Sus/Behav-168

Kategorie: Verdächtiges Verhalten und verdächtige Dateien Schutz verfügbar seit:20 Aug 2008 17:16:52 (GMT)
Typ: Suspicious file Zuletzt aktualisiert:08 Jul 2011 17:49:42 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Summary

Files detected as Sus/Behav-168 exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/Behav-168 follow:

Example 1

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\mdm.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Control\Lsa
    restrictanonymous
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Ole
    EnableDCOM
    N
Processes Created
  • c:\windows\system32\mdm.exe
DNS Requests
  • wow.aktash123.com

Example 2

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\mdm.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Ole
    EnableDCOM
    N
  • HKLM\SYSTEM\CurrentControlSet\Control\Lsa
    restrictanonymous
    0x00000001
Processes Created
  • c:\windows\system32\mdm.exe
DNS Requests
  • tap.aktash123.com

Example 3

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\mdm.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Control\Lsa
    restrictanonymous
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Ole
    EnableDCOM
    N
Processes Created
  • c:\windows\system32\mdm.exe
DNS Requests
  • tap.aktash123.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden