Trojan.DownLoader35.58533

Technical Information

Modifies file system

Creates the following files

%TEMP%\is-rnfoo.tmp\<File name>.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-s5fsq.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-a61ov.tmp
%ProgramFiles(x86)%\twis copy\is-hs8i1.tmp
%ProgramFiles(x86)%\twis copy\is-u0lch.tmp
%ProgramFiles(x86)%\twis copy\is-j6k3b.tmp
%ProgramFiles(x86)%\twis copy\is-ceegj.tmp
%ProgramFiles(x86)%\twis copy\is-7aur3.tmp
%ProgramFiles(x86)%\twis copy\is-lklor.tmp
%ProgramFiles(x86)%\twis copy\is-6uars.tmp
%ProgramFiles(x86)%\twis copy\is-328i9.tmp
%WINDIR%\is-r7a6h.tmp
%ProgramFiles(x86)%\twis copy\help\is-33s13.tmp
%ProgramFiles(x86)%\twis copy\is-90dg5.tmp
%WINDIR%\syswow64\is-566ep.tmp
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\twis copy\twis copy.lnk
%ProgramFiles(x86)%\twis copy\skins\0\is-l57de.tmp
%ProgramFiles(x86)%\twis copy\windvdcopy.url
%ProgramFiles(x86)%\twis copy\skins\0\is-391rj.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-dt52i.tmp
%TEMP%\is-nhsvs.tmp\_isetup\_setup64.tmp
%TEMP%\is-nhsvs.tmp\_isetup\_shfoldr.dll
%TEMP%\is-nhsvs.tmp\_isetup\_isdecmp.dll
%TEMP%\is-nhsvs.tmp\_isetup\_iscrypt.dll
%ProgramFiles(x86)%\twis copy\is-4b9ca.tmp
%ProgramFiles(x86)%\twis copy\language\is-kud6m.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-175nr.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-3m3fr.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-iqfj3.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-348rm.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-4ouvq.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-2kciq.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-57j8v.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-2pac2.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-n6i0p.tmp
%ProgramFiles(x86)%\twis copy\skins\0\is-tmcem.tmp
%ProgramFiles(x86)%\twis copy\unins000.dat

Moves the following files

from %ProgramFiles(x86)%\twis copy\is-4b9ca.tmp to %ProgramFiles(x86)%\twis copy\unins000.exe
from %ProgramFiles(x86)%\twis copy\help\is-33s13.tmp to %ProgramFiles(x86)%\twis copy\help\winavi dvd copy help.chm
from %WINDIR%\is-r7a6h.tmp to %WINDIR%\windvdbootrecdoe.sys
from %ProgramFiles(x86)%\twis copy\is-328i9.tmp to %ProgramFiles(x86)%\twis copy\readme.txt
from %ProgramFiles(x86)%\twis copy\is-6uars.tmp to %ProgramFiles(x86)%\twis copy\videoburn.dll
from %ProgramFiles(x86)%\twis copy\is-lklor.tmp to %ProgramFiles(x86)%\twis copy\fileio.dll
from %ProgramFiles(x86)%\twis copy\is-7aur3.tmp to %ProgramFiles(x86)%\twis copy\aspi.dll
from %ProgramFiles(x86)%\twis copy\is-ceegj.tmp to %ProgramFiles(x86)%\twis copy\dvdcopy.dll
from %ProgramFiles(x86)%\twis copy\is-j6k3b.tmp to %ProgramFiles(x86)%\twis copy\core.dll
from %ProgramFiles(x86)%\twis copy\is-u0lch.tmp to %ProgramFiles(x86)%\twis copy\dvd2one.dll
from %ProgramFiles(x86)%\twis copy\is-hs8i1.tmp to %ProgramFiles(x86)%\twis copy\mpeg2videotranslator.dll
from %ProgramFiles(x86)%\twis copy\skins\0\is-a61ov.tmp to %ProgramFiles(x86)%\twis copy\skins\0\animation.gif
from %ProgramFiles(x86)%\twis copy\skins\0\is-s5fsq.tmp to %ProgramFiles(x86)%\twis copy\skins\0\copynow.bmp
from %ProgramFiles(x86)%\twis copy\is-90dg5.tmp to %ProgramFiles(x86)%\twis copy\mwiscopy.exe
from %ProgramFiles(x86)%\twis copy\skins\0\is-l57de.tmp to %ProgramFiles(x86)%\twis copy\skins\0\setting.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-tmcem.tmp to %ProgramFiles(x86)%\twis copy\skins\0\down.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-dt52i.tmp to %ProgramFiles(x86)%\twis copy\skins\0\wizard.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-n6i0p.tmp to %ProgramFiles(x86)%\twis copy\skins\0\splash.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-2pac2.tmp to %ProgramFiles(x86)%\twis copy\skins\0\min.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-57j8v.tmp to %ProgramFiles(x86)%\twis copy\skins\0\menu.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-2kciq.tmp to %ProgramFiles(x86)%\twis copy\skins\0\help.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-4ouvq.tmp to %ProgramFiles(x86)%\twis copy\skins\0\close.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-348rm.tmp to %ProgramFiles(x86)%\twis copy\skins\0\web.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-iqfj3.tmp to %ProgramFiles(x86)%\twis copy\skins\0\buynow.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-3m3fr.tmp to %ProgramFiles(x86)%\twis copy\skins\0\background.bmp
from %ProgramFiles(x86)%\twis copy\skins\0\is-175nr.tmp to %ProgramFiles(x86)%\twis copy\skins\0\skin.ini
from %ProgramFiles(x86)%\twis copy\language\is-kud6m.tmp to %ProgramFiles(x86)%\twis copy\language\english.ini
from %ProgramFiles(x86)%\twis copy\skins\0\is-391rj.tmp to %ProgramFiles(x86)%\twis copy\skins\0\select.bmp
from %WINDIR%\syswow64\is-566ep.tmp to %WINDIR%\syswow64\sqlite3.dll

Network activity

TCP

'ma#####amenameper.club':443

UDP

DNS ASK ma#####amenameper.club

Miscellaneous

Searches for the following windows

ClassName: 'BE20112D-E453-11D1-945A-0C04FB9804F9' WindowName: ''

Creates and executes the following

'%TEMP%\is-rnfoo.tmp\<File name>.tmp' /SL5="$B0218,4168578,211456,<Full path to file>"
'%ProgramFiles(x86)%\twis copy\mwiscopy.exe'

Your browser is obsolete!

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial

Doctor Web in social networks

For Telegram

Other Dr.Web resources