Sus/EncPk-LT

Category: Suspicious Behavior and Files Protection available since:02 Dec 2009 16:15:38 (GMT)
Type: Suspicious file Last Updated:08 Jul 2011 17:49:42 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary

Files detected as Sus/EncPk-LT exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/EncPk-LT follow:

Example 1

Other vendor detection

Avira
TR/Vilsel.iot
Kaspersky
Trojan-Downloader.Win32.FraudLoad.wuis

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\support\Application Data\seres.exe
  • C:\Documents and Settings\support\Application Data\svcst.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    SaveZoneInformation
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    mserv
    C:\Documents and Settings\support\Application Data\seres.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
Processes Created
  • c:\documents and settings\support\application data\seres.exe
  • c:\documents and settings\support\application data\svcst.exe
HTTP Requests
  • http://lersolamga5derg.com/fx1Id0MZ5EmE8Co0WBl4SP7p/6IJ
  • http://rtugamer5tbobes.com/Rn1xQv0Tqm5h8sCB0SRV4ss7y6qB
  • http://utorgtan9edoskaw.com/A1PWV0KW5biy8umM0WCA4gj7eW6U
DNS Requests
  • lersolamga5derg.com
  • orav4abdustorabe.com
  • rtugamer5tbobes.com
  • utorgtan9edoskaw.com

Example 2

Other vendor detection

Avira
TR/Agent.AH.489
Kaspersky
Packed.Win32.Krap.ah

Example 3

Other vendor detection

Avira
TR/Crypt.ZPACK.Gen
Kaspersky
Packed.Win32.Krap.ah

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\support\Application Data\seres.exe
  • C:\Documents and Settings\support\Application Data\svcst.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    mserv
    C:\Documents and Settings\support\Application Data\seres.exe
  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    SaveZoneInformation
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav
Processes Created
  • c:\documents and settings\support\application data\seres.exe
  • c:\documents and settings\support\application data\svcst.exe
HTTP Requests
  • http://nebrarfsofertu.com/D1n/0Rv5Ly8JXe0G4Ex7OqU5rd
  • http://obu7leskinrodab.com/vw1App0g5GFt8Ib0kgl4Clb7AIO5i
  • http://orav4abdustorabe.com/XEw1CIn0CHr5dOB8I0l4zR7kdJ5a
DNS Requests
  • ertanue5skayert.com
  • nebrarfsofertu.com
  • obu7leskinrodab.com
  • orav4abdustorabe.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information