Trojan.Siggen14.59387

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKCU>\Software\Classes\kinship\shell\open\command] '' = '"%LOCALAPPDATA%\Programs\Kinship\Kinship.exe" "%1"'

Creates or modifies the following files

%APPDATA%\microsoft\windows\start menu\programs\startup\kinship sync.lnk

Modifies file system

Creates the following files

%LOCALAPPDATA%\kinship\logs\sync.log
%LOCALAPPDATA%\programs\kinship\2020\is-0lib0.tmp
%LOCALAPPDATA%\programs\kinship\is-1b57o.tmp
%LOCALAPPDATA%\programs\kinship\2019\is-6i5bv.tmp
%LOCALAPPDATA%\programs\kinship\2019\is-us9f2.tmp
%LOCALAPPDATA%\programs\kinship\2019\is-rg9g4.tmp
%LOCALAPPDATA%\programs\kinship\2019\is-1locj.tmp
%LOCALAPPDATA%\programs\kinship\2020\is-6d0ke.tmp
%LOCALAPPDATA%\programs\kinship\2019\is-blmb4.tmp
%LOCALAPPDATA%\programs\kinship\is-8052s.tmp
%LOCALAPPDATA%\programs\kinship\2018\is-jhjto.tmp
%LOCALAPPDATA%\programs\kinship\2018\is-0cn9i.tmp
%LOCALAPPDATA%\programs\kinship\2018\is-c00m6.tmp
%LOCALAPPDATA%\programs\kinship\2018\is-5he7i.tmp
%LOCALAPPDATA%\programs\kinship\2018\is-nno2f.tmp
%LOCALAPPDATA%\programs\kinship\2019\is-rvcts.tmp
%LOCALAPPDATA%\programs\kinship\2021\is-07n6o.tmp
%LOCALAPPDATA%\programs\kinship\2022\is-l132q.tmp
%LOCALAPPDATA%\programs\kinship\2020\is-l4jj8.tmp
%LOCALAPPDATA%\programs\kinship\2022\is-cabac.tmp
%LOCALAPPDATA%\programs\kinship\2022\is-esd6u.tmp
%LOCALAPPDATA%\programs\kinship\2022\is-udslt.tmp
%LOCALAPPDATA%\programs\kinship\2022\is-11hqo.tmp
%LOCALAPPDATA%\programs\kinship\2022\is-mr8mv.tmp
%LOCALAPPDATA%\programs\kinship\is-d0pl8.tmp
%LOCALAPPDATA%\programs\kinship\2018\is-7u6lg.tmp
%LOCALAPPDATA%\programs\kinship\2021\is-vvkuv.tmp
%LOCALAPPDATA%\programs\kinship\2021\is-vkdni.tmp
%LOCALAPPDATA%\programs\kinship\2021\is-8lmap.tmp
%LOCALAPPDATA%\programs\kinship\2021\is-7qscl.tmp
%LOCALAPPDATA%\programs\kinship\2021\is-bdqa3.tmp
%LOCALAPPDATA%\programs\kinship\is-idq6e.tmp
%LOCALAPPDATA%\programs\kinship\2020\is-mgeco.tmp
%LOCALAPPDATA%\programs\kinship\2020\is-akg1q.tmp
%LOCALAPPDATA%\programs\kinship\2020\is-frcs0.tmp
%LOCALAPPDATA%\programs\kinship\is-clm15.tmp
%LOCALAPPDATA%\programs\kinship\2015\is-b8pli.tmp
%LOCALAPPDATA%\programs\kinship\is-u7f16.tmp
%LOCALAPPDATA%\programs\kinship\is-5kl80.tmp
%LOCALAPPDATA%\programs\kinship\is-k1ef0.tmp
%LOCALAPPDATA%\programs\kinship\is-drg9s.tmp
%LOCALAPPDATA%\programs\kinship\is-v29a3.tmp
%LOCALAPPDATA%\programs\kinship\is-igcgp.tmp
%LOCALAPPDATA%\programs\kinship\2015\is-k7fcd.tmp
%LOCALAPPDATA%\programs\kinship\is-8ldoi.tmp
%TEMP%\is-532ms.tmp\_isetup\_setup64.tmp
%LOCALAPPDATA%\kinship\logs\sync-update.log.log
%TEMP%\is-31p24.tmp\kinshipsetup.tmp
%LOCALAPPDATA%\kinship\kinshipsetup.exe
%ALLUSERSPROFILE%\kinship\kinshiptemp-1.42.1.0\kinshipsetup.exe
unc\shnvbcn*\mailslot\net\netlogon
%LOCALAPPDATA%\programs\kinship\is-2lpap.tmp
%LOCALAPPDATA%\programs\kinship\2016\is-fpjqk.tmp
%LOCALAPPDATA%\programs\kinship\2017\is-qthm1.tmp
%LOCALAPPDATA%\programs\kinship\2015\is-h4pnu.tmp
%LOCALAPPDATA%\programs\kinship\2017\is-klv17.tmp
%LOCALAPPDATA%\programs\kinship\2017\is-j83s3.tmp
%LOCALAPPDATA%\programs\kinship\2017\is-odbbh.tmp
%LOCALAPPDATA%\programs\kinship\2017\is-2jk7l.tmp
%LOCALAPPDATA%\programs\kinship\is-dh92u.tmp
%LOCALAPPDATA%\programs\kinship\2016\is-hugo8.tmp
%LOCALAPPDATA%\programs\kinship\2017\is-fid6b.tmp
%LOCALAPPDATA%\programs\kinship\2016\is-gbl7c.tmp
%LOCALAPPDATA%\programs\kinship\2016\is-asdku.tmp
%LOCALAPPDATA%\programs\kinship\2016\is-lbsqr.tmp
%LOCALAPPDATA%\programs\kinship\2016\is-hhse3.tmp
%LOCALAPPDATA%\programs\kinship\is-lmv66.tmp
%LOCALAPPDATA%\programs\kinship\2015\is-nh7le.tmp
%LOCALAPPDATA%\programs\kinship\2015\is-s8bt5.tmp
%LOCALAPPDATA%\programs\kinship\2015\is-a6m6n.tmp
%LOCALAPPDATA%\programs\kinship\unins000.dat

