Mal/Behav-004

Category:	Viruses and Spyware	Protection available since:	06 Sep 2006 00:00:00 (GMT)
Type:	Malicious behavior	Last Updated:	11 Mar 2010 16:18:54 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Behav-004 include:

Example 1

File Information

Size: 28K
SHA-1: 13b3f027ce5d5c9652087542e1574119adc7593d
MD5: e55fc4fd16d3254f9360c804b502784b
CRC-32: 82376631
File type: application/x-ms-dos-executable
First seen: 2010-09-17

Other vendor detection

Avira: TR/Spy.Gen

Example 2

File Information

Size: 32K
SHA-1: 15e73caa24afbc1cd929befd0ac6360b1048a685
MD5: a965a091a43477a2f7e72946ece7d67f
CRC-32: 3f284412
File type: application/x-ms-dos-executable
First seen: 2011-03-24

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\Local Settings\Temp\2.tmp

Example 3

File Information

Size: 233K
SHA-1: 1a32f75f1a745e38ba207d597078083296b4c0c6
MD5: 229526d4ac8074fa57e89d9616552c7f
CRC-32: 2611f632
File type: application/x-ms-dos-executable
First seen: 2011-03-08

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\Local Settings\Temp\Windupdt\winupdate.exe

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
winupdater
C:\DOCUME~1\support\LOCALS~1\Temp\Windupdt\winupdate.exe

Registry Keys Modified

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\support\LOCALS~1\Temp\Windupdt\winupdate.exe

Processes Created

c:\windows\explorer.exe

Try Sophos products for free
Download now