Mal/Ambler-B

Category: Viruses and Spyware Protection available since:21 Sep 2011 14:17:39 (GMT)
Type: Malicious behavior Last Updated:21 Sep 2011 14:17:39 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Ambler-B include:

Example 1

File Information

Size
45K
SHA-1
24564c5fe29dc15e9fd0b84d30947f7ab3f30d6c
MD5
a0f9b9ea927471d9d2412fdc889b0e5c
CRC-32
5ad91177
File type
application/x-ms-dos-executable
First seen
2010-09-09

Other vendor detection

Kaspersky
Trojan.Win32.Agent2.cvsi

Example 2

File Information

Size
155K
SHA-1
81cc0832b8b9456d90363e32b4de566f9217a27f
MD5
84a3de1f9f30a4379bacba920bb2cd46
CRC-32
d1c6fac7
File type
Windows executable
First seen
2010-09-07

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Bitrix Security\tbojih
    Size
    99K
    SHA-1
    5a4eeb9b9ff90bcb6ff7db2e721e209fa00d826f
    MD5
    69c1ae6e560a19709cb9acdbd3b07076
    CRC-32
    9bfa6ae8
    File type
    application/octet-stream
    First seen
    2010-09-07
  • c:\Documents and Settings\test user\Application Data\Bitrix Security\fiwqnxvd22_shrd
    Size
    4.4K
    SHA-1
    67af03c2b42eb356d4b80a893f1734ef48f9f206
    MD5
    df3db9812fc07e535c9790490e5fabbf
    CRC-32
    a10aae10
    File type
    application/octet-stream
    First seen
    2010-09-07
  • c:\Documents and Settings\test user\Application Data\Bitrix Security\qnf.txt
  • c:\Documents and Settings\test user\Application Data\Bitrix Security\fiwqnxvd22.dll
    Size
    47K
    SHA-1
    c741f155340c47061b1c07e6ea53b453a664240c
    MD5
    9f55b31ad3e5b5c95fad1f7cf0930953
    CRC-32
    aa17596f
    File type
    Windows executable
    First seen
    2010-09-07
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Essentials\0
    ubxc
    07092010_204445_136843
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{EB6E5FDE-6F99-4375-809C-814825E5A76D}
    Locale
    EN
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Internet Explorer\PhishingFilter
    ShownVerifyBalloon
    0x00000003
  • HKCU\Software\Microsoft\Essentials
    pr
    63 62 61 3a 71 64 77 7d 73 77 7e 38 7a 70 62
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Security
    DisableSecuritySettingsCheck
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1405
    0x00000000
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\rundll32.exe

Example 3

File Information

Size
155K
SHA-1
848795af86798ff9589c7a2ab4341085daf4be19
MD5
5e94f489abc97a1d2b3c226e8c873fee
CRC-32
4ad120cf
File type
Windows executable
First seen
2010-09-09

Other vendor detection

Kaspersky
Trojan-PSW.Win32.Agent.tye

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Bitrix Security\fiwqnxvd22.dll
    Size
    47K
    SHA-1
    c741f155340c47061b1c07e6ea53b453a664240c
    MD5
    9f55b31ad3e5b5c95fad1f7cf0930953
    CRC-32
    aa17596f
    File type
    Windows executable
    First seen
    2010-09-07
  • c:\Documents and Settings\test user\Application Data\Bitrix Security\qnf.txt
  • c:\Documents and Settings\test user\Application Data\Bitrix Security\tbojih
    Size
    99K
    SHA-1
    1b3b92200f35fa53f1314f124a375c3123c8078d
    MD5
    465825e832409ceadac33ddfe466c222
    CRC-32
    f1912ee1
    File type
    application/octet-stream
    First seen
    2010-09-09
  • c:\Documents and Settings\test user\Application Data\Bitrix Security\fiwqnxvd22_shrd
    Size
    4.4K
    SHA-1
    5d1bb870e1d5b2633daf6147e8d0628d720cbb9a
    MD5
    401192dada7f61ffca9b55cdd40a597b
    CRC-32
    1bc4c764
    File type
    application/octet-stream
    First seen
    2010-09-09
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\PhishingFilter
    ShownVerifyBalloon
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Essentials
    pr
    63 62 61 3a 71 64 77 7d 73 77 7e 38 7a 70 62
  • HKCU\Software\Microsoft\Essentials\0
    ubxc
    09092010_120827_180515
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Internet Explorer\Security
    DisableSecuritySettingsCheck
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{EB6E5FDE-6F99-4375-809C-814825E5A76D}
    Locale
    EN
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1405
    0x00000000
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\rundll32.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy