Examples of RemoteAdmin include:
Example 1
File Information
- Size
- 177K
- SHA-1
- 0c05c8917d766652f1cb5da999e413557f280c55
- MD5
- f0bd6658f0503cb57e9004f8dfefdeca
- CRC-32
- ec0aa7b9
- File type
- application/x-ms-dos-executable
- First seen
- 2011-01-24
Example 2
File Information
- Size
- 661K
- SHA-1
- 8705fdbc7cf00324a0c2ed26e7d39527b99b2396
- MD5
- d3c074ed6c8012dae9c4a9555147eec6
- CRC-32
- e49dca1d
- File type
- Windows executable
- First seen
- 2011-06-16
Example 3
File Information
- Size
- 1.2M
- SHA-1
- 89f5b8e8e076a299b5e761be3ae9ca135e0a5896
- MD5
- a39b5900f5386de64f97adc341b13da0
- CRC-32
- 1d543114
- File type
- Windows executable
- First seen
- 2011-03-27
Runtime Analysis
Copies Itself To
- C:\WINDOWS\system\file\file.exe
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\programa.exe
- Size
- 48K
- SHA-1
- 843ba5d99045181eb539bc1a23cf211e3c58a592
- MD5
- 21018e06014721c95d52ee0fc0fe1975
- CRC-32
- c468569c
- File type
- Windows executable
- First seen
- 2011-05-28
- C:\WINDOWS\system\smss.exe
- C:\WINDOWS\system\WindowsUpdater.exe
- Size
- 344K
- SHA-1
- a0742abacb55df65ed2d29896929fa07bddb07fc
- MD5
- 13b77fa6e2d2c80f6e0a5d5a64396553
- CRC-32
- 6b71b220
- File type
- Windows executable
- First seen
- 2011-07-10
- C:\WINDOWS\system\Visedll.dll
- c:\Documents and Settings\test user\Local Settings\Temp\~DFC66F.tmp
- Size
- 16K
- SHA-1
- 9e3b198eeda8f37c5fa03bdd4bf5b79b6b7238fc
- MD5
- 0e676d2a95222f8088de329b7e5c6ff6
- CRC-32
- a0cff874
- File type
- Microsoft OLE2 file format
- First seen
- 2011-05-28
- C:\WINDOWS\system\raddrv.dll
- C:\WINDOWS\system\AdmDll.dll
- C:\WINDOWS\system\scrss.exe
- Size
- 278K
- SHA-1
- 43efccc4d5b20d4624dfcdd4989ab9b2c68905fc
- MD5
- fe6c450cb68781eb6fd658acc40cfb1c
- CRC-32
- 294b987f
- File type
- application/x-ms-dos-executable
- First seen
- 2011-07-10
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
- System
- scrss.exe
Processes Created
- c:\docume~1\support\locals~1\temp\programa.exe