Mal/Boom105-A

Category: Viruses and Spyware Protection available since:04 Mar 2013 14:30:42 (GMT)
Type: Malicious behavior Last Updated:04 Mar 2013 14:30:42 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Boom105-A include:

Example 1

File Information

Size
28K
SHA-1
bf4e9a7422a8d1a3eda3cf30bdcd34f48c852387
MD5
8293525590f5ee4a69da5a2d8131f3b9
CRC-32
3e72bc0b
File type
Windows executable
First seen
2011-10-05

Other vendor detection

Avira
BDS/Backdoor.Gen

Example 2

File Information

Size
28K
SHA-1
bfbaf84c76e8104455b2a19cc9aba40472443560
MD5
d4e7a33cbede1d48916893f638cea3ac
CRC-32
49670437
File type
Windows executable
First seen
2011-11-30

Other vendor detection

Avira
BDS/Backdoor.Gen

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows Update
    C:/Windows/System32\update.exe
DNS Requests
  • lmfao.azok.org

Example 3

File Information

Size
27K
SHA-1
bfd4ab83ede45ac87165e40bab491c1a3a66321b
MD5
fe6bfd407bc4ed757127e61207ac6bd6
CRC-32
36a0d3cd
File type
Windows executable
First seen
2012-01-15

Other vendor detection

Avira
BDS/Backdoor.Gen

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\App\winlogon.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\App\Set.bin
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows Defender
    c:\Documents and Settings\test user\Application Data\App\winlogon.exe
Processes Created
  • c:\Documents and Settings\test user\application data\app\winlogon.exe
HTTP Requests
  • http://error404.000webhost.com/
  • http://yourmyslave.comuf.com/Webpanel/ip.php
DNS Requests
  • error404.000webhost.com
  • yourmyslave.comuf.com

download Try Sophos products for free
Download now