Troj/Shiz-AJ

Kategorie: Viren und Spyware Schutz verfügbar seit:13 Sep 2013 11:29:59 (GMT)
Typ: Trojan Zuletzt aktualisiert:13 Sep 2013 11:29:59 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Troj/Shiz-AJ include:

Example 1

File Information

Size
344K
SHA-1
0088d17ce5d1a7a07a0a1e2dea41638eea4e4757
MD5
595ca1c1c197bccfa67f19e0579c14c5
CRC-32
9ee34a2f
File type
Windows executable
First seen
2012-07-22

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Dropped Files
  • C:\WINDOWS\AppPatch\umexmny.exe
    Size
    344K
    SHA-1
    68340f10dc21320b036776593cabef34d6d5a2d1
    MD5
    5ea67f590791f767c0b26fec710bcd41
    CRC-32
    5738f6e0
    File type
    Windows executable
    First seen
    2013-09-13
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    run
    C:\WINDOWS\apppatch\umexmny.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    601f769f
    @□□□□□ □□□□□□□□□□□□□□0□□□P□□□□ 6□□□□ □□ □□□□□□□□p□□`C□□□□0□□□□□`y□□□□p□□□_□□7□p□□0m□0=□p7□0□□0}□□V□□K□□□□□□□□□□`f□□□□□□□□k□p□□0□□0'□□□□□C□□□□□□□□□□□□□p□□□e□□□□□□□p□□□□□`Y□p□□□w□□□□□□□□w□□□□0□□□C□□3□□^□0□□□□□□Q□□k□□#□0□□□□□□□□□□□s□□□□□□□□□□□□□□□□0□□0□□p□□`□□□□□P#□`a□0a□□□□0□□0□□`V□0>□□g□□□□p□□□□□□□□□□□□7□`y□□)□□□□0s□0□□P□□Pv□pW□`e□□□□□□□p{□□□□□□□0□□0□□0□□□N□□□□□□□□;□0□□□□□p□□□#□□1□□□□□□□
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG
    Trace Level
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    userinit
    C:\WINDOWS\apppatch\umexmny.exe
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\apppatch\umexmny.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\apppatch\umexmny.exe,
DNS Requests
  • cicaratupig.eu
  • cihunemyror.eu
  • ciliqikytec.eu
  • cinepycusaw.eu
  • ciqydofudyx.eu
  • digivehusyd.eu
  • dikoniwudim.eu
  • dimutobihom.eu
  • divywysigud.eu
  • dixemazufel.eu
  • fobonobaxog.eu
  • fodakyhijyv.eu
  • fogeliwokih.eu
  • fokyxazolar.eu
  • foxivusozuc.eu
  • gadufiwabim.eu
  • gahihezenal.eu
  • galokusemus.eu
  • gatedyhavyd.eu
  • jefapexytar.eu
  • jejedudupuc.eu
  • jepororyrih.eu
  • jewuqyjywyv.eu
  • kefuwidijyp.eu
  • kemocujufys.eu
  • kepymexihak.eu
  • keraborigin.eu
  • lymylorozig.eu
  • lyruxyxaxaw.eu
  • lysovidacyx.eu
  • lyvejujolec.eu
  • magofetequb.eu
  • makagucyraj.eu
  • marytymenok.eu
  • masisokemep.eu
  • nofyjikoxex.eu
  • nojuletacuf.eu
  • nopegymozow.eu
  • nozoxucavaq.eu
  • pumadypyruv.eu
  • puregivytoh.eu
  • puvopalywet.eu
  • puzutuqeqij.eu
  • qederepuduf.eu
  • qegytuvufoq.eu
  • qeqinuqypoq.eu
  • qetoqolusex.eu
  • rydinivoloh.eu
  • rynazuqihoj.eu
  • ryqecolijet.eu
  • rytuvepokuv.eu
  • tucyguqaciq.eu
  • tunujolavez.eu
  • tupazivenom.eu
  • tuwikypabud.eu
  • vocumucokaj.eu
  • vofozymufok.eu
  • vojacikigep.eu
  • volebatijub.eu
  • voniqofolyt.eu
  • www.bing.com
  • xubifaremin.eu
  • xuqohyxeqak.eu
  • xutekidywyp.eu
  • xuxusujenes.eu

Example 2

File Information

File type
Windows executable

Example 3

File Information

File type
Windows executable

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Dropped Files
  • C:\WINDOWS\AppPatch\mpfchmi.exe
    Size
    344K
    SHA-1
    18da1a5e7245bb6c60863273a1bf7538151bc0a3
    MD5
    17d3bf590a2f87ac95081b6a0dfbd3b5
    CRC-32
    abd66210
    File type
    Windows executable
    First seen
    2013-09-13
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG
    Trace Level
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    userinit
    C:\WINDOWS\apppatch\mpfchmi.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    run
    C:\WINDOWS\apppatch\mpfchmi.exe
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\apppatch\mpfchmi.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    601f769f
    @□□□□□ □□□□□□□□□□□□□□0□□□P□□□□□+□□□□p□□ □□□□□□□□p□□`C□□□□0□□□□□`y□□□□p□□□_□□7□p□□0m□0=□p7□0□□0}□□V□□K□□□□□□□□□□`f□□□□□□□□k□p□□0□□0'□□□□□C□□□□□□□□□□□□□p□□□e□□□□□□□p□□□□□`Y□p□□□w□□□□□□□□w□□□□0□□□C□□3□□^□0□□□□□□Q□□k□□#□0□□□□□□□□□□□s□□□□□□□□□□□□□□□□0□□0□□p□□`□□□□□P#□`a□0a□□□□0□□0□□`V□0>□□g□□□□p□□□□□□□□□□□□7□`y□□)□□□□0s□0□□P□□Pv□pW□`e□□□□□□□p{□□□□□□□0□□0□□0□□□N□□□□□□□□;□0□□□□□p□□□#□□1□□□□□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\apppatch\mpfchmi.exe,
DNS Requests
  • cicaratupig.eu
  • cihunemyror.eu
  • ciliqikytec.eu
  • cinepycusaw.eu
  • ciqydofudyx.eu
  • digivehusyd.eu
  • dikoniwudim.eu
  • dimutobihom.eu
  • divywysigud.eu
  • dixemazufel.eu
  • fobonobaxog.eu
  • fodakyhijyv.eu
  • fogeliwokih.eu
  • fokyxazolar.eu
  • foxivusozuc.eu
  • gadufiwabim.eu
  • gahihezenal.eu
  • galokusemus.eu
  • gatedyhavyd.eu
  • jefapexytar.eu
  • jejedudupuc.eu
  • jepororyrih.eu
  • jewuqyjywyv.eu
  • kefuwidijyp.eu
  • kemocujufys.eu
  • kepymexihak.eu
  • keraborigin.eu
  • lymylorozig.eu
  • lyruxyxaxaw.eu
  • lysovidacyx.eu
  • lyvejujolec.eu
  • magofetequb.eu
  • makagucyraj.eu
  • marytymenok.eu
  • masisokemep.eu
  • nofyjikoxex.eu
  • nojuletacuf.eu
  • nopegymozow.eu
  • nozoxucavaq.eu
  • pumadypyruv.eu
  • puregivytoh.eu
  • puvopalywet.eu
  • puzutuqeqij.eu
  • qederepuduf.eu
  • qegytuvufoq.eu
  • qeqinuqypoq.eu
  • qetoqolusex.eu
  • rydinivoloh.eu
  • rynazuqihoj.eu
  • ryqecolijet.eu
  • rytuvepokuv.eu
  • tucyguqaciq.eu
  • tunujolavez.eu
  • tupazivenom.eu
  • tuwikypabud.eu
  • vocumucokaj.eu
  • vofozymufok.eu
  • vojacikigep.eu
  • volebatijub.eu
  • voniqofolyt.eu
  • www.bing.com
  • xubifaremin.eu
  • xuqohyxeqak.eu
  • xutekidywyp.eu
  • xuxusujenes.eu

Download Sophos Produkte kostenlos testen
Jetzt downloaden