What We Do
- Your Needs
  Security Goals
  INDUSTRIES & SECTORS
  COMPANY SIZE
  PRODUCT FEATURES
  CASE STUDIES
  - Education
  - Financial
  - Government
  - Healthcare
  - Technology
  - Other
- Why Sophos
  Company Overview
  Our People
  INNOVATIVE TECHNOLOGY
  ALERT SERVICES
- Products
  Product Features
  Product Families
  - Unified (formerly Astaro)
  - Endpoint
  - Network
  - Encryption
  - Web
  - Email
  - Mobile
  Complete Security
  - All-in-One Security Suites
  PRODUCTS BY NAME
  - Products A-Z
  Free Tools
  Next Steps
  RESOURCES
Getting Answers
- Support
  FIND AN ANSWER
  Support by Product
  - > View all
  Maintain your Product
  Hire an Expert
  WHAT'S POPULAR
- Threat Center
  THREAT ANALYSIS
  THREAT STATISTICS
  WHAT'S POPULAR
  Threat Definitions
  - A-Z of Threats
  THREAT MONITORING
What's Happening
- Security News/Trends
  SECURITY HUBS
  LIBRARY
  Whats Popular
  WHAT'S NEW
  Community
  - Naked Security
  - Connect with Us
  IT SECURITY TRAINING
  ANATOMY OF AN ATTACK
- Partners
  RESELLER PARTNERS
  - Overview
  - Why Partner with Sophos?
  Managed Service Providers
  - Overview
  SYSTEM INTEGRATORS
  - Overview
  OEM and Technology
  WHAT'S POPULAR

Mal/EncPk-ACI

Category:	Viruses and Spyware	Protection available since:	24 Jan 2012 12:09:10 (GMT)
Type:	Malicious behavior	Last Updated:	13 Mar 2012 14:05:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/EncPk-ACI include:

Example 1

File Information

Size: 455K
SHA-1: 0081d078752501554d079ae9d6e2da004fc6934a
MD5: d58c7ed3ce64732e8c8bc6699c1cbae6
CRC-32: c279476e
File type: application/x-ms-dos-executable
First seen: 2012-01-06

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\Local Settings\Temp\2.tmp

Registry Keys Modified

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28}
NameServer
8.8.8.8,172.16.0.2

HTTP Requests

http://217.23.15.126/chrome/report.html

IP Connections

217.23.15.126:80

Example 2

File Information

Size: 412K
SHA-1: 00caaf3bf592987c45fd25587103f43bfaf3344b
MD5: 0c7ad97680b5603ec58ca12775dd5062
CRC-32: 45edd873
File type: application/x-ms-dos-executable
First seen: 2011-12-11

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\Local Settings\Temp\2.tmp

HTTP Requests

http://217.23.15.126/chrome/report.html
http://update1.smartwecleaner.in/

IP Connections

217.23.15.126:80

DNS Requests

update1.smartwecleaner.in

Example 3

File Information

Size: 549K
SHA-1: 010b1c5d979651a1edb13d92a666924d99db69bc
MD5: 2295b9cf63a5504a8c9b133ac461437e
CRC-32: 1a03277a
File type: application/x-ms-dos-executable
First seen: 2012-01-05

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\Local Settings\Temp\2.tmp

Registry Keys Modified

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28}
NameServer
8.8.8.8,172.16.0.2

HTTP Requests

http://217.23.15.126/chrome/report.html

IP Connections

217.23.15.126:80

Try Sophos products for free
Download now