Mal/EncPK-LL

Category: Viruses and Spyware Protection available since:02 Nov 2009 06:17:49 (GMT)
Type: Malicious behavior Last Updated:17 Feb 2012 08:14:03 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/EncPK-LL include:

Example 1

File Information

Size
216K
SHA-1
2e387e373d0db2e69a92ca28e8a57e3a640f9262
MD5
c6f9a6d18d73154ba1a13cbfef587dde
CRC-32
0b30ea10
File type
application/x-ms-dos-executable
First seen
2010-09-30

Runtime Analysis

Dropped Files
  • C:\Program Files\Common Files\Microsoft Shared\MSInfo\□□□.vbe
  • C:\Program Files\Common Files\Microsoft Shared\MSInfo\Server.exe
Processes Created
  • c:\windows\system32\wscript.exe

Example 2

File Information

Size
182K
SHA-1
3aabbe4008d4f7e00045bc0a68bd79b24df86a33
MD5
1dbb511e1f7ba247cd340fc37c104b47
CRC-32
335a2168
File type
application/x-ms-dos-executable
First seen
2011-02-02

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\mrdys.exe
Dropped Files
  • C:\WINDOWS\system32\ndey.dll
    Size
    368K
    SHA-1
    a2efb668799b93bc3e79ef88cdb00e55c4fe7114
    MD5
    53ddc738bb1904a1bd79e8632860d990
    CRC-32
    303cb952
    File type
    application/x-ms-dos-executable
    First seen
    2011-02-02
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    load
    C:\WINDOWS\mrdys.exe

Example 3

File Information

Size
731K
SHA-1
40cbce526abb7479627c5e57b3ac9228e04c44a5
MD5
1b657f032c6087646c6bdaac20f69082
CRC-32
40c403a6
File type
application/x-ms-dos-executable
First seen
2010-08-18

Runtime Analysis

Dropped Files
  • C:\Program Files\sjdk.exe
  • c:\Documents and Settings\test user\Recent\Program Files.lnk
  • c:\Documents and Settings\test user\Recent\3265109729844047003.jpg.lnk
  • C:\Program Files\3265109729844047003.jpg
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    4
    P□□ □□□□□p□□ □□□□□□□□□□□`□□□□□□□□P□□0□□□□□□□□ □□□□□□□□□□□□□□□□□□r□□g□ a□□ □`i□□e□0.□□n□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□□□□ □□□□□p□□ □□□□□□□□□□□`□□□□□□□□P□□0□□□□□□□□□□□□□□□□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010091520100916
    CachePrefix
    :2010091520100916:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    1
    P□□ □□□□□p□□ □□□□□□□□□□□`□□□□□□□□P□□0□□□□□□□□ □□□□□□□□□□□□□□□□□□r□□g□ a□□ □`i□□e□0.□□n□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□□□□ □□□□□p□□ □□□□□□□□□□□`□□□□□□□□P□□0□□□□□□□□□□□□□□□□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010090620100913
    CachePrefix
    :2010090620100913:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg
    MRUListEx
    □□□□□□□□□□□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    MRUListEx
    04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    MRUListEx
    01 00 00 00 00 00 00 00 ff ff ff ff
Processes Created
  • c:\windows\system32\rundll32.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy