Search
Keyword: win32
\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{C7EDAB21-D7F9-11D8-BA48-C79B0C409D70}\1.0\ HELPDIR HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Interface\{C7EDAB2D-D7F9-11D8-BA48-C79B0C409D70}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE
\Classes\ TypeLib\{308E283B-69A8-44B8-BD22-FAA03EDFE453}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{308E283B-69A8-44B8-BD22-FAA03EDFE453}\1.0\ HELPDIR HKEY_LOCAL_MACHINE\SOFTWARE\Classes
\Classes\ TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\
\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\ HELPDIR HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\ HELPDIR HKEY_LOCAL_MACHINE
\Classes\ TypeLib\{D9F82311-69F1-44BE-90C1-B790ADF9BAC7}\1.0\ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{D9F82311-69F1-44BE-90C1-B790ADF9BAC7}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{1ED3D9A8-4F0C-43A4-A53A-7474720FA112}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{1ED3D9A8-4F0C-43A4-A53A-7474720FA112}\1.0\ HELPDIR HKEY_LOCAL_MACHINE
\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{67E44FBA-BB6D-459E-8C76-7790AFF7DBDC}\1.0\ HELPDIR HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Interface\{50374E77-E1F3-423E-B217-B258B5299A88}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{10026069-7A5F-4531-811E-C8DF20643BEE}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{10026069-7A5F-4531-811E-C8DF20643BEE}\1.0\ HELPDIR HKEY_LOCAL_MACHINE
(Default) = "Installer 1.0 Type Library" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{GUID}\1.0\ FLAGS (Default) = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{GUID}\1.0\ 0\win32 (Default) = "C:
(Default) = "Installer 1.0 Type Library" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{GUID}\1.0\ FLAGS (Default) = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{GUID}\1.0\ 0\win32 (Default) = "C:
analysis system. [1.exe]:New Win32 !! (McAfee); Trojan Horse (Symantec); Trojan.Win32.Pasta.aagj (Kaspersky); Mal/Behav-160 (Sophos); Trojan.Win32.Generic.pak!cobra (Sunbelt); Trojan horse
connects to the following possibly malicious URL: http://user.{BLOCKED}e.qq.com/2099397324 This report is generated via an automated analysis system. [1.exe]:New Win32 !! (McAfee); Trojan.Win32.Generic.pak
when a user accesses the drives of an affected system. The said .INF file contains the following strings: [autorun] open=Sys.exe action=Run win32 Information Theft This worm gathers the following data:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{34A24C1F-46A0-46B1-92C9-210132D85E60}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{34A24C1F-46A0-46B1-92C9-210132D85E60}\1.0\ HELPDIR HKEY_LOCAL_MACHINE
\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\ HELPDIR HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Interface\{9EFB101A-EA9A-4065-B8A4-8963FC57C446}
\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{B360243E-09E8-402F-8721-00B6798089AD}\1.0\ HELPDIR HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Interface\{4B66E1DF-4DE3-4CDA-83B5-11673EADAB0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{847DBF6B-6AC8-4122-9C93-6B5B946C2903}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{847DBF6B-6AC8-4122-9C93-6B5B946C2903}\1.0\ HELPDIR HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{F171A442-7AF5-43E1-AFED-EDC826A1B0F5}\1.0\ 0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ TypeLib\{F171A442-7AF5-43E1-AFED-EDC826A1B0F5}\1.0\ HELPDIR HKEY_LOCAL_MACHINE