AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:自动化恶意档案,分析,搬迁和签名信息: DEFINITION OF: MROFINU403.EXE定义: mrofinu403.exe Safety Rating: Known malware, do not run安全评价:被称为恶意软件,不运行 Determination: Automatically determined using Prevx centralized heuristics决心:自动决心用Prevx以集中启发式 Protection: Prevx provides powerful security products that you can use to detect, remove and protect you from MROFINU403.EXE and safeguard your PC against viruses, trojans, worms, spyware, rootkits and adware保护: Prevx以提供强大的安全产品,您可以使用侦测,清除保护你不受mrofinu403.exe和保护PC免受病毒,特洛伊木马病毒,蠕虫,间谍软件, rootkit和广告软件 Why risk having spyware on your PC when it takes less than 2 minutes to thoroughly check it with Prevx CSI?为什么风险过间谍软件对个人电脑的时候,它不到2分钟,以彻底检查它与Prevx以CSI是谁? And it is totally free. Click here to check your PC with Prevx CSI Now .它是完全免费, 按这里检查你的电脑与Prevx以倡议。 First seen: Dec 12 2007 (GMT)第一次看到: 2007年12月12日(格林威治标准时间) Last seen: Dec 12 2007 (GMT)上次登陆时间: 07年12月12日(格林威治标准时间) File Size: 39,936 bytes文件大小: 39936字节 MALWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY 恶意评价说: Prevx以四轴线邪恶方法论 1. 1 。 COVERT ANALYSIS OF: MROFINU403.EXE隐蔽分析: mrofinu403.exe File Names Used: 29文件中使用的名称: 29 Paths Used: 6通路: 6 Common File Name: MROFINU403.EXE共同文件名: mrofinu403.exe Common Path: %WINDIR%\共同的路径: % windir % \ Vendor Information: No Vendor details specified供应商信息:没有卖方资料指明 Version Information: 0, 0, 0, 0版本信息: 0 , 0 , 0 , 0 MROFINU403.EXE may use 29 or more path and file names, these are the most common: mrofinu403.exe可使用29个或更多的路径和文件名,这些都是最常见的: 1 :%TEMP%\TMP3F.TMP 1 : %温度% \ tmp3f.tmp 2 :%TEMP%\TMP86.TMP 2 : %温度% \ tmp86.tmp 3 :%WINDIR%\17PHOLMES1000106.EXE 3 : % windir % \ 17pholmes1000106.exe 4 :%WINDIR%\17PHOLMES1148.EXE 4 : % windir % \ 17pholmes1148.exe 5 :%WINDIR%\17PHOLMES1188.EXE 5 : % windir % \ 17pholmes1188.exe 6 :%WINDIR%\17PHOLMES27.EXE 6 : % windir % \ 17pholmes27.exe 7 :%WINDIR%\17PHOLMES572.EXE 7 : % windir % \ 17pholmes572.exe 8 :%WINDIR%\17PHOLMES72.EXE 8 : % windir % \ 17pholmes72.exe 9 :%WINDIR%\17PHOLMES77.EXE 9 : % windir % \ 17pholmes77.exe 10:%WINDIR%\17PHOLMES922.EXE 10 : % windir % \ 17pholmes922.exe 11:%WINDIR%\MROFINU1000106 .EXE 11 : % windir % \ mrofinu1000106下生成 12:%WINDIR%\MROFINU1000106.EXE 12 : % windir % \ mrofinu1000106.exe 13:%WINDIR%\MROFINU1000904.EXE 13 : % windir % \ mrofinu1000904.exe 14:%WINDIR%\MROFINU11.EXE 14 : % windir % \ mrofinu11.exe 15:%WINDIR%\MROFINU1148.EXE 15 : % windir % \ mrofinu1148.exe File Name Structure: Normal档案名称结构:正常 File and Path Structure: Suspicious, unusually high number of file and path combinations文件和路径结构:可疑,异常高的数目文件和路径组合 2. 2 。 RELATIONSHIP ANALYSIS OF: MROFINU403.EXE相关分析: mrofinu403.exe Malicious Objects Created: 13 objects恶意物体创造: 13物体 Malicious Creators: 9恶意创作者: 9 Malware Run Keys: Creates registry run keys for known malware objects恶意软件运行键:创建注册开办的按键,可称为恶意软件对象 Self Persists: Yes, creates copies of itself自我坚持:是的,创造自己的副本 Antivirus Detection: No third party antivirus detection observed防毒侦测:没有第三方防毒侦测观察 Anti-Spyware Detection: No third party anti-spyware detection observed反间谍软件检测:没有第三方反间谍检测观察 3. 3 。 ACTIVITY ANALYSIS OF: MROFINU403.EXE活性分析: mrofinu403.exe The following behaviors have been observed for this object:下列行为已经观察到这个对象: Installs programs.安装程式。 Deletes programs.删除节目。 Invokes dll components.引用的DLL组件。 Creates Run Keys.创建运行键。 Runs other programs.运行其他程序。 Communicates with web sites using httpout protocols.与网站进行信息交流使用httpout议定书。 Creates registry entries.创建注册表条目。 Creates run keys for known malware.创建办按键,可称为恶意软件。 Creates known malware.创建已知恶意软件。 Creates copies of itself.创建自己的副本。参考资料:Google上找mrofinu403.exe就知道了
已赞过已踩过< |
