Mal/EncPk-NST

Category:	Viruses and Spyware	Protection available since:	05 Mar 2013 04:06:26 (GMT)
Type:	Malicious behavior	Last Updated:	05 Mar 2013 04:06:26 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Mal/EncPk-NST exhibits the following characteristics:

File Information

Size: 35K
SHA-1: cce7fb738d4ee17d6103465e3fcb25d7704d3c1a
MD5: 6a16606ba99af0cc4e08da3935507f15
CRC-32: 21bb4e76
File type: Windows executable
First seen: 2013-01-02

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe

Dropped Files

c:\Documents and Settings\test user\Application Data\Microsoft\Windows\epbEK.cfg
Size
2.0K
SHA-1
eee8c5faa47f1948b76cc1a60575965950b4eb3a
MD5
621820db789ed5756931be80f8e09754
CRC-32
e21b8cb4
File type
Unspecified binary - probably data
First seen
2013-01-02
c:\Documents and Settings\test user\Application Data\Microsoft\Windows\epbEK.dat
Size
2
SHA-1
4700b42849fb35be323774820bf1bc8019d26c80
MD5
84cad01fdb44ae58dbe6c3973dcd87f5
CRC-32
4f349987
File type
Windows Codepage 1252
First seen
2011-09-26

Registry Keys Created

HKCU\Software\epbEK
InstalledServer
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SYSTEM
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Load
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{0S6Q2I71-1N51-QMPP-5VCP-C100I27NE52L}
StubPath
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe restart
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
SYSTEM
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
SYSTEM
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
SYSTEM
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
SYSTEM
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
Load
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SYSTEM
c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe

Registry Keys Modified

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe c:\Documents and Settings\test user\Application Data\SYSTEM\SYSTEM.exe

Processes Created

c:\windows\system32\notepad.exe
c:\windows\system32\svchost.exe

DNS Requests

kingprog.no-ip.info

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Mal/EncPk-NST

File Information

Runtime Analysis

Copies Itself To

Dropped Files

Registry Keys Created

Registry Keys Modified

Processes Created

DNS Requests

Free Mac Anti-Virus

Popular topics