Sus/Behav-1003

Category: Suspicious Behavior and Files Protection available since:28 Mar 2007 00:00:00 (GMT)
Type: Suspicious file Last Updated:08 Jul 2011 17:36:49 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary

Files detected as Sus/Behav-1003 exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/Behav-1003 follow:

Example 1

File Information

Size
141K
SHA-1
d5fac75dcf07d0aee9dfecaf7020f9c60c429447
MD5
849e2706241a44b95bcdae81f2b5d425
CRC-32
b46d6151
File type
application/x-ms-dos-executable
First seen
2010-07-23

Example 2

Other vendor detection

Avira
TR/Drop.Agent.AN

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\ntcsvr.exe
Dropped Files
  • C:\Documents and Settings\support\Local Settings\Temp\nthivtmp_2
    Size
    28K
    SHA-1
    278e866d6a408238bfdd37f08440db551fbab70a
    MD5
    4324d99afb758f62d286656fe5b86f05
    CRC-32
    c49ba237
    File type
    application/octet-stream
    First seen
    2010-09-04
  • C:\Documents and Settings\support\Local Settings\Temp\nthivtmp_2.LOG
    Size
    1.0K
    SHA-1
    d9fc7b9892464bf347b00f87f23906c9deb07fa5
    MD5
    5d4380a4f281d915538ff101d38332f4
    CRC-32
    be14a045
    File type
    application/octet-stream
    First seen
    2010-09-04
Processes Created
  • c:\windows\system32\cmd.exe

Example 3

File Information

Size
293K
SHA-1
00326211b446c5c93692eef2c853ecfeef9bb2a4
MD5
df4c4538323be1dcce6434b968537529
CRC-32
bded5d76
File type
application/x-ms-dos-executable
First seen
2010-07-02

download Try Sophos products for free
Download now