\pipi\is-TOM74.tmp в %PROGRAM_FILES%\pipi\jfCacheMgr.exe
- %PROGRAM_FILES%\pipi\is-HTGF8.tmp в %PROGRAM_FILES%\pipi\google_logo.JPG
- %PROGRAM_FILES%\pipi\is-APS5R.tmp в %PROGRAM_FILES%\pipi\jfCacheMgr.exe
- %PROGRAM_FILES%\pipi\is-HDEK6.tmp в %PROGRAM_FILES%\pipi\jfcheck.conf
- %PROGRAM_FILES%\pipi\is-E2E4E.tmp в %PROGRAM_FILES%\pipi\gtapi_signed.dll
- %PROGRAM_FILES%\pipi\is-5MTNK.tmp в %PROGRAM_FILES%\pipi\HttpDownLoad.exe
- %PROGRAM_FILES%\pipi\is-CTIR1.tmp в %PROGRAM_FILES%\pipi\MFC71.dll
- %PROGRAM_FILES%\pipi\is-LIV48.tmp в %PROGRAM_FILES%\pipi\setupwelcome.JPG
- %PROGRAM_FILES%\pipi\is-PV8MT.tmp в %PROGRAM_FILES%\pipi\sqlite3.dll
- %PROGRAM_FILES%\pipi\is-KI5UA.tmp в %PROGRAM_FILES%\pipi\pphelp.url
- %PROGRAM_FILES%\pipi\is-ORTHO.tmp в %PROGRAM_FILES%\pipi\ppwebnav.url
- %PROGRAM_FILES%\pipi\is-JO93F.tmp в %PROGRAM_FILES%\pipi\topWizardSmallImageFile.jpg
- %PROGRAM_FILES%\pipi\is-U82SQ.tmp в %PROGRAM_FILES%\pipi\wizard_recommand.JPG
- %PROGRAM_FILES%\pipi\codec\is-3IFNV.tmp в %PROGRAM_FILES%\pipi\codec\CoreAAC.ax
- %PROGRAM_FILES%\pipi\is-RM5EI.tmp в %PROGRAM_FILES%\pipi\uninstall.ico
- %PROGRAM_FILES%\pipi\is-H3V37.tmp в %PROGRAM_FILES%\pipi\webplayer.url
- %PROGRAM_FILES%\pipi\is-7TR33.tmp в %PROGRAM_FILES%\pipi\PIPIPlayer.exe
- %PROGRAM_FILES%\pipi\is-D1FCT.tmp в %PROGRAM_FILES%\pipi\PIPIRecommend.dll
- %PROGRAM_FILES%\pipi\is-1JJ7Q.tmp в %PROGRAM_FILES%\pipi\msvcp71.dll
- %PROGRAM_FILES%\pipi\is-FP5IV.tmp в %PROGRAM_FILES%\pipi\msvcr71.dll
- %PROGRAM_FILES%\pipi\is-QI8S5.tmp в %PROGRAM_FILES%\pipi\pipisp.ico
- %PROGRAM_FILES%\pipi\is-SR69N.tmp в %PROGRAM_FILES%\pipi\PIPIWebPlayer.ocx
- %PROGRAM_FILES%\pipi\is-MFGN9.tmp в %PROGRAM_FILES%\pipi\player.swf
- %PROGRAM_FILES%\pipi\is-O5JVN.tmp в %PROGRAM_FILES%\pipi\pipisp.url
- %PROGRAM_FILES%\pipi\is-52E5R.tmp в %PROGRAM_FILES%\pipi\PIPIStartSvr.exe
Сетевая активность:
Подключается к:
- 'www.ha##y88.com':80
- '12#.#26.53.229':8080
- 'localhost':1035
TCP:
Запросы HTTP GET:
- www.ha##y88.com/DownLoad/File/VersionInfo/default.htm
UDP:
- DNS ASK re####end.pipi.cn
- DNS ASK t.###ibei.com
- DNS ASK www.ha##y88.com
Другое:
Ищет следующие окна:
- ClassName: 'MS_WebcheckMonitor' WindowName: '(null)'
- ClassName: 'ppfilm_class' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'ppfilm_class_cachemgr_title'
- ClassName: 'MS_AutodialMonitor' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'
- ClassName: 'progman' WindowName: 'Program Manager'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
