What We Do
- Your Needs
  Security Goals
  INDUSTRIES & SECTORS
  COMPANY SIZE
  PRODUCT FEATURES
  CASE STUDIES
  - Education
  - Financial
  - Government
  - Healthcare
  - Technology
  - Other
- Why Sophos
  Company Overview
  Our People
  INNOVATIVE TECHNOLOGY
  ALERT SERVICES
- Products
  Product Features
  Product Families
  - Unified (formerly Astaro)
  - Endpoint
  - Network
  - Encryption
  - Web
  - Email
  - Mobile
  Complete Security
  - All-in-One Security Suites
  PRODUCTS BY NAME
  - Products A-Z
  Free Tools
  Next Steps
  RESOURCES
Getting Answers
- Support
  FIND AN ANSWER
  Support by Product
  - > View all
  Maintain your Product
  Hire an Expert
  WHAT'S POPULAR
- Threat Center
  THREAT ANALYSIS
  THREAT STATISTICS
  WHAT'S POPULAR
  Threat Definitions
  - A-Z of Threats
  THREAT MONITORING
What's Happening
- Security News/Trends
  SECURITY HUBS
  LIBRARY
  Whats Popular
  WHAT'S NEW
  Community
  - Naked Security
  - Connect with Us
  IT SECURITY TRAINING
  ANATOMY OF AN ATTACK
- Partners
  RESELLER PARTNERS
  - Overview
  - Why Partner with Sophos?
  Managed Service Providers
  - Overview
  SYSTEM INTEGRATORS
  - Overview
  OEM and Technology
  WHAT'S POPULAR

Mal/EncPk-AIU

Category:	Viruses and Spyware	Protection available since:	31 Jan 2013 23:28:04 (GMT)
Type:	Malicious behavior	Last Updated:	31 Jan 2013 23:28:04 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/EncPk-AIU include:

Example 1

File Information

Size: 35K
SHA-1: 076be4a569e67befffee0c93a947ef0fc8880d00
MD5: 46e34fef9558ffed629576eced7ebee0
CRC-32: 827515f9
File type: Windows executable
First seen: 2013-01-30

Other vendor detection

Avira: TR/Crypt.XPACK.Gen

Example 2

File Information

Size: 40K
SHA-1: 0b034471988f9d383ad65cc5d22c430ec3840dad
MD5: 5c8e1d57c7165f4b93c5c917b0e80d3c
CRC-32: c0a304ba
File type: Windows executable
First seen: 2012-12-26

Other vendor detection

Avira: TR/Crypt.XPACK.Gen

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\jeanyxyvizyr.exe

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
jeanyxyvizyr
c:\Documents and Settings\test user\jeanyxyvizyr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion
jeanyxyvizyrzap
$.□□□□pL□□□□□□□□3□p□□□□□

DNS Requests

0daymusic.biz
0risiko.de
4dbabamozi.hu
4dbenelux.be
4etoiles.fr
4ever-hosting.de
4everdreams.nl
4evernet.de
4eversoft.hu
4every1.cz
7atable.be
9online.fr
9welten.de
smtp.live.com

Example 3

File Information

Size: 35K
SHA-1: 334a6b6f33e65a291ee45705c39b2c8b1afe75ff
MD5: e929a1ce04643b0c4c76187350a73090
CRC-32: a4aad334
File type: Windows executable
First seen: 2013-01-28

Other vendor detection

Avira: TR/Crypt.XPACK.Gen

Try Sophos products for free
Download now