SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT

Tepfer.ADQC (high risk alert)

SonicWALL wants to make you aware of the " Tepfer.ADQC" virus that is spreading across the Internet. A high risk alert has been issued for this threat.


Tepfer.ADQC is an infostealer that usually spreads via spam Emails with malicious attachments. Upon execution they mine the victim machine for vital inforamtion, they download and execute different trojan variants and execute them on the victim machine

File Related Changes
It drops the following file(s) on the system:
  • "c:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQUQ9Q00\dotp10[1].exe"
  • "c:\Users\Admin\AppData\Local\Temp\lrtsdnn.exe"
  • "c:\Users\Admin\AppData\Local\Temp\jkgfddk.exe"
  • "c:\Users\Admin\AppData\Local\Temp\TOVA7DA.bat"
  • "c:\Users\Admin\AppData\Roaming\Fecyz\qimexe.exe"

Process Related Changes
It creates the following mutex(es):
  • "Global\{BA78B64B-4ED8-EC72-FA3A-B06ED20F9373}"
  • "IESQMMUTEX_0_208"

It creates the following process(es):
  • C:\Users\Admin\AppData\Roaming\Fecyz\qimexe.exe
  • C:\Users\Admin\AppData\Local\Temp\lrtsdnn.exe
  • C:\Users\Admin\AppData\Local\Temp\jkgfddk.exe
  • C:\Windows\system32\cmd.exe

It injects malicious code into the following process(es):
  • "C:\Windows\system32\taskhost.exe"
  • "C:\Windows\system32\Dwm.exe"
  • "C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe"

Network Activity
It attempts to connect to the following remote servers:
  • (64.50.1xxxxxx)
  • (157.56.xxxxxx)

We observed the following DNS query/queries:

Registry Related Changes
It makes the following registry modifications to ensure infection after system reboot:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\qimexe = C:\Users\Admin\AppData\Roaming\Fecyz\qimexe.exe

Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
© 2019 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 13.26 | S2MSW04