What We Do
- Your Needs
  Security Goals
  INDUSTRIES & SECTORS
  COMPANY SIZE
  PRODUCT FEATURES
  CASE STUDIES
  - Education
  - Financial
  - Government
  - Healthcare
  - Technology
  - Other
- Why Sophos
  Company Overview
  Our People
  INNOVATIVE TECHNOLOGY
  ALERT SERVICES
- Products
  Product Features
  Product Families
  - Unified (formerly Astaro)
  - Endpoint
  - Network
  - Encryption
  - Web
  - Email
  - Mobile
  Complete Security
  - All-in-One Security Suites
  PRODUCTS BY NAME
  - Products A-Z
  Free Tools
  Next Steps
  RESOURCES
Getting Answers
- Support
  FIND AN ANSWER
  Support by Product
  - > View all
  Maintain your Product
  Hire an Expert
  WHAT'S POPULAR
- Threat Center
  THREAT ANALYSIS
  THREAT STATISTICS
  WHAT'S POPULAR
  Threat Definitions
  - A-Z of Threats
  THREAT MