Malware Second Analysis Wollf Malware Ones Core System

Malware Second Analysis Wollf Malware - Ones. Core System Team -

if( avgc =< 1 ) WSAStartup() 호출 Copy. File. A() 호출 Copy : Malware. exe C: /windows/system 32/wrm. exe Create. Service. A() 호출

SC_HANDLE WINAPI Create. Service( _In_ SC_HANDLE h. SCManager, ( 매니저 핸들 ) _In_ LPCTSTR lp. Service. Name, ( WRM) (서비스이름) _In_opt_ LPCTSTR lp. Display. Name, (Wollf Remote Manager) (표시 이름) _In_ DWORD dw. Desired. Access, (0 x 0 f 01 ff) _In_ DWORD dw. Service. Type, (120) //0 x 20 : Service that shares a process with one or more other services. 0 x 100 : The service can interact with the desktop. If you specify either SERVICE_WIN 32_OWN_PROCESS or SERVICE_WIN 32_SHARE_PROCESS, and the service is running in the context of the Local. System account, you can also specify the following value. ? ? // _In_ DWORD dw. Start. Type, (2) 0 x 2 : A service started automatically by the service control manager during system startup. _In_ DWORD dw. Error. Control, (1) _In_opt_ LPCTSTR lp. Binary. Path. Name, (full path) C: /windows/system 32/wrm. exe –start 로 등록 _In_opt_ LPCTSTR lp. Load. Order. Group, (0) _Out_opt_ LPDWORD lpdw. Tag. Id, (0) _In_opt_ LPCTSTR lp. Dependencies, ( Null 공간)