Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Win32.HLLP.Logo.origin

Added to the Dr.Web virus database: 2019-08-07

Virus description added:

Technical Information

Malicious functions
Executes the following
  • '<SYSTEM32>\net.exe' stop "Kingsoft AntiVirus Service"
Injects code into
the following user processes:
  • iexplore.exe
Modifies file system
Creates the following files
  • <Current directory>\virdll.dll
Modifies the HOSTS file.
Network activity
Connects to
  • '<LOCALNET>.37.1':445
  • '<LOCALNET>.37.1':139
  • '<LOCALNET>.37.1':80
UDP
  • DNS ASK sz##k.com
Miscellaneous
Searches for the following windows
  • ClassName: 'RavMonClass' WindowName: 'RavMon.exe'
  • ClassName: 'Tapplication' WindowName: 'ÌìÍø·À»ðǽ¸öÈË°æ'
  • ClassName: 'Tapplication' WindowName: 'ÌìÍø·À»ðǽÆóÒµ°æ'
  • ClassName: 'TForm1' WindowName: ''
  • ClassName: 'TfLockDownMain' WindowName: ''
  • ClassName: 'ZAFrameWnd' WindowName: 'ZoneAlarm'
Creates and executes the following
  • '<SYSTEM32>\net.exe' stop "Kingsoft AntiVirus Service"' (with hidden window)
Executes the following
  • '<SYSTEM32>\net1.exe' stop "Kingsoft AntiVirus Service"

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040