Examples of Sus/VB-BG include:
Example 1
File Information
- Size
- 137K
- SHA-1
- 40cd8a595c58bc4244dc36f312d3e8790c4b0634
- MD5
- 4d3fff39bfc3f178feb86f64caaf5f86
- CRC-32
- 70d7c9fb
- File type
- application/x-ms-dos-executable
- First seen
- 2010-10-23
Runtime Analysis
Copies Itself To
- C:\Program Files\Bifrost\dfdf.exe
Dropped Files
- c:\Documents and Settings\test user\Application Data\addons.dat
- Size
- 25K
- SHA-1
- 4a613db0b40a6c7c9b457d234d6b28f56f457573
- MD5
- 14eae20596200d0e8738674580f75d50
- CRC-32
- 3f95978e
- File type
- application/octet-stream
- First seen
- 2011-01-31
Registry Keys Created
- HKCU\Software\Bifrost
- plg1
- ea 44 dc 02 a3 27 d7 5f 11 ad b9 07 da f2 35 03 2a 35 8e 58 1b 0e 11 94 d4 f9 0e 19 04 4f b9 af cb 5d 59 bf cd e5 bc b0 21 a8 58 eb 14 e8 13 8a ad 69 39 70 95 91 53 5e 9c 3c 53 77 15 3a d3 06 e8 50 f4 8b a8 a2 a5 2a d4 e8 ad f8 56 4c e2 09 b0 c6 b1 1e 7b 8b 70 93 28 05 3a c5 2d 69 9d 88 99 b6 ad 02 12 80 47 d5 fd e3 11 cf 82 2a 3f eb dc db fe 5c fc a9 fc 24 96 58 84 2f 39 9b 65 8f 07 dd 00 93 9f 17 3c 40 e1 28 66 c5 5f 99 d8 45 16 96 03 c9 61 11 f8 90 18 95 d1 97 26 05 44 ba e3 e1 73 99 ed c0 5c 97 e5 6a b7 c4 f3 fd 87 5e a7 4e e8 38 35 4c 15 a6 66 fc 51 8e 31 64 b2 44 71 3d 53 d0 e8 b3 0f 9c d0 a8 c5 ef 3f d2 cb a2 57 73 4c d8 1a 15 62 fc 0c 29 05 4e 74 a2 c7 21 12 c6 da 54 cf db 59 8a c3 ce ef 8f 8f 35 b9 a5 0f 93 9d b2 29 5f e3 4d 04 fb 9b 74 85 41 36 3a d8 5a 8f 41
- HKLM\SOFTWARE\Bifrost
- nck
- ed 1b e6 27 b9 28 d6 32 74 c3 cd 74 fa 93 5b 67
DNS Requests
Example 2
File Information
- Size
- 112K
- SHA-1
- 6bd463cdc9112d0c0385b7a7cb4f9fca80d4d316
- MD5
- 2d9b3bea9eab723a5e0c0dd55d74a30b
- CRC-32
- c95bcac5
- File type
- application/x-ms-dos-executable
- First seen
- 2011-01-04
Example 3
File Information
- Size
- 28K
- SHA-1
- 76b788b9798ce22c524511099ead3245ef15d4e2
- MD5
- 1e2270625673166a2a4f8e6be2904fea
- CRC-32
- 426b941d
- File type
- application/x-ms-dos-executable
- First seen
- 2010-10-04