Mal/EncPk-GV

Category: Viruses and Spyware Protection available since:28 Jan 2009 17:46:48 (GMT)
Type: Malicious behavior Last Updated:28 Jan 2009 17:46:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Mal/EncPk-GV exhibits the following characteristics:

Other vendor detection

Avira
TR/Dropper.Gen
Kaspersky
Trojan-Downloader.Win32.Tibs.knh
Trend
Mal_Nucrp-6

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\winds32.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\4.dflb
    Size
    108
    SHA-1
    9a768008a915004999e0b22a9e2467bb6316a688
    MD5
    98782af44e3a3f0ed1d933f8abe1cbf1
    CRC-32
    54b7fefb
    File type
    application/octet-stream
    First seen
    2011-02-03
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr
    BitNames
    NAP_TRACE_BASE NAP_TRACE_NETSH
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh
    LogSessionName
    stdout
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    System32
    C:\WINDOWS\system32\winds32.exe
  • HKLM\SOFTWARE\Microsoft\Tracing\FWCFG
    MaxFileSize
    0x00100000
Processes Created
  • c:\windows\system32\netsh.exe
HTTP Requests
  • http://pluscount.net/adv/040/adload.php
  • http://pluscount.net/ps3sdf/proxy.jpg
  • http://pluscount.net/ps3sdf/search.jpg
  • http://pluscount.net/ps3sdf/tibs.jpg
  • http://pluscount.net/ps3sdf/tool.jpg
  • http://pluscount.net/ps3sdf/winlogon.jpg
  • http://pluscount.net/rftghjkljhgfdsdfgh.php
DNS Requests
  • pluscount.net

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy