Home / malwarePDF  

Ransom:Win32/Genasom.KF


First posted on 07 July 2019.
Source: Microsoft

Aliases :

Ransom:Win32/Genasom.KF is also known as Trojan-Spy.Win32.Zbot.ffpm, Troj/Buzus-HH.

Explanation :

This threat is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer. Installation It copies itself to c:documents and settingsadministratorapplication datawsf3cmct.exe.   The malware modifies the following registry entries to ensure that its copy executes at each Windows start:

Adds value: "jICc7n9BYxBTRVw"
With data: "c:documents and settingsadministratorapplication datawsf3cmct.exe"
To subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun   Adds value: "Shell"
With data: "c:documents and settingsadministratorapplication datawsf3cmct.exe"
To subkey: HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon   The malware creates the following files on an affected computer:
c:documents and settingsadministratorapplication datamacromediaflash playermacromedia.comsupportflashplayersyssettings.sol c:documents and settingsadministratorapplication datamacromediaflash playermacromedia.comsupportflashplayersys#konugani.comsettings.sol c:documents and settingsadministratorapplication data
oamingmacromediaflash playermacromedia.comsupportflashplayersyssettings.sol c:documents and settingsadministratorapplication data
oamingmacromediaflash playermacromedia.comsupportflashplayersys#konugani.comsettings.sol Payload Contacts remote host It may contact a remote host at konugani.com using port 80. Commonly, malware may contact a remote host for the following purposes: To report a new infection to its author To receive configuration or other data To download and execute arbitrary files (including updates or additional malware) To receive instruction from a remote attacker To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 75a3d7e9677d71570cbb8798b35dc812a80e7187.

Last update 07 July 2019

 

TOP