CXweb/BadDlod-K

Category: Viruses and Spyware Protection available since:12 Feb 2013 23:33:52 (GMT)
Type: Malicious behavior Last Updated:12 Feb 2013 23:33:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of CXweb/BadDlod-K include:

Example 1

File Information

Size
759K
SHA-1
0adb5cdec6e9d38fffe925f31e6d7edc6c241bff
MD5
dcd3614b9dbd763b0ef5b58eb5fe79d4
CRC-32
c94b812b
File type
Windows executable
First seen
2007-07-26

Example 2

File Information

Size
705K
SHA-1
39a9f20e7558d7f485ad24276f4dc1345f71b623
MD5
229f0d47dde9fd47b2c85abc479a93ab
CRC-32
0b11ef3f
File type
Windows executable
First seen
2012-12-16

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Update\Windows Update.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\cc.vbs
    Size
    394
    SHA-1
    da4aa508ae1d9f2a4bf9534c017c3969dcb097c3
    MD5
    71d4e1399250eb6bc4538f68e41b70df
    CRC-32
    01cafa04
    File type
    Visual Basic Script
    First seen
    2012-12-05
  • c:\Documents and Settings\test user\Local Settings\Temp\svchost.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Update
    "c:\Documents and Settings\test user\Application Data\Update\Windows Update.exe"
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\svchost.exe
  • c:\windows\system32\wscript.exe
DNS Requests
  • aqo.no-ip.info

download Try Sophos products for free
Download now