Win7Elevate

Category: Adware and PUAs Protection available since:10 Oct 2012 22:29:21 (GMT)
Type: Hacking Tool Last Updated:23 Apr 2013 22:46:14 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Win7Elevate can be used by other programs to bypass UAC on Windows 7

Examples of Win7Elevate include:

Example 1

File Information

Size
1.4M
SHA-1
11475e7e6b01b7ee90027fd1e53005c4de7becc6
MD5
1d32cf7256b389b152978d8cd8fb84c3
CRC-32
988f4ddc
File type
application/x-ms-dos-executable
First seen
2012-03-09

Runtime Analysis

Dropped Files
  • C:\tmp\xp1.exe
    Size
    574K
    SHA-1
    5280d4dbc8bf00f682c6b809ca8d5608b67dae56
    MD5
    fb9630c0dceb78995c56ee0724518997
    CRC-32
    de7f39b4
    File type
    application/x-ms-dos-executable
    First seen
    2012-03-09
  • C:\tmp.txt
    Size
    130
    SHA-1
    6e255720a28fab19dbb4f06cd7afbfff5e8674bc
    MD5
    9688ebe15caf3900f2e7aaeaafd1372f
    CRC-32
    08b189a1
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2011-11-23
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
    DisableFirstRunCustomize
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012030920120310
    CacheOptions
    0x0000000b
  • HKCU\Software\Microsoft\Internet Explorer\Main
    IE8RunOnceCompletionTime
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Window_Placement
    2c 00 00 00 02 00 00 00 03 00 00 00 00 83 ff ff 00 83 ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 3a 03 00 00 10 02 00 00
Processes Created
  • c:\tmp\xp1.exe
HTTP Requests
  • http://cartoonyou.info/tracking202/redirect/dl.php
DNS Requests
  • cartoonyou.info

Example 2

File Information

Size
1.8M
SHA-1
125710653a9a87f95c1dc2a08dfed2faa1f3ddd9
MD5
53e58dc029d5ab081984fe576f920f66
CRC-32
0b58d44e
File type
Windows executable
First seen
2012-05-05

Runtime Analysis

Dropped Files
  • C:\tmp\mdgo.html
    Size
    255
    SHA-1
    0c2a8512f23746a22754f47b01b6226d334a83e0
    MD5
    f77fba6f4b27ae93a6277eb95387548a
    CRC-32
    e5266000
    File type
    JavaScript
    First seen
    2012-05-06
  • C:\tmp\dlm.exe
    Size
    401K
    SHA-1
    9680a777351d27b322c8e8d5e3dbe810a0aab4b1
    MD5
    f2ad5325eecb437d631e8bee46dfc781
    CRC-32
    f3642fb3
    File type
    Windows executable
    First seen
    2012-05-06
  • C:\tmp\m.exe
    Size
    556K
    SHA-1
    3f61488895e6b45118128df2e91629f1eb6facb6
    MD5
    257cdec304a094a61b48a3d8e6f2ab5a
    CRC-32
    d4fff59d
    File type
    Windows executable
    First seen
    2012-05-06
Processes Created
  • c:\windows\system32\rundll32.exe

Example 3

File Information

Size
391K
SHA-1
2ff6cfa55275ea7e35d72283f23016f70679081a
MD5
d81c8bee79b4c156aced076f0c30e905
CRC-32
f37e8fde
File type
Windows executable
First seen
2013-02-20

download Try Sophos products for free
Download now