Mal/EncPk-AEI

Kategorie: Viren und Spyware Schutz verfügbar seit:07 Mai 2012 16:33:02 (GMT)
Typ: Malicious behavior Zuletzt aktualisiert:07 Mai 2012 16:33:02 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Mal/EncPk-AEI include:

Example 1

File Information

Size
105K
SHA-1
af3fcb4bdc9ab45f9e3d620eb6663ad029cfd4bd
MD5
fe18d433eb8933fa289b5d9a00e2f5c7
CRC-32
aab39d6c
File type
application/x-ms-dos-executable
First seen
2012-05-04

Example 2

File Information

Size
113K
SHA-1
09a4ca7d15f2c62a11830cb0e630ccf17733110f
MD5
ee9514c2cc5867d098c1525d76d54332
CRC-32
0bad37a9
File type
application/x-ms-dos-executable
First seen
2012-05-02

Other vendor detection

Kaspersky
HEUR:Worm.Win32.Generic

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\mdm.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Firevall Engine
    c:\windows\mdm.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\windows\mdm.exe
    c:\windows\mdm.exe:*:Enabled:Microsoft Firevall Engine
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Firevall Engine
    c:\windows\mdm.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Firevall Engine
    c:\windows\mdm.exe
Processes Created
  • c:\windows\mdm.exe
  • c:\windows\system32\netsh.exe
IP Connections
  • 49.61.182.240:1986
DNS Requests
  • hd.hidbiz.ru

Download Sophos Produkte kostenlos testen
Jetzt downloaden