Examples of Mal/EncPk-JD include:
Example 1
File Information
- Size
- 340K
- SHA-1
- 0216ed83a33a019a476ddefeb1f667f8e2b65590
- MD5
- 4f12a74b553c951c34a7e04dfb89e1c5
- CRC-32
- 26941e9a
- File type
- application/x-ms-dos-executable
- First seen
- 2011-08-15
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Application Data\ivb.exe
- Size
- 340K
- SHA-1
- 556ccd0927705bc1592b4dd1c5f77ec93f89e1ab
- MD5
- a8a93b63fb3b9b3496baa8201b8520e1
- CRC-32
- a1553888
- File type
- application/x-ms-dos-executable
- First seen
- 2011-12-28
- c:\Documents and Settings\test user\Templates\n15n7sk380o5bt88685paen28ccu356uv4p8
- Size
- 974
- SHA-1
- a56ec32465a1b7b9966d096208f617eb9bd7caec
- MD5
- 175c81057eebf03bbb9d877437181ea1
- CRC-32
- d642b474
- File type
- application/octet-stream
- First seen
- 2011-12-28
- c:\Documents and Settings\test user\Local Settings\Temp\n15n7sk380o5bt88685paen28ccu356uv4p8
- Size
- 974
- SHA-1
- a56ec32465a1b7b9966d096208f617eb9bd7caec
- MD5
- 175c81057eebf03bbb9d877437181ea1
- CRC-32
- d642b474
- File type
- application/octet-stream
- First seen
- 2011-12-28
- c:\Documents and Settings\test user\Local Settings\Application Data\n15n7sk380o5bt88685paen28ccu356uv4p8
- Size
- 974
- SHA-1
- a56ec32465a1b7b9966d096208f617eb9bd7caec
- MD5
- 175c81057eebf03bbb9d877437181ea1
- CRC-32
- d642b474
- File type
- application/octet-stream
- First seen
- 2011-12-28
- C:\Documents and Settings\All Users\Application Data\n15n7sk380o5bt88685paen28ccu356uv4p8
- Size
- 974
- SHA-1
- a56ec32465a1b7b9966d096208f617eb9bd7caec
- MD5
- 175c81057eebf03bbb9d877437181ea1
- CRC-32
- d642b474
- File type
- application/octet-stream
- First seen
- 2011-12-28
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions
- 0x00000000
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
- DoNotAllowExceptions
- 0x00000000
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Security Center
- AntiVirusOverride
- 0x00000001
Processes Created
- c:\Documents and Settings\test user\local settings\application data\ivb.exe
HTTP Requests
- http://boqupyvuru.com/1006000413
- http://kigutohigazem.com/1006000413
- http://nynigywuheqe.com/1006000413
- http://posubudiqof.com/1006000413
- http://teguwumefu.com/1006000413
- http://tucaxiqiwityp.com/1006000413
- http://vowoputaru.com/1006000413
- http://vyganison.com/1006000413
DNS Requests
- boqupyvuru.com
- kigutohigazem.com
- nynigywuheqe.com
- pinoguzeseme.com
- posubudiqof.com
- teguwumefu.com
- tucaxiqiwityp.com
- vowoputaru.com
- vyganison.com
Example 2
File Information
- Size
- 337K
- SHA-1
- 0254a8781ac035ebfe58c889914a588aeb1e8400
- MD5
- faa87ea7cc2262c93bad3ea6ca5610f9
- CRC-32
- 09c9dedb
- File type
- application/x-ms-dos-executable
- First seen
- 2011-08-15
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Templates\263m7qu6oajr
- Size
- 962
- SHA-1
- 9d24d0d12527b01fbb2f414d26b35bc1f0c6125b
- MD5
- 78a41feb4ee30ea67d272acbd8555ff6
- CRC-32
- 562d32bd
- File type
- application/octet-stream
- First seen
- 2011-12-29
- C:\Documents and Settings\All Users\Application Data\263m7qu6oajr
- Size
- 962
- SHA-1
- 9d24d0d12527b01fbb2f414d26b35bc1f0c6125b
- MD5
- 78a41feb4ee30ea67d272acbd8555ff6
- CRC-32
- 562d32bd
- File type
- application/octet-stream
- First seen
- 2011-12-29
- c:\Documents and Settings\test user\Local Settings\Application Data\263m7qu6oajr
- Size
- 962
- SHA-1
- 9d24d0d12527b01fbb2f414d26b35bc1f0c6125b
- MD5
- 78a41feb4ee30ea67d272acbd8555ff6
- CRC-32
- 562d32bd
- File type
- application/octet-stream
- First seen
- 2011-12-29
- c:\Documents and Settings\test user\Local Settings\Temp\263m7qu6oajr
- Size
- 962
- SHA-1
- 9d24d0d12527b01fbb2f414d26b35bc1f0c6125b
- MD5
- 78a41feb4ee30ea67d272acbd8555ff6
- CRC-32
- 562d32bd
- File type
- application/octet-stream
- First seen
- 2011-12-29
- c:\Documents and Settings\test user\Local Settings\Application Data\put.exe
- Size
- 337K
- SHA-1
- 37ae84477517709eee8ad0c61e5e0b5258cd7bce
- MD5
- 64815844f5d2ba657d1dd2b47c181508
- CRC-32
- ffaeb7a8
- File type
- application/x-ms-dos-executable
- First seen
- 2011-12-29
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions
- 0x00000000
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
- DoNotAllowExceptions
- 0x00000000
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Security Center
- AntiVirusOverride
- 0x00000001
Processes Created
- c:\Documents and Settings\test user\local settings\application data\put.exe
HTTP Requests
- http://boqupyvuru.com/1019000113
- http://kigutohigazem.com/1019000113
- http://nynigywuheqe.com/1019000113
- http://teguwumefu.com/1019000113
- http://vowoputaru.com/1019000113
- http://vyganison.com/1019000113
DNS Requests
- boqupyvuru.com
- kigutohigazem.com
- nynigywuheqe.com
- pinoguzeseme.com
- teguwumefu.com
- vowoputaru.com
- vyganison.com
Example 3
File Information
- Size
- 337K
- SHA-1
- 026aaa7f757a8f21a7922481d8fbcc5f23fea3cc
- MD5
- a8a6719949c8b76f70ca4a1683d96e83
- CRC-32
- 98cbf1db
- File type
- application/x-ms-dos-executable
- First seen
- 2011-12-26
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Application Data\gam.exe
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
- DoNotAllowExceptions
- 0x00000000
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions
- 0x00000000
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Security Center
- AntiVirusOverride
- 0x00000001