Mal/Gippers-B

Category: Viruses and Spyware Protection available since:05 Apr 2014 22:25:25 (GMT)
Type: Malicious behavior Last Updated:05 Apr 2014 22:25:25 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Gippers-B include:

Example 1

File Information

Size
64K
SHA-1
02f0843dbf4c79bd2e7a34ca9eae095e6511c7fc
MD5
83f26b5bda643a92c32add7b0e02290d
CRC-32
7403c4a9
File type
application/x-ms-dos-executable
First seen
2014-03-31

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\PCIDForComm.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\USBServers32.exe
  • C:\WINDOWS\Temp\tttbrozzz.bat
  • c:\Documents and Settings\test user\Local Settings\Temp\eidolon.exe
    Size
    25K
    SHA-1
    ab388dbb45109acd543d28030daf065e50e20a1b
    MD5
    f3858fb30c8ddb74a11e85381009c438
    CRC-32
    6abb02c4
    File type
    Windows executable
    First seen
    2013-09-30
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    USBServers32
    C:\DOCUME~1\support\LOCALS~1\Temp\USBServers32.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\eidolon.exe
  • c:\docume~1\support\locals~1\temp\usbservers32.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ntvdm.exe
  • c:\windows\system32\reg.exe
HTTP Requests
  • http://microsoft.myPicture.info/pRiro9GMoZufF6LSi6I=/index.asp
DNS Requests
  • microsoft.mypicture.info

Example 2

File Information

Size
83K
SHA-1
0a67890ab2051b33cd6414eca21f832ac393de0c
MD5
29fe0df4f22e6fc1c204a63bfe0617d4
CRC-32
6f389008
File type
application/x-ms-dos-executable
First seen
2014-03-30

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\eidolon.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\PCIDForComm.dat
    Size
    4
    SHA-1
    64f482a8dde9980a0dce7fa5de7e6481a31e57a5
    MD5
    49603f86a253fdf4ddf578e0503cf72d
    CRC-32
    0bd2e765
    File type
    A small file (too small to be malicious)
    First seen
    2014-03-30
  • C:\WINDOWS\Temp\USBServers32.exe
    Size
    57K
    SHA-1
    6ee7a44f062509309e74849b3b7d062ebf3d5e6a
    MD5
    4ec0f12c159a3ad29cc2cdd9b87565b9
    CRC-32
    ac6f20e8
    File type
    Windows executable
    First seen
    2013-12-18
  • C:\WINDOWS\Temp\tttbrozzz.bat
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\UpdateSet.bat
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    USBServers32
    C:\WINDOWS\temp\USBServers32.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\eidolon.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
  • c:\windows\temp\usbservers32.exe
HTTP Requests
  • http://microsoft.longmusic.com/WDJBwYCMoSqfbTaDi6I=/index.asp
DNS Requests
  • microsoft.longmusic.com

Example 3

File Information

File type
application/x-ms-dos-executable

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\USBServers32.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\PCIDForComm.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\eidolon.exe
    Size
    25K
    SHA-1
    ab388dbb45109acd543d28030daf065e50e20a1b
    MD5
    f3858fb30c8ddb74a11e85381009c438
    CRC-32
    6abb02c4
    File type
    Windows executable
    First seen
    2013-09-30
  • C:\WINDOWS\Temp\tttbrozzz.bat
Processes Created
  • c:\docume~1\support\locals~1\temp\eidolon.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ntvdm.exe
HTTP Requests
  • http://microsoft.myPicture.info/d5iIfoSMoXifhX+Hi6I=/index.asp
DNS Requests
  • microsoft.mypicture.info

download Try Sophos products for free
Download now