Mal/Katusha-N

Category: Viruses and Spyware Protection available since:05 Dec 2012 14:24:35 (GMT)
Type: Malicious behavior Last Updated:28 Feb 2013 22:24:17 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Katusha-N include:

Example 1

File Information

Size
55K
SHA-1
0004b6271225ad98f5e1e489f998cdbc5264e214
MD5
1d2422d4358c12d6f6f4e0753f496027
CRC-32
2a53c779
File type
Windows executable
First seen
2012-11-07

Example 2

File Information

Size
8.0K
SHA-1
0020bbbf62265f446f0f417deb7cc9cede2ad884
MD5
8242a601234b222bbef98c624593e13e
CRC-32
f57f6bf5
File type
Windows executable
First seen
2013-01-14

Example 3

File Information

Size
82K
SHA-1
0090c3ed60e4eb4041e6c9f28f903849fc6a4a02
MD5
c626c423096ad8afa7eebc6ecbf27b03
CRC-32
4ffaafd7
File type
Windows executable
First seen
2012-12-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\115781FdOh
    Size
    1.7K
    SHA-1
    afdda946b27b51d91e5cf987153d663eccdd3c27
    MD5
    d52d666b38e46ea38b779c52eae04f9f
    CRC-32
    40e708c9
    File type
    Windows Codepage 1252
    First seen
    2012-11-16
  • C:\WINDOWS\system32\drivers\etc\hosts.sam
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    115984
    cmd.exe /c copy C:\DOCUME~1\support\LOCALS~1\Temp\115781FdOh C:\WINDOWS\system32\drivers\etc\hosts /Y && attrib +H C:\WINDOWS\system32\drivers\etc\hosts /f
  • HKCU\Software\WinRAR
    HWID
    {4□@2□□6□□7□□-□ A□ 0□□4□ 7□@-□□5□p1□□0□□F□@5□PF□□0□□7□□}□
Processes Created
  • c:\windows\system32\at.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • flirotte.info
  • vidderty.info

download Try Sophos products for free
Download now