Examples of HPsus/TDLrtk-D include:
Example 1
File Information
- Size
- 122K
- SHA-1
- 1e162499f6b6237720bd26d881a741cdc879ed17
- MD5
- fc9d763e7f0651781a55f5cf3c507312
- CRC-32
- 55141352
- File type
- application/x-ms-dos-executable
- First seen
- 2011-11-15
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Temp\4.tmp
Dropped Files
- C:\WINDOWS\Temp\5.tmp
- c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
- Size
- 122K
- SHA-1
- 648485f6777aba42b8c8df2f6b80d35889c5cfdc
- MD5
- 5624f2dd37347056c5e3d459cec17a7d
- CRC-32
- dc47195c
- File type
- application/x-ms-dos-executable
- First seen
- 2011-11-15
Registry Keys Created
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- GlobalUserOffline
- 0x00000000
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- WarnonBadCertRecving
- 0x00000000
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 2500
- 0x00000003
- HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\International
- AcceptLanguage
- en-GB
- HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
- DefaultSpoolDirectory
- C:\WINDOWS\System32\spool\PRINTERS
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
- SecuritySafe
- 0x00000000
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\International
- AcceptLanguage
- en-GB
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
- SecuritySafe
- 0x00000000
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 2500
- 0x00000003
Registry Keys Modified
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1A04
- 0x00000000
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1A10
- 0x00000000
Processes Created
- c:\windows\system32\spoolsv.exe
HTTP Requests
- http://hellokitty2.com/MoSBroC0ub3h1pdEbTBcVq/M6mT6qliqksH8fg==
DNS Requests
Example 2
File Information
- Size
- 120K
- SHA-1
- e31926d76fcf1bc62480c187c5abd32f03be157a
- MD5
- 12b30790ca65c3e78f1fbfadd9bf471f
- CRC-32
- 9a2c5948
- File type
- application/x-ms-dos-executable
- First seen
- 2011-11-16
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Temp\4.tmp
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
- Size
- 120K
- SHA-1
- 7974e74ede401e36d7c933847fe07a91dd2cceae
- MD5
- 8fbd2827e9ad1db0993813097a2d1b82
- CRC-32
- 6a674f4e
- File type
- application/x-ms-dos-executable
- First seen
- 2011-11-16
- C:\WINDOWS\Temp\5.tmp
Registry Keys Created
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
- SecuritySafe
- 0x00000000
- HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\International
- AcceptLanguage
- en-GB
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
- SecuritySafe
- 0x00000000
- HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
- DefaultSpoolDirectory
- C:\WINDOWS\System32\spool\PRINTERS
- HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\International
- AcceptLanguage
- en-GB
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 2500
- 0x00000003
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- WarnonBadCertRecving
- 0x00000000
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 2500
- 0x00000003
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- GlobalUserOffline
- 0x00000000
Registry Keys Modified
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1A04
- 0x00000000
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1A10
- 0x00000000
Processes Created
- c:\windows\system32\spoolsv.exe
DNS Requests