Mal/EncPk-CI

Category:	Viruses and Spyware	Protection available since:	22 Jan 2009 14:04:23 (GMT)
Type:	Malicious behavior	Last Updated:	22 Jan 2009 14:04:23 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/EncPk-CI include:

Example 1

File Information

Size: 353K
SHA-1: 6e575ab476346b927a1fd262d162d39845968612
MD5: 250e052c663606f837649e5ebe88c5bc
CRC-32: 734adecd
File type: application/x-ms-dos-executable
First seen: 2010-09-07

Other vendor detection

Kaspersky: Trojan-Dropper.Win32.Autoit.z

Runtime Analysis

Copies Itself To

C:\WINDOWS\system32\winfiles.exe
C:\WINDOWS\winfiles.exe

Dropped Files

C:\WINDOWS\winnt.exe

Registry Keys Created

HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer
LimitSystemRestoreCheckpointing
0x00000001
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
DisableSR
0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares
shared
\winfiles.exe

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe winfiles.exe

Example 2

File Information

Size: 43K
SHA-1: 0003ce7b51a2f53aaf2145d7670ecbdb3dfb8c59
MD5: 1279dc5c714f9725cecdb49b85aa316d
CRC-32: 39504952
File type: application/x-ms-dos-executable
First seen: 2011-01-08

Example 3

File Information

Size: 6.0K
SHA-1: 0007582594ba6c41830f074e7a815aa05030df6e
MD5: c846fece29ade7e639e4e7ba9ec85c94
CRC-32: a5eb3bd5
File type: application/x-ms-dos-executable
First seen: 2011-01-10

Try Sophos products for free
Download now