HPsus/Palevo-B

Kategorie: Verdächtiges Verhalten und verdächtige Dateien Schutz verfügbar seit:03 Okt 2011 20:32:14 (GMT)
Typ: Suspicious file Zuletzt aktualisiert:03 Okt 2011 20:32:14 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of HPsus/Palevo-B include:

Example 1

File Information

Size
113K
SHA-1
0c2a1a39ad820ff1d1e6d2e26d42fb7e240e2419
MD5
f26e6765daeb61a83f9200f14230f19a
CRC-32
41f81b32
File type
application/x-ms-dos-executable
First seen
2011-02-01

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\yeawl.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    c:\Documents and Settings\test user\yeawl.exe
DNS Requests
  • jebena.ananikolic.su
  • peer.pickeklosarske.ru

Example 2

File Information

Size
113K
SHA-1
0cafc902a33876aad534f17479a533e70249ee61
MD5
6095a71d59ce36a119c71bdc18b68965
CRC-32
eeb1cc7f
File type
Windows executable
First seen
2010-12-13

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\yeawl.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    c:\Documents and Settings\test user\yeawl.exe
DNS Requests
  • jebena.ananikolic.su
  • peer.pickeklosarske.ru

Example 3

File Information

Size
129K
SHA-1
0df24ca863cf1396292388fbda33174c9aef350f
MD5
912e2870d8eda6c57a1d63e74a606ef0
CRC-32
97381558
File type
application/x-ms-dos-executable
First seen
2010-10-08

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\rmhzb.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    c:\Documents and Settings\test user\Application Data\rmhzb.exe
DNS Requests
  • jebena.ananikolic.su
  • peer.pickeklosarske.ru
  • teske.pornicarke.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden