Troj/Simda-BE

Kategorie: Viren und Spyware Schutz verfügbar seit:31 Jul 2013 23:57:43 (GMT)
Typ: Trojan Zuletzt aktualisiert:31 Jul 2013 23:57:43 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Troj/Simda-BE include:

Example 1

File Information

Size
1.1M
SHA-1
318c2c4ec58289c4011332895869e76d6ae74681
MD5
e0c9bff54a1ae0a1eca30b90402de137
CRC-32
6d00a05b
File type
Windows executable
First seen
2013-07-22

Other vendor detection

Avira
TR/Crypt.XPACK.Gen2

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Modem\Enum
    NextInstance
    0x00000001
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28}
    NameServer
    8.8.8.8,172.16.0.2
HTTP Requests
  • http://report.oc17u3m7gmyws31skuo.com/
IP Connections
  • 94.23.116.81:80

Example 2

File Information

Size
1.1M
SHA-1
eaf937945b4636ee6ec2cd42422fd444b36e232d
MD5
23d00ff53b750f311f6c744c253110c5
CRC-32
435144ab
File type
Windows executable
First seen
2013-07-22

Example 3

File Information

Size
1.1M
SHA-1
f14debc7334d5f2ab68393e972be057b9bd0210c
MD5
c03478a5c516b68472163cf6577cdcd8
CRC-32
2f7aad5a
File type
Windows executable
First seen
2013-07-25

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Modem\Enum
    NextInstance
    0x00000001
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28}
    NameServer
    8.8.8.8,172.16.0.2
HTTP Requests
  • http://report.555m5g5555e5a5k.com/
IP Connections
  • 94.23.116.81:80

Download Sophos Produkte kostenlos testen
Jetzt downloaden