%Program Files% (x86)\STOPzilla\Drivers\amd64\wlh\sbfw.sys (262 bytes)Ĭ:\Users\'%CurrentUserName%'\AppData\Local\Temp\DRVSetup\SetupDrv.log (17489 bytes)Ĭ:\Windows\System32\drivers\sbapifs.sys (90 bytes)Ĭ:\Windows\System32\drivers\SbFw.sys (1543 bytes) %Program Files% (x86)\STOPzilla\Drivers\amd64\wlh\SBWTIS.sys (90 bytes) %Program Files% (x86)\STOPzilla\Drivers\amd64\wlh\sbhips.sys (65 bytes)Ĭ:\Windows\System32\drivers\sbhips.sys (65 bytes) %Program Files% (x86)\STOPzilla\Drivers\amd64\sbapifs.sys (90 bytes) %Program Files% (x86)\STOPzilla\Drivers\amd64\wnet\SbFwIm.sys (122 bytes) The Trojan creates and/or writes to the following file(s):Ĭ:\Windows\System32\drivers\sbwtis.sys (90 bytes) The process SBSetupDrivers.exe:3152 makes changes in the file system. The following mutexes were created/opened:
The Trojan injects its code into the following process(es): The Trojan creates the following process(es): The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.Ī bot can communicate with command and control servers via IRC channel. It writes its executable and creates 'autorun.inf' scripts on all removable drives.
