HPsus/EncPk-D

Category: Suspicious Behavior and Files Protection available since:05 Oct 2011 23:04:05 (GMT)
Type: Suspicious file Last Updated:05 Oct 2011 23:04:05 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of HPsus/EncPk-D include:

Example 1

File Information

Size
552K
SHA-1
23aa67c1d2672a6b41158fcec77744e911152d9c
MD5
13702ca8f43b61f4b2b9f70ce24872c3
CRC-32
d2eabc16
File type
application/x-ms-dos-executable
First seen
2011-08-25

Other vendor detection

Kaspersky
Trojan-Dropper.Win32.Injector.cbp

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnPostRedirect
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1409
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Recovery
    ClearBrowsingHistoryOnExit
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1409
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnPost
    00 00 00 00
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
    1406
    0x00000000
DNS Requests
  • hydracock.ru

Example 2

File Information

Size
200K
SHA-1
297fa4d8ee0aacecfe1c14723d5508887de55320
MD5
b4bb73db4b4fb2352f916aa00e298713
CRC-32
b820cd60
File type
application/x-ms-dos-executable
First seen
2011-08-26

Other vendor detection

Kaspersky
Trojan.Win32.Jorik.SpyEyes.any

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft Windows
    000000BBCEF0CE72
    3a 68 44 ab b6 b7 b7 b7 b7 b0 b3 b3 b3 b3 b1 b1 b1 b1 bc bc bc bc c8 a7 87 f3 92 f0 9c f9 f9 8b ee 9e af df dd dd d2 cf cf cf cf ad c2 b6 e9 8e fb 92 f6 f6 c3 ed dc f2 c0 f6 c6 f6 d7 87 c4 e5 d3 e3 d2 94 a3 95 ac ea 9b 9f 8e 5e 5a 50 26 43 31 42 2b 44 2a 2a 1b 2b 18 2c 19 78 7b 59 11 1b 1b 0b 67 08 6b 0a 66 39 4d 24 49 2c 2c 1e 2e 1f 2e 00 31 01 2f 1f 27 07 37 07 3d 0c 3b 01 31 07 29 1e 27 14 71 74 31 75 70 1c 18 18 1e 64 0b 65 00 00 28 28 6f 6f 22 22 76 76 56 56 7d 7d 4d 4d 7c 7c 46 46 76 29 29 00 00 20 07 5b 5b 5b 53 00 00 74 74 15 15 7b 7b 1f 1f 7e 7e 0c 0c 68 68 48 48 1c 1c 75 75 18 18 7d 7d 0c 05 15 87 8e ed 86 52 5c 5d 65 57 60 50 c0 cc c8 db db db db b4 c7 98 60 74 8c 95 7d 7b 7b 79 15 74 1a 7d 08 69 0e 6b 34 5d 39 39 0b 3b 0e 39 39 39 39 39 28 28 28
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1409
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Recovery
    ClearBrowsingHistoryOnExit
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnIntranet
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\PhishingFilter
    ShownServiceDownBalloon
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnPost
    00 00 00 00
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1406
    0x00000000
IP Connections
  • 96.8.117.237:443
DNS Requests
  • weraty.biz

Example 3

File Information

Size
244K
SHA-1
78a01f3ae1d6c9c57da1b2ca12e237a2c2fbb505
MD5
4505fe6e817927d67aa12eef99c0577f
CRC-32
4c8ecd73
File type
application/x-ms-dos-executable
First seen
2011-09-20

Other vendor detection

Kaspersky
Trojan.Win32.Buzus.imoa

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnIntranet
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1409
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\PhishingFilter
    ShownServiceDownBalloon
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1409
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Recovery
    ClearBrowsingHistoryOnExit
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1409
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnPost
    00 00 00 00
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
IP Connections
  • 141.105.66.211:8080
DNS Requests
  • www.randomcrappy.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information