Mal/Bifrose-R

Category: Viruses and Spyware Protection available since:27 May 2009 16:19:48 (GMT)
Type: Malicious behavior Last Updated:27 May 2009 16:19:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Bifrose-R include:

Example 1

File Information

Size
102K
SHA-1
1e286ee78451a544e9e5fef07774c1df8bfb1c82
MD5
7421d3915174a16bf58cec15b3e9efd1
CRC-32
45441034
File type
application/x-ms-dos-executable
First seen
2011-02-08

Other vendor detection

Avira
TR/Crypt.CFI.Gen
Kaspersky
Trojan.Win32.Midgare.awip

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\Bifrost\server.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\addons.dat
    Size
    22K
    SHA-1
    48a0360a4b21b9ac67ff8ffc00eee0091006e358
    MD5
    8b076206fbffb056f2d26507afcc2e44
    CRC-32
    0b260240
    File type
    application/octet-stream
    First seen
    2011-03-06
Registry Keys Created
  • HKLM\SOFTWARE\Bifrost
    nck
    ed 1b e6 27 b9 28 d6 32 74 c3 cd 74 fa 93 5b 67
  • HKCU\Software\Bifrost
    plg1
    ea 44 dc 02 a3 27 d7 5f 11 ad b9 07 da f2 35 03 2a 35 8e 58 1b 0e 11 94 d4 f9 0e 19 04 4f b9 af cb 5d 59 bf cd e5 bc b0 21 a8 58 eb 14 e8 13 8a ad 69 39 70 95 91 53 5e 9c 3c 53 77 15 3a 72 7a 53 32 df fd 38 cb 07 56 89 8e 14 f2 a5 55 3e f6 64 ef 02 62 4f 7e 51 93 5a 69 11 b3 ff 39 ff f6 f5 b6 9e 02 8a 72 66 d5 79 92 4d ba 4c 2b 3d eb 10 29 df 5c 65 8c 51 26 d8 a9 7b 50 a1 81 41 8f de 9f 5d e6 68 34 24 4b e1 28 66 c5 71 08 85 30 3a 82 1e c2 21 0d dc 90 56 94 d3 97 26 05 44 ba e3 e1 73 99 15 1c 3c e9 d1 ed f6 ba 81 fc 83 5e 26 4c e8 38 e9 fe 50 d8 69 fc 51 4e 1f f5 ef 31 bc 96 a8 72 e8 b3 0f 9c e4 5b e4 ef 15 43 96 d7 37 80 6d d8 d4 b0 62 fc 0c d9 f8 31 50 a5 f4 21 79 ef da 54 ef 28 78 8a e9 46 ae f1 b5 b3 28 d9 6f fd c9 b2 25 30 b7 4d 58 fa 9b 74 84 41 36 3a d8 5a 8f 41
DNS Requests
  • bunica.no-ip.org
  • camfr0g.no-ip.org
  • camfrogT0S.no-ip.org
  • deaflove.no-ip.org
  • mafia2007.no-ip.org
  • protv.no-ip.org
  • sexcam.no-ip.org
  • vaca2.no-ip.org

Example 2

File Information

Size
29K
SHA-1
000159f9fa6a857287cddf6faf260553e2aa840b
MD5
81f9d73864e240276966f4b6150628e7
CRC-32
279fda7e
File type
application/x-ms-dos-executable
First seen
2011-03-23

Example 3

File Information

Size
40K
SHA-1
000e20eecd373bbdff07381bb7fee636730c2f3e
MD5
f1c5fd45607dfc95cb8292cfb695b159
CRC-32
dc85a875
File type
application/x-ms-dos-executable
First seen
2011-02-19

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy