Mal/CoiDung-A

Category: Viruses and Spyware Protection available since:08 Dec 2010 02:26:25 (GMT)
Type: Malicious behavior Last Updated:17 Jun 2011 00:28:57 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/CoiDung-A include:

Example 1

File Information

Size
140K
SHA-1
1592eb71377c9a06e374759cc9dee87c09af2ccb
MD5
7a4165223e1317617c3d0db1550965b1
CRC-32
adb4331d
File type
application/x-ms-dos-executable
First seen
2010-08-19

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\Help\Other.exe
  • C:\WINDOWS\SVIQ.EXE
  • C:\WINDOWS\dc.exe
  • C:\WINDOWS\inf\Other.exe
  • C:\WINDOWS\system32\WinSit.exe
  • C:\WINDOWS\system32\config\Win.exe
  • C:\WINDOWS\system\Fun.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF93A8.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFBBA9.tmp
  • C:\WINDOWS\wininit.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFA07E.tmp
Registry Keys Created
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\system32\config\Win.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    dc
    C:\WINDOWS\dc.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    load
    C:\WINDOWS\inf\Other.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    Explorer.exe C:\WINDOWS\system32\WinSit.exe
Processes Created
  • c:\windows\dc.exe
  • c:\windows\sviq.exe
  • c:\windows\system\fun.exe

Example 2

File Information

Size
189K
SHA-1
1fc5f764bd5dd54adb161c888e1d690e3873b799
MD5
37c6abc90733a311971eef55f1869f01
CRC-32
82af328a
File type
application/x-ms-dos-executable
First seen
2010-10-18

Example 3

File Information

Size
132K
SHA-1
22725fab58dde56d196dcd969890031a9ec1ba30
MD5
40ce391bdfb0b8c1bcbecc678f36d2c5
CRC-32
5690ea24
File type
application/x-ms-dos-executable
First seen
2010-09-06

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\Help\Other.exe
  • C:\WINDOWS\SVIQ.EXE
  • C:\WINDOWS\dc.exe
  • C:\WINDOWS\system32\WinSit.exe
  • C:\WINDOWS\system32\config\Win.exe
  • C:\WINDOWS\system\Fun.exe
Dropped Files
  • C:\WINDOWS\wininit.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF7722.tmp
Registry Keys Created
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\system32\config\Win.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    dc
    C:\WINDOWS\dc.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    Explorer.exe C:\WINDOWS\system32\WinSit.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy