Mal/EncPk-ABL

Category: Viruses and Spyware Protection available since:09 Nov 2011 23:35:52 (GMT)
Type: Malicious behavior Last Updated:10 Jan 2013 06:36:04 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/EncPk-ABL include:

Example 1

File Information

Size
148K
SHA-1
00045d2495aaa848103208cbe83948015f71e54d
MD5
aa69604e36dbef371404b631e426d6d6
CRC-32
5c919f9e
File type
application/x-ms-dos-executable
First seen
2011-07-15

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1409
    0x00000003
  • HKEY_USERS\.DEFAULT\Software\Microsoft Windows
    000000A851EEF32B
    □v□p□□p□□`□□`□□ □□ □□□□□□□□□□□□□□□□□`□□0□□□□□□□□□□□□□□□□□0□□□□□□□□0□□□□□□□□p□□ □□□□□□□□p□□`□□P□□ □□0□□ □□□□□□□□□?□□2□@!□0 □□&□□H□□I□□N□□□□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□p□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□P□□□□□□□□p□□0□□0□□□□□□□□□□□0□□□□□P□□P□□□□□□□□P□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□"□□H□0□□□□□□□□□□□□□□@□□0□□0□□□□□□□□□□□□□□`□□□□□□□□p□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnIntranet
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1409
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\PhishingFilter
    EnabledV8
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1409
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnPost
    00 00 00 00
Processes Created
  • c:\newdnswatch\newdnswatch.exe
IP Connections
  • 195.88.209.228:443
  • 8.8.8.8:53
DNS Requests
  • raz7pi7zop.com

Example 2

File Information

Size
512K
SHA-1
001a0ec3e2b02b927ffef9b695ce8b7026ab4aa9
MD5
dc8c0e20b6980972adfe5332bb2bc041
CRC-32
f2e86a36
File type
application/x-ms-dos-executable
First seen
2011-10-04

Example 3

File Information

Size
2.6M
SHA-1
001ac1db745961c165c8a465af0cf66287f27625
MD5
142c266ebea432a6872912e4920ca6e8
CRC-32
936d0ad3
File type
application/x-ms-dos-executable
First seen
2011-09-14

download Try Sophos products for free
Download now