Troj/VB-HAU

Kategorie: Viren und Spyware Schutz verfügbar seit:21 Jan 2014 13:00:57 (GMT)
Typ: Trojan Zuletzt aktualisiert:21 Jan 2014 13:00:57 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Troj/VB-HAU exhibits the following characteristics:

File Information

Size
472K
SHA-1
c31bf5c71fd807bf9be52d86fc1471b2aead7c4b
MD5
0631a52692b513de07a9f5a74b9c9b08
CRC-32
309107a5
File type
application/x-ms-dos-executable
First seen
2014-01-21

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\InstallDir\Server.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\VDB0Wd7T\VDB0Wd7T.svr
    Size
    358K
    SHA-1
    fe0ff6201dda12cd972fa5cb0c9d48be30588a1b
    MD5
    51c520724ba3b70c07ece65d29160bee
    CRC-32
    6132a5bd
    File type
    Unspecified binary - probably data
    First seen
    2013-12-25
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\VDB0Wd7T\VDB0Wd7T.dat
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\VDB0Wd7T\VDB0Wd7T.nfo
    Size
    3.6K
    SHA-1
    fdbd4a1ce7893ce24c53809612fcd262fe447cf5
    MD5
    b33ebbc1fd056930261f102f958976d6
    CRC-32
    9e552af7
    File type
    application/octet-stream
    First seen
    2014-01-21
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    HKCU
    C:\WINDOWS\InstallDir\Server.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKLM
    C:\WINDOWS\InstallDir\Server.exe
  • HKCU\Software\VDB0Wd7T
    InstalledServer
    C:\WINDOWS\InstallDir\Server.exe
Processes Created
  • c:\windows\installdir\server.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • jaiper2.no-ip.biz

Download Sophos Produkte kostenlos testen
Jetzt downloaden