Tag Archive

Tag Archives for " 01detectdownloader "
1

Generic Dropper.ru

Generic Dropper.ru also performs the following payload:

It will modify Windows Registry and add the following entries:

  • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Shared Access\Parameters\FirewallPolicy\StandardProfile\] EnableFirewall=”0x00000000″
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared Access\Parameters\FirewallPolicy\StandardProfile\] EnableFirewall=”0x00000000″

The threat will drop the following malicious files:

  • %WINDIR%\system32\sdra64.exe
  • %WINDIR%\system32\lowsec\local.ds
  • %WINDIR%\system32\lowsec\user.ds
  • %WINDIR%\system32\lowsec\user.ds