Deletes the following files

%TEMP%\is-532ms.tmp\_isetup\_setup64.tmp
%TEMP%\is-31p24.tmp\kinshipsetup.tmp
%LOCALAPPDATA%\kinship\kinshipsetup.exe
%APPDATA%\microsoft\windows\start menu\programs\startup\kinship sync.lnk

Moves the following files

from %LOCALAPPDATA%\programs\kinship\is-2lpap.tmp to %LOCALAPPDATA%\programs\kinship\unins000.exe
from %LOCALAPPDATA%\programs\kinship\is-8052s.tmp to %LOCALAPPDATA%\programs\kinship\plugin2019.addin
from %LOCALAPPDATA%\programs\kinship\2019\is-rvcts.tmp to %LOCALAPPDATA%\programs\kinship\2019\kinship2019.dll
from %LOCALAPPDATA%\programs\kinship\2019\is-blmb4.tmp to %LOCALAPPDATA%\programs\kinship\2019\lucene.net.dll
from %LOCALAPPDATA%\programs\kinship\2019\is-1locj.tmp to %LOCALAPPDATA%\programs\kinship\2019\ncalc.dll
from %LOCALAPPDATA%\programs\kinship\2019\is-rg9g4.tmp to %LOCALAPPDATA%\programs\kinship\2019\e.rvt
from %LOCALAPPDATA%\programs\kinship\2019\is-us9f2.tmp to %LOCALAPPDATA%\programs\kinship\2019\microsoft.windowsapicodepack.shell.dll
from %LOCALAPPDATA%\programs\kinship\2019\is-6i5bv.tmp to %LOCALAPPDATA%\programs\kinship\2019\microsoft.windowsapicodepack.dll
from %LOCALAPPDATA%\programs\kinship\is-1b57o.tmp to %LOCALAPPDATA%\programs\kinship\plugin2020.addin
from %LOCALAPPDATA%\programs\kinship\2020\is-0lib0.tmp to %LOCALAPPDATA%\programs\kinship\2020\kinship2020.dll
from %LOCALAPPDATA%\programs\kinship\2020\is-6d0ke.tmp to %LOCALAPPDATA%\programs\kinship\2020\lucene.net.dll
from %LOCALAPPDATA%\programs\kinship\2020\is-akg1q.tmp to %LOCALAPPDATA%\programs\kinship\2020\ncalc.dll
from %LOCALAPPDATA%\programs\kinship\2020\is-frcs0.tmp to %LOCALAPPDATA%\programs\kinship\2020\e.rvt
from %LOCALAPPDATA%\programs\kinship\2018\is-0cn9i.tmp to %LOCALAPPDATA%\programs\kinship\2018\microsoft.windowsapicodepack.shell.dll
from %LOCALAPPDATA%\programs\kinship\2018\is-jhjto.tmp to %LOCALAPPDATA%\programs\kinship\2018\microsoft.windowsapicodepack.dll
from %LOCALAPPDATA%\programs\kinship\2020\is-l4jj8.tmp to %LOCALAPPDATA%\programs\kinship\2020\microsoft.windowsapicodepack.shell.dll
from %LOCALAPPDATA%\programs\kinship\2021\is-bdqa3.tmp to %LOCALAPPDATA%\programs\kinship\2021\kinship2021.dll
from %LOCALAPPDATA%\programs\kinship\2021\is-7qscl.tmp to %LOCALAPPDATA%\programs\kinship\2021\lucene.net.dll
from %LOCALAPPDATA%\programs\kinship\2021\is-8lmap.tmp to %LOCALAPPDATA%\programs\kinship\2021\ncalc.dll
from %LOCALAPPDATA%\programs\kinship\2021\is-vkdni.tmp to %LOCALAPPDATA%\programs\kinship\2021\e.rvt
from %LOCALAPPDATA%\programs\kinship\2021\is-07n6o.tmp to %LOCALAPPDATA%\programs\kinship\2021\microsoft.windowsapicodepack.shell.dll
from %LOCALAPPDATA%\programs\kinship\2021\is-vvkuv.tmp to %LOCALAPPDATA%\programs\kinship\2021\microsoft.windowsapicodepack.dll
