HPsus/KrnPtch-A

Kategorie: Verdächtiges Verhalten und verdächtige Dateien Schutz verfügbar seit:12 Mrz 2012 16:50:11 (GMT)
Typ: Suspicious file Zuletzt aktualisiert:12 Mrz 2012 16:50:11 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of HPsus/KrnPtch-A include:

Example 1

File Information

Size
31K
SHA-1
010cbcdfdfe3f8917e480ec65fd3b6b1c07dfb02
MD5
ca4fa2d7cbaaa97862f9290b7341c89a
CRC-32
bcb93f8a
File type
application/x-ms-dos-executable
First seen
2012-01-25

Runtime Analysis

Copies Itself To
  • C:\Program Files\Common Files\rfdltecq\nfoifz.pif
Dropped Files
  • C:\WINDOWS\system32\112250.DLL
    Size
    13M
    SHA-1
    2c8361516473e6ac83a7a59866a8807eed26dc9b
    MD5
    db7e648d6b84b3c30002ad578afe3370
    CRC-32
    dd8fb315
    File type
    application/x-ms-dos-executable
    First seen
    2012-01-25
Registry Keys Modified
  • HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
    (Default)
    C:\WINDOWS\system32\112250.DLL
HTTP Requests
  • http://n.7i00.com/s.gif
DNS Requests
  • n.7i00.com

Example 2

File Information

Size
188K
SHA-1
0160d71777e3235fbdd958a4949ca32b9a906182
MD5
344aa6940491e50b9ffd9071fae1e85c
CRC-32
d17d72b8
File type
application/x-ms-dos-executable
First seen
2012-01-10

Runtime Analysis

Copies Itself To
  • C:\Program Files\Common Files\rfdltecq\nfoifz.pif
Dropped Files
  • C:\WINDOWS\system32\254984.DLL
    Size
    13M
    SHA-1
    1a2abed38243026415804b6f89dc64ca064a09b9
    MD5
    4b6f30b441498a2ce629efdc3cf5340a
    CRC-32
    984b0aa6
    File type
    application/x-ms-dos-executable
    First seen
    2011-12-16
Registry Keys Modified
  • HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
    (Default)
    C:\WINDOWS\system32\254984.DLL
HTTP Requests
  • http://l.7i00.com/s.gif
DNS Requests
  • l.7i00.com

Example 3

File Information

Size
189K
SHA-1
2c49ef10fa4f36a7106dce4e7d14c71fd09354bb
MD5
7c3617dd6f92e4573e2c2fad65d8899e
CRC-32
37ed19e2
File type
application/x-ms-dos-executable
First seen
2012-01-09

Runtime Analysis

Copies Itself To
  • C:\Program Files\Common Files\rfdltecq\nfoifz.pif
Dropped Files
  • C:\WINDOWS\system32\105156.DLL
    Size
    13M
    SHA-1
    1a2abed38243026415804b6f89dc64ca064a09b9
    MD5
    4b6f30b441498a2ce629efdc3cf5340a
    CRC-32
    984b0aa6
    File type
    application/x-ms-dos-executable
    First seen
    2011-12-16
Registry Keys Modified
  • HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32
    (Default)
    C:\WINDOWS\system32\105156.DLL
HTTP Requests
  • http://l.7i00.com/s.gif
DNS Requests
  • l.7i00.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden