Sus/Dbot-B

Category: Suspicious Behavior and Files Protection available since:21 Sep 2010 11:19:50 (GMT)
Type: Suspicious file Last Updated:08 Jul 2011 17:49:42 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary

Files detected as Sus/Dbot-B exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/Dbot-B follow:

Example 1

Runtime Analysis

Dropped Files
  • C:\emycyup.sys
    Size
    425
    SHA-1
    4d3a87cb39e0b1eaa176ca72c16b9597494f6a3c
    MD5
    2b145478f3c5fa7fd064c95ae2e87704
    CRC-32
    4155902a
    File type
    application/octet-stream
    First seen
    2010-09-21
  • C:\WINDOWS\uninstallall.sys
    Size
    150
    SHA-1
    5beaa3b9b47fbd1dd862c09f74d79ddabd7d1fa9
    MD5
    ce88a179ed5587e00245a5b9735860e7
    CRC-32
    768e65e7
    File type
    application/octet-stream
    First seen
    2010-09-21
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010090620100913
    CacheLimit
    0x00002000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    emycyboa
    c:\emycyup.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010092120100922
    CacheLimit
    0x00002000
Processes Created
  • c:\emycyup.exe
  • c:\program files\internet explorer\iexplore.exe
HTTP Requests
  • http://www.emycy.com/check_image.php
  • http://www.emycy.com/download/emycyup.sys
  • http://www.emycy.com/download/up_cnt.htm
  • http://www.emycy.com/js/general.js
  • http://www.searchnut.com/
  • http://www.searchnut.com/images/3_letters/3_letters_385x261.jpg
  • http://www.searchnut.com/images/parked_layouts/bl.gif
  • http://www.searchnut.com/images/parked_layouts/br.gif
  • http://www.searchnut.com/images/parked_layouts/s.gif
  • http://www.searchnut.com/images/parked_layouts/tl.gif
  • http://www.searchnut.com/images/parked_layouts/tr.gif
  • http://www.searchnut.com/style/style1_20.css
DNS Requests
  • www.emycy.com
  • www.searchnut.com

Example 2

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\support\Local Settings\Temp\3800HKP.tmp
    Size
    1.7K
    SHA-1
    20f2488b6119ca241017749a95f5ac9d9ceaf612
    MD5
    d5a8f5808df6f4e7a5e76ee95cbaef1e
    CRC-32
    c2d705f7
    File type
    application/octet-stream
    First seen
    2010-09-21

Example 3

Runtime Analysis

Dropped Files
  • C:\newwmjm.txt
HTTP Requests
  • http://jm.wmzhe.com/newversion/newwmjm.txt
DNS Requests
  • jm.wmzhe.com

download Try Sophos products for free
Download now