from %LOCALAPPDATA%\programs\kinship\is-d0pl8.tmp to %LOCALAPPDATA%\programs\kinship\plugin2022.addin
from %LOCALAPPDATA%\programs\kinship\2022\is-mr8mv.tmp to %LOCALAPPDATA%\programs\kinship\2022\kinship2022.dll
from %LOCALAPPDATA%\programs\kinship\2022\is-11hqo.tmp to %LOCALAPPDATA%\programs\kinship\2022\lucene.net.dll
from %LOCALAPPDATA%\programs\kinship\2022\is-udslt.tmp to %LOCALAPPDATA%\programs\kinship\2022\ncalc.dll
from %LOCALAPPDATA%\programs\kinship\2022\is-esd6u.tmp to %LOCALAPPDATA%\programs\kinship\2022\e.rvt
from %LOCALAPPDATA%\programs\kinship\2022\is-cabac.tmp to %LOCALAPPDATA%\programs\kinship\2022\microsoft.windowsapicodepack.shell.dll
from %LOCALAPPDATA%\programs\kinship\2020\is-mgeco.tmp to %LOCALAPPDATA%\programs\kinship\2020\microsoft.windowsapicodepack.dll
from %LOCALAPPDATA%\programs\kinship\is-idq6e.tmp to %LOCALAPPDATA%\programs\kinship\plugin2021.addin
from %LOCALAPPDATA%\programs\kinship\2018\is-c00m6.tmp to %LOCALAPPDATA%\programs\kinship\2018\e.rvt
from %LOCALAPPDATA%\programs\kinship\2018\is-5he7i.tmp to %LOCALAPPDATA%\programs\kinship\2018\ncalc.dll
from %LOCALAPPDATA%\programs\kinship\2018\is-nno2f.tmp to %LOCALAPPDATA%\programs\kinship\2018\lucene.net.dll
from %LOCALAPPDATA%\programs\kinship\is-igcgp.tmp to %LOCALAPPDATA%\programs\kinship\whatsnew.txt
from %LOCALAPPDATA%\programs\kinship\is-v29a3.tmp to %LOCALAPPDATA%\programs\kinship\shortcuts.xml
from %LOCALAPPDATA%\programs\kinship\is-drg9s.tmp to %LOCALAPPDATA%\programs\kinship\lucene.net.dll
from %LOCALAPPDATA%\programs\kinship\is-k1ef0.tmp to %LOCALAPPDATA%\programs\kinship\kinship.exe
from %LOCALAPPDATA%\programs\kinship\is-5kl80.tmp to %LOCALAPPDATA%\programs\kinship\microsoft.identitymodel.clients.activedirectory.dll
from %LOCALAPPDATA%\programs\kinship\is-u7f16.tmp to %LOCALAPPDATA%\programs\kinship\plugin2015.addin
from %LOCALAPPDATA%\programs\kinship\2015\is-k7fcd.tmp to %LOCALAPPDATA%\programs\kinship\2015\kinship2015.dll
from %LOCALAPPDATA%\programs\kinship\2015\is-a6m6n.tmp to %LOCALAPPDATA%\programs\kinship\2015\lucene.net.dll
from %LOCALAPPDATA%\programs\kinship\2015\is-b8pli.tmp to %LOCALAPPDATA%\programs\kinship\2015\ncalc.dll
from %LOCALAPPDATA%\programs\kinship\2015\is-h4pnu.tmp to %LOCALAPPDATA%\programs\kinship\2015\e.rvt
from %LOCALAPPDATA%\programs\kinship\2015\is-s8bt5.tmp to %LOCALAPPDATA%\programs\kinship\2015\microsoft.windowsapicodepack.shell.dll
from %LOCALAPPDATA%\programs\kinship\2015\is-nh7le.tmp to %LOCALAPPDATA%\programs\kinship\2015\microsoft.windowsapicodepack.dll
from %LOCALAPPDATA%\programs\kinship\is-lmv66.tmp to %LOCALAPPDATA%\programs\kinship\plugin2016.addin
from %LOCALAPPDATA%\programs\kinship\is-8ldoi.tmp to %LOCALAPPDATA%\programs\kinship\license.txt
from %LOCALAPPDATA%\programs\kinship\2016\is-hhse3.tmp to %LOCALAPPDATA%\programs\kinship\2016\kinship2016.dll
from %LOCALAPPDATA%\programs\kinship\2016\is-asdku.tmp to %LOCALAPPDATA%\programs\kinship\2016\ncalc.dll
from %LOCALAPPDATA%\programs\kinship\2016\is-fpjqk.tmp to %LOCALAPPDATA%\programs\kinship\2016\e.rvt
from %LOCALAPPDATA%\programs\kinship\2016\is-gbl7c.tmp to %LOCALAPPDATA%\programs\kinship\2016\microsoft.windowsapicodepack.shell.dll
from %LOCALAPPDATA%\programs\kinship\2016\is-hugo8.tmp to %LOCALAPPDATA%\programs\kinship\2016\microsoft.windowsapicodepack.dll
from %LOCALAPPDATA%\programs\kinship\is-dh92u.tmp to %LOCALAPPDATA%\programs\kinship\plugin2017.addin
from %LOCALAPPDATA%\programs\kinship\2017\is-2jk7l.tmp to %LOCALAPPDATA%\programs\kinship\2017\kinship2017.dll
from %LOCALAPPDATA%\programs\kinship\2017\is-odbbh.tmp to %LOCALAPPDATA%\programs\kinship\2017\lucene.net.dll
from %LOCALAPPDATA%\programs\kinship\2017\is-j83s3.tmp to %LOCALAPPDATA%\programs\kinship\2017\ncalc.dll
from %LOCALAPPDATA%\programs\kinship\2017\is-klv17.tmp to %LOCALAPPDATA%\programs\kinship\2017\e.rvt
from %LOCALAPPDATA%\programs\kinship\2017\is-qthm1.tmp to %LOCALAPPDATA%\programs\kinship\2017\microsoft.windowsapicodepack.shell.dll
from %LOCALAPPDATA%\programs\kinship\2017\is-fid6b.tmp to %LOCALAPPDATA%\programs\kinship\2017\microsoft.windowsapicodepack.dll
from %LOCALAPPDATA%\programs\kinship\is-clm15.tmp to %LOCALAPPDATA%\programs\kinship\plugin2018.addin
from %LOCALAPPDATA%\programs\kinship\2018\is-7u6lg.tmp to %LOCALAPPDATA%\programs\kinship\2018\kinship2018.dll
from %LOCALAPPDATA%\programs\kinship\2016\is-lbsqr.tmp to %LOCALAPPDATA%\programs\kinship\2016\lucene.net.dll
from %LOCALAPPDATA%\programs\kinship\2022\is-l132q.tmp to %LOCALAPPDATA%\programs\kinship\2022\microsoft.windowsapicodepack.dll
from %LOCALAPPDATA%\kinship\logs\sync.log to %LOCALAPPDATA%\kinship\logs\sync.bak.log

Substitutes the following files

%LOCALAPPDATA%\kinship\logs\sync.log

Network activity

Connects to

'ap#.#inship.io':443
'microsoft.com':80

TCP

Other

'ap#.#inship.io':443

UDP

DNS ASK ap#.#inship.io
DNS ASK microsoft.com

Miscellaneous

Creates and executes the following

'%LOCALAPPDATA%\kinship\kinshipsetup.exe' /VERYSILENT /LOG="%LOCALAPPDATA%\Kinship\Logs\sync-update.log.log"
'%TEMP%\is-31p24.tmp\kinshipsetup.tmp' /SL5="$15021A,5611768,978432,%LOCALAPPDATA%\Kinship\KinshipSetup.exe" /VERYSILENT /LOG="%LOCALAPPDATA%\Kinship\Logs\sync-update.log.log"
'%TEMP%\is-532ms.tmp\_isetup\_setup64.tmp' 105 0x270
'%LOCALAPPDATA%\programs\kinship\kinship.exe' /install /msi=0

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial