Sus/EncPk-ID

Category: Suspicious Behavior and Files Protection available since:08 Jan 2010 21:39:57 (GMT)
Type: Suspicious file Last Updated:15 Feb 2011 18:50:36 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Sus/EncPk-ID include:

Example 1

File Information

Size
204K
SHA-1
0519a9f9b906bac6882a2e7c6da16e812ac3688e
MD5
b898b7673e29d15cfdd0e3d2fe08fa94
CRC-32
c0ef7b32
File type
application/x-ms-dos-executable
First seen
2011-04-01

Example 2

File Information

Size
204K
SHA-1
080cb5ac7f22a198bd37126b14c0beaf3c943778
MD5
4d3e92b8848861bf84cb187a9487fd6f
CRC-32
a628dbeb
File type
application/x-ms-dos-executable
First seen
2011-04-02

Example 3

File Information

Size
20K
SHA-1
13dbf1511b441282280aa11e26abf9f51923102a
MD5
d9ef227881543ab22e4178787a3b3ab4
CRC-32
b468ccc9
File type
application/x-ms-dos-executable
First seen
2010-12-22

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\svchost.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\reg.vbs
    Size
    292
    SHA-1
    efada0935df417cf3483f973b18e866507abaa81
    MD5
    d83f4c8c0339ffda1d2d75be65546161
    CRC-32
    c12eaa3d
    File type
    application/octet-stream
    First seen
    2010-12-19
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Shell
    C:\DOCUME~1\support\LOCALS~1\Temp\svchost.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\svchost.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\wscript.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy