Win32/StoneDrill [Threat Name] go to Threat

Win32/StoneDrill.A [Threat Variant Name]

Category trojan
Size 195072 B
Detection created Mar 07, 2017
Detection database version 15049
Short description

Win32/StoneDrill.A is a trojan that deletes all files on the local and removable drives. The trojan can overwrite the entire contents of the drives with random data.

Installation

The trojan does not create any copies of itself.


The trojan creates the following files:

  • %temp%\­C-Dlt-C-Trsh-T.tmp
  • %temp%\­C-Dlt-C-Org-T.vbs

The trojan executes the following command:

  • cmd /c WMIC Process Call Create "C:\­Windows\­System32\­Wscript.exe /NOLOGO %temp%\­C-Dlt-C-Org-T.vbs"

Then the trojan deletes these files.


The trojan then removes itself from the computer.

Payload information

The trojan creates and runs a new thread with its own program code within the following processes:

  • %programfilesx86%\­Internet Explorer\­iexplore.exe
  • %variable1%

Instead of %variable1% , the value(s) are taken from the following Registry entry:

  • [HKEY_CLASSES_ROOT\­%variable2%\­shell\­open\­command]
    • "(Default)"

Instead of %variable2% , the value(s) are taken from the following Registry entry:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­Shell\­Associations\­UrlAssociations\­http\­UserChoice]
    • "ProgId"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­Shell\­Associations\­UrlAssociations\­http\­UserChoice]
    • "ProgId"

Win32/StoneDrill.A is a trojan that deletes all files on the local and removable drives.


The trojan can overwrite the entire contents of the drives with random data.


The trojan can perform DoS attack by writing massive amount of data to storage drives.


The trojan may create the following files:

  • %driveroot%\­asdhgasdasdwqe%variable%

A variable numerical value is used instead of %variable% .

Other information

Trojan can detect presence of virtual environments and sandboxes.

Please enable Javascript to ensure correct displaying of this content and refresh this page.