Mal/Behav-233

Category:	Viruses and Spyware	Protection available since:	13 May 2008 08:11:34 (GMT)
Type:	Malicious behavior	Last Updated:	13 May 2008 08:11:34 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Behav-233 include:

Example 1

File Information

Size: 348K
SHA-1: adc44e7382db5abfb77a47fde34e2a1a0836f260
MD5: e801549f406c9667ed5e05b1139e4114
CRC-32: c3a72028
File type: application/x-ms-dos-executable
First seen: 2010-09-17

Other vendor detection

Kaspersky: Net-Worm.Win32.Kolab.lkd
Trend: WORM_RBOT.GEN

Runtime Analysis

Copies Itself To

C:\WINDOWS\system32\yvc.exe

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft Update Machine
yvc.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Update Machine
yvc.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Update Machine
yvc.exe

Processes Created

c:\windows\system32\yvc.exe

IP Connections

192.168.1.7:6667

Example 2

File Information

Size: 311K
SHA-1: 0056ebc7331f378109488719faa4e951598aab8f
MD5: 0dc88b8c55016b186f42a7dcaef9bf02
CRC-32: da8dc5aa
File type: application/x-ms-dos-executable
First seen: 2010-10-07

Example 3

File Information

Size: 3.4M
SHA-1: 0279137708d7fe054662e543a5d10396a7825107
MD5: 60ff496dc1f60828f877a988790f0b3c
CRC-32: aaa01baf
File type: application/x-ms-dos-executable
First seen: 2010-08-04

Try Sophos products for free
Download now