HPsus/EncPk-C

Category: Suspicious Behavior and Files Protection available since:09 Nov 2011 23:41:39 (GMT)
Type: Suspicious file Last Updated:09 Nov 2011 23:41:39 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of HPsus/EncPk-C include:

Example 1

File Information

Size
170K
SHA-1
1f1ce9ecd2a54eabea7115cf89d5b6f34d957cd4
MD5
cca22d0f7ac9e8aaa437651e1654c1c4
CRC-32
911166a8
File type
Windows executable
First seen
2011-02-10

Other vendor detection

Kaspersky
Backdoor.Win32.Gbot.ww

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Microsoft\conhost.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\337E.A1A
    Size
    1.4K
    SHA-1
    cc53c9dc83ca803166dafe09f0dc7bf5e96468ff
    MD5
    b6d9c8c5568fc7cf53a74aa876d1f388
    CRC-32
    10c5c993
    File type
    application/octet-stream
    First seen
    2011-11-09
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    conhost
    c:\Documents and Settings\test user\Application Data\Microsoft\conhost.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    ProxyServer
    http=127.0.0.1:64808
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    ProxyEnable
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings
    ProxyEnable
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 03 00 00 00 03 00 00 00 14 00 00 00 68 74 74 70 3d 31 32 37 2e 30 2e 30 2e 31 3a 36 34 38 30 38 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 80 88 73 da f3 98 ca 01 01 00 00 00 ac 10 00 06 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings
    ProxyEnable
    0x00000001
HTTP Requests
  • http://differentdata-one.com/images/im133.jpg
  • http://rossroadbags.com/images/p_thumb/3520.jpg
  • http://zoneak.com/images/im133.jpg
DNS Requests
  • differentdata-one.com
  • rossroadbags.com
  • zoneak.com
  • zonetf.com

Example 2

File Information

Size
378K
SHA-1
67f6c19a05889b4eba0c4b57801be12aebe2d3ab
MD5
a48a4c19cdf2ca74db66a6dd274c77a6
CRC-32
e26bd86e
File type
Windows executable
First seen
2011-04-06

Other vendor detection

Kaspersky
Trojan.Win32.FakeAV.ckcl

Runtime Analysis

Dropped Files
  • C:\sample
    Size
    192
    SHA-1
    fd1b45ab7c8de6663f8d6a71d469b69f50357e00
    MD5
    142f5f8903ab9d60b18919f056bd3545
    CRC-32
    f398c5d2
    File type
    Unspecified binary - probably data
    First seen
    2011-06-06
Processes Created
  • c:\windows\explorer.exe

Example 3

File Information

Size
410K
SHA-1
a0a7f380eefe70429178d2c042e90442cd7366f7
MD5
19ee410e9af77ca80fe0cfefc61e8898
CRC-32
852ddf2a
File type
Windows executable
First seen
2011-02-10

Other vendor detection

Kaspersky
Trojan.Win32.FakeAV.bann

Runtime Analysis

Dropped Files
  • C:\sample
    Size
    98
    SHA-1
    78a2a39af2281a7d654df90953695c7225b920c6
    MD5
    7e0109f1960e4ff0d5682f35505498bc
    CRC-32
    87428ef9
    File type
    Unspecified binary - probably data
    First seen
    2011-05-24
Processes Created
  • c:\windows\explorer.exe

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information