Troj/Ransom-ADE

Kategorie: Viren und Spyware Schutz verfügbar seit:18 Okt 2013 01:54:03 (GMT)
Typ: Trojan Zuletzt aktualisiert:12 Dez 2013 21:33:57 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Troj/Ransom-ADE include:

Example 1

File Information

Size
353K
SHA-1
016409e124f98d565c5a5fa3d3b2428152259df7
MD5
a93d75cb6f72c1847c3f5afc9c94bbbb
CRC-32
c56c1a9d
File type
Windows executable
First seen
2013-10-23

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\Kedinjdwvypfrv.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CryptoLocker
    "c:\Documents and Settings\test user\Local Settings\Application Data\Kedinjdwvypfrv.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *CryptoLocker
    "c:\Documents and Settings\test user\Local Settings\Application Data\Kedinjdwvypfrv.exe"
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\kedinjdwvypfrv.exe
DNS Requests
  • hskvbipksouaqto.biz
  • ichglksaagvvdmw.info
  • kgfpptnxydunvxo.net
  • pbxksllrmivxhjc.org
  • weehpyhdmhiyecl.com

Example 2

File Information

Size
158K
SHA-1
062a8ef7430c61d87a1852e1c503b4781d6789b6
MD5
c8edabf40c6cf341916c75f4cea153ca
CRC-32
83c1f9ac
File type
Windows executable
First seen
2013-09-29

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\dlc.xmm
Dropped Files
  • C:\WINDOWS\bzchgt.wwf
    Size
    1.2K
    SHA-1
    4609b71a39eef100dbe5f9b569f52d5fdf6772bc
    MD5
    fa5a99968cc45920e98250cfd65b6f6c
    CRC-32
    dd31ea7d
    File type
    Unspecified binary - probably data
    First seen
    2013-09-29
  • C:\WINDOWS\mile.rln
    Size
    209K
    SHA-1
    bbe83304dd989c77264a8f1a9d116d78ed3a2f98
    MD5
    08dad7f28882f298d55090b95ee3436f
    CRC-32
    b74b1a56
    File type
    Unspecified binary - probably data
    First seen
    2013-09-29
  • C:\Documents and Settings\All Users\Application Data\gfgyq\wxcpji.gew
    Size
    4.7K
    SHA-1
    5c280bfc00c1dbda2e7b4a5ddc1f731584918153
    MD5
    6f55d35b6d0f5db12c47cbce6c944c8a
    CRC-32
    e9bba7fb
    File type
    Unspecified binary - probably data
    First seen
    2013-09-29
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    c:\Documents and Settings\test user\Application Data\dlc.xmm,explorer.exe
Processes Created
  • c:\windows\system32\svchost.exe
DNS Requests
  • axuoeavab.org
  • byqpxotf.org
  • cnpywoubv.biz
  • cnuiqfq.org
  • cqjcvbxmiy.ru
  • dxxonzeqsi.biz
  • ekdfeuxnzo.ru
  • eokbrxqq.info
  • ffyhwdmzqv.com
  • gghogy.biz
  • gjuujdx.info
  • gtwwykwz.ru
  • instotsvin.ru
  • izismaujw.ru
  • jdonziuyr.info
  • jiqlaonemq.org
  • jowhnhos.net
  • jvftdvow.org
  • kgyjzpoarse.org
  • kngwhfbied.net
  • krururbjfj.info
  • lbugcwegu.biz
  • microsoft.com
  • nanpfqojyq.org
  • odswwr.com
  • oxipftnpm.net
  • ucxkmzk.biz
  • umtnvmgxki.org
  • uyhyovgxeut.ru
  • vluhhjm.info
  • zhbyamj.com
  • zktkzss.com

Example 3

File Information

Size
169K
SHA-1
16af2013f81341e097f01f5244e6bbe6265d72cd
MD5
8a7e2f34f8a6f5334bb16c4e8ed62e90
CRC-32
169368c6
File type
Windows executable
First seen
2013-10-21

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\dlc.xmm
Dropped Files
  • C:\WINDOWS\mile.rln
    Size
    266K
    SHA-1
    2e957a306a2e62933abeda0e3fde1b98c0a583cf
    MD5
    746a2a7687e7ea6640e87bcd99faaffe
    CRC-32
    5ca12a8e
    File type
    Unspecified binary - probably data
    First seen
    2013-10-21
  • C:\Documents and Settings\All Users\Application Data\gfgyq\wxcpji.gew
    Size
    52K
    SHA-1
    7c9ffc9dbc79a0fa4c72619f3bea6523a7015136
    MD5
    047767b0c1556248fbd4870fe179cc18
    CRC-32
    fc43f17a
    File type
    Unspecified binary - probably data
    First seen
    2013-10-21
  • C:\WINDOWS\bzchgt.wwf
    Size
    68K
    SHA-1
    022e38bc7c861ccaa2af6a0dc38c56cd8a5c8dcb
    MD5
    1e01e4e5c5a982b379a4d0e6087b76ae
    CRC-32
    4973250f
    File type
    Unspecified binary - probably data
    First seen
    2013-10-21
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    c:\Documents and Settings\test user\Application Data\dlc.xmm,explorer.exe
Processes Created
  • c:\windows\system32\svchost.exe
DNS Requests
  • azktsmeifdo.ru
  • clyeekrp.ru
  • cteaackl.biz
  • cuexltncyw.net
  • edunxupxzw.info
  • frymrpaov.ru
  • ggfiuqim.biz
  • gtrjrrtqfw.com
  • hgcsnq.net
  • instotsvin.ru
  • llxeheqa.biz
  • lmnyzhxjxc.org
  • mboqrqkr.biz
  • microsoft.com
  • nhjadetm.org
  • nyprnkiptz.ru
  • qbmulwhjqzs.com
  • qyrlxvrj.ru
  • rjmnnliwyy.net
  • scurrnv.net
  • tcgoxu.org
  • tiplurbltj.biz
  • tshmbuw.net
  • uvfdznsr.ru
  • viddrm.info
  • viszzspn.info
  • vlyrmwgde.com
  • xzkiqxddm.net
  • yhyludnja.info
  • yvlbixzupmm.org
  • zqjmrtcgv.net
  • ztwhgwv.com

Download Sophos Produkte kostenlos testen
Jetzt downloaden