What We Do
- Your Needs
  Security Goals
  INDUSTRIES & SECTORS
  COMPANY SIZE
  PRODUCT FEATURES
  CASE STUDIES
  - Education
  - Financial
  - Government
  - Healthcare
  - Technology
  - Other
- Why Sophos
  Company Overview
  Our People
  INNOVATIVE TECHNOLOGY
  ALERT SERVICES
- Products
  Product Features
  Product Families
  - Unified (formerly Astaro)
  - Endpoint
  - Network
  - Encryption
  - Web
  - Email
  - Mobile
  Complete Security
  - All-in-One Security Suites
  PRODUCTS BY NAME
  - Products A-Z
  Free Tools
  Next Steps
  RESOURCES
Getting Answers
- Support
  FIND AN ANSWER
  Support by Product
  - > View all
  Maintain your Product
  Hire an Expert
  WHAT'S POPULAR
- Threat Center
  THREAT ANALYSIS
  THREAT STATISTICS
  WHAT'S POPULAR
  Threat Definitions
  - A-Z of Threats
  THREAT MONITORING
What's Happening
- Security News/Trends
  SECURITY HUBS
  LIBRARY
  Whats Popular
  WHAT'S NEW
  Community
  - Naked Security
  - Connect with Us
  IT SECURITY TRAINING
  ANATOMY OF AN ATTACK
- Partners
  RESELLER PARTNERS
  - Overview
  - Why Partner with Sophos?
  Managed Service Providers
  - Overview
  SYSTEM INTEGRATORS
  - Overview
  OEM and Technology
  WHAT'S POPULAR

HPsus/OSMod-A

Category:	Suspicious Behavior and Files
Type:	Suspicious behavior

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary

Files detected as HPsus/OSMod-A exhibit suspicious behavior.

Detailed analysis

Example behaviors of HPsus/OSMod-A follow:

Example 1

Runtime Analysis

Dropped Files

C:\Documents and Settings\support\support.exe

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
support
C:\Documents and Settings\support\support.exe

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000

DNS Requests

ns1.theimageparlour.net

Example 2

Runtime Analysis

Dropped Files

C:\Documents and Settings\support\support.exe

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
support
43 3a 5c 44 6f 63 75 6d 65 6e 74 73 20 61 6e 64 20 53 65 74 74 69 6e 67 73 5c 73 75 70 70 6f 72 74 5c 73 75 70 70 6f 72 74 2e 65 78 65 00 3b 0d 6e 08 00 00 4f 00 00 00 0c 00 54 00 00 00 00 00 00 00 00 00 b8 26 40 00 80 95 40 00 59 54 46 53 55 43 4f 58 00 00 00 00 02 00 00 00 5c 00 00 00 04 00 00 00

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000

DNS Requests

ns1.theimageparlour.net

Example 3

Runtime Analysis

Dropped Files

C:\Documents and Settings\support\support.exe
C:\Documents and Settings\support\OCOURBYKV.exe

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
support
C:\Documents and Settings\support\support.exe

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000

Processes Created

c:\windows\system32\ntvdm.exe

HTTP Requests

http://imagehut2.cn/data/data.dat

DNS Requests

imagehut2.cn

Try Sophos products for free
Download now