Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // #MalwareMustDie - File list clicked by password stealer dropped by Cridex trojan:
- // base: https://www.virustotal.com/file/7546e60e2f215585f8102a5a08674b946c2affe478a88b4966695f6009e76a9c/analysis/
- //Opened files...
- \\.\PIPE\lsarpc (successful)
- C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\HWID (failed)
- C:\WINDOWS\wcx_ftp.ini (failed)
- C:\Documents and Settings\<USER>\wcx_ftp.ini (failed)
- C:\Documents and Settings\<USER>\Application Data\GHISLER\wcx_ftp.ini (failed)
- C:\Documents and Settings\All Users\Application Data\GHISLER\wcx_ftp.ini (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\GHISLER\wcx_ftp.ini (failed)
- C:\Documents and Settings\<USER>\Application Data\GlobalSCAPE\CuteFTP\sm.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\GlobalSCAPE\CuteFTP Pro\sm.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\GlobalSCAPE\CuteFTP Lite\sm.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\CuteFTP\sm.dat (failed)
- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\sm.dat (failed)
- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP Pro\sm.dat (failed)
- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP Lite\sm.dat (failed)
- C:\Documents and Settings\All Users\Application Data\CuteFTP\sm.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\GlobalSCAPE\CuteFTP\sm.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\GlobalSCAPE\CuteFTP Pro\sm.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\GlobalSCAPE\CuteFTP Lite\sm.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\CuteFTP\sm.dat (failed)
- C:\Program Files\GlobalSCAPE\CuteFTP\sm.dat (failed)
- C:\Program Files\GlobalSCAPE\CuteFTP Pro\sm.dat (failed)
- C:\Program Files\GlobalSCAPE\CuteFTP Lite\sm.dat (failed)
- C:\Program Files\CuteFTP\sm.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\FlashFXP\3\Sites.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\FlashFXP\4\Sites.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\FlashFXP\3\Quick.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\FlashFXP\4\Quick.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\FlashFXP\3\History.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\FlashFXP\4\History.dat (failed)
- C:\Documents and Settings\All Users\Application Data\FlashFXP\3\Sites.dat (failed)
- C:\Documents and Settings\All Users\Application Data\FlashFXP\4\Sites.dat (failed)
- C:\Documents and Settings\All Users\Application Data\FlashFXP\3\Quick.dat (failed)
- C:\Documents and Settings\All Users\Application Data\FlashFXP\4\Quick.dat (failed)
- C:\Documents and Settings\All Users\Application Data\FlashFXP\3\History.dat (failed)
- C:\Documents and Settings\All Users\Application Data\FlashFXP\4\History.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\3\Sites.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\4\Sites.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\3\Quick.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\4\Quick.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\3\History.dat (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\4\History.dat (failed)
- C:\Documents and Settings\<USER>\Application Data\FileZilla\sitemanager.xml (failed)
- C:\Documents and Settings\<USER>\Application Data\FileZilla\recentservers.xml (failed)
- C:\Documents and Settings\<USER>\Application Data\FileZilla\filezilla.xml (failed)
- C:\Documents and Settings\All Users\Application Data\FileZilla\sitemanager.xml (failed)
- C:\Documents and Settings\All Users\Application Data\FileZilla\recentservers.xml (failed)
- C:\Documents and Settings\All Users\Application Data\FileZilla\filezilla.xml (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\FileZilla\sitemanager.xml (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\FileZilla\recentservers.xml (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\FileZilla\filezilla.xml (failed)
- C:\Documents and Settings\<USER>\Application Data\ExpanDrive\drives.js (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\ExpanDrive\drives.js (failed)
- C:\Documents and Settings\All Users\Application Data\ExpanDrive\drives.js (failed)
- C:\Documents and Settings\<USER>\Application Data\SharedSettings.ccs (failed)
- C:\Documents and Settings\<USER>\Application Data\SharedSettings.sqlite (failed)
- C:\Documents and Settings\<USER>\Application Data\SharedSettings_1_0_5.ccs (failed)
- C:\Documents and Settings\<USER>\Application Data\SharedSettings_1_0_5.sqlite (failed)
- C:\Documents and Settings\All Users\Application Data\SharedSettings.ccs (failed)
- C:\Documents and Settings\All Users\Application Data\SharedSettings.sqlite (failed)
- C:\Documents and Settings\All Users\Application Data\SharedSettings_1_0_5.ccs (failed)
- C:\Documents and Settings\All Users\Application Data\SharedSettings_1_0_5.sqlite (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\SharedSettings.ccs (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\SharedSettings.sqlite (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\SharedSettings_1_0_5.ccs (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\SharedSettings_1_0_5.sqlite (failed)
- C:\Documents and Settings\<USER>\Application Data\CoffeeCup Software\SharedSettings.ccs (failed)
- C:\Documents and Settings\<USER>\Application Data\CoffeeCup Software\SharedSettings.sqlite (failed)
- C:\Documents and Settings\<USER>\Application Data\CoffeeCup Software\SharedSettings_1_0_5.ccs (failed)
- C:\Documents and Settings\<USER>\Application Data\CoffeeCup Software\SharedSettings_1_0_5.sqlite (failed)
- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software\SharedSettings.ccs (failed)
- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software\SharedSettings.sqlite (failed)
- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software\SharedSettings_1_0_5.ccs (failed)
- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software\SharedSettings_1_0_5.sqlite (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\CoffeeCup Software\SharedSettings.ccs (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\CoffeeCup Software\SharedSettings.sqlite (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\CoffeeCup Software\SharedSettings_1_0_5.ccs (failed)
- C:\Documents and Settings\<USER>\Local Settings\Application Data\CoffeeCup Software\SharedSettings_1_0_5.sqlite (failed)
- C:\WINDOWS\32BitFtp.ini (failed)
- c:\autoexec.bat (successful)
- C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\Client Hash (failed)
Add Comment
Please, Sign In to add comment