HPsus/OSMod-A

Kategorie: Verdächtiges Verhalten und verdächtige Dateien
Typ: Suspicious behavior

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Summary

Files detected as HPsus/OSMod-A exhibit suspicious behavior.

Detailed analysis

Example behaviors of HPsus/OSMod-A follow:

Example 1

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\support\support.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    support
    C:\Documents and Settings\support\support.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
DNS Requests
  • ns1.theimageparlour.net

Example 2

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\support\support.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    support
    43 3a 5c 44 6f 63 75 6d 65 6e 74 73 20 61 6e 64 20 53 65 74 74 69 6e 67 73 5c 73 75 70 70 6f 72 74 5c 73 75 70 70 6f 72 74 2e 65 78 65 00 3b 0d 6e 08 00 00 4f 00 00 00 0c 00 54 00 00 00 00 00 00 00 00 00 b8 26 40 00 80 95 40 00 59 54 46 53 55 43 4f 58 00 00 00 00 02 00 00 00 5c 00 00 00 04 00 00 00
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
DNS Requests
  • ns1.theimageparlour.net

Example 3

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\support\support.exe
  • C:\Documents and Settings\support\OCOURBYKV.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    support
    C:\Documents and Settings\support\support.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\windows\system32\ntvdm.exe
HTTP Requests
  • http://imagehut2.cn/data/data.dat
DNS Requests
  • imagehut2.cn

Download Sophos Produkte kostenlos testen
Jetzt downloaden