Sus/MoleUltr-A

Category:	Suspicious Behavior and Files	Protection available since:	08 Jun 2010 12:37:32 (GMT)
Type:	Suspicious file	Last Updated:	08 Jul 2011 17:49:42 (GMT)

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary

Files detected as Sus/MoleUltr-A exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/MoleUltr-A follow:

Example 1

File Information

Size: 660K
SHA-1: 971e188891d51a72a57a91656094b9ce6bc65300
MD5: 9e7b589142da30437189ea9ee2677ae9
CRC-32: fe419efe
File type: application/x-ms-dos-executable
First seen: 2010-06-21

Other vendor detection

Avira: TR/VB.Inject.675616.BP
Kaspersky: Trojan.Win32.VBKrypt.ckw

Runtime Analysis

Registry Keys Created

HKLM\SYSTEM\CurrentControlSet\Services\SampleVB6Service\Enum
NextInstance
0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\SampleVB6Service
ImagePath
c:\\sample.exe

Example 2

File Information

Size: 159K
SHA-1: 2c53dc646dab2e80e372930cf7769ab94d704c35
MD5: 8da740610c0af88f182cb1649c012202
CRC-32: 3d23e742
File type: application/x-ms-dos-executable
First seen: 2010-06-26

Runtime Analysis

DNS Requests

bad-hackers.no-ip.biz

Example 3

File Information

Size: 501K
SHA-1: 6cc374be3e8b5caae7cb70c141dbb79c1c92ea94
MD5: 14558e1d78ba9e3cbb4cf413e478cff5
CRC-32: 8fc7427b
File type: application/x-ms-dos-executable
First seen: 2010-06-21

Runtime Analysis

Copies Itself To

C:\WINDOWS\system32\justic\dll

Dropped Files

C:\Documents and Settings\support\Local Settings\Temp\XxX.xXx
Size
8
SHA-1
4b7ea89847a8bf34cd84ece468a93e6cc613a20d
MD5
4ac108f7707cc0400ad3c07085159f71
CRC-32
eb046083
File type
application/octet-stream
First seen
2010-08-05
C:\Documents and Settings\support\Application Data\logs.dat

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
police
C:\WINDOWS\system32\justic\dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey
C:\WINDOWS\system32\justic\dll
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7QR7VPR0-0ON3-4L35-73A5-L427Y1GY72AG}
StubPath
C:\WINDOWS\system32\justic\dll Restart
HKCU\Software\victima
NewIdentification
victima
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
hkey
C:\WINDOWS\system32\justic\dll

Processes Created

c:\program files\internet explorer\iexplore.exe

HTTP Requests

http://-32|

DNS Requests

toma2.no-ip.info

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Sus/MoleUltr-A

Summary

Detailed analysis

Example 1

File Information

Other vendor detection

Runtime Analysis

Registry Keys Created

Example 2

File Information

Runtime Analysis

DNS Requests

Example 3

File Information

Runtime Analysis

Copies Itself To

Dropped Files

Registry Keys Created

Processes Created

HTTP Requests

DNS Requests

Free Mac Anti-Virus

Popular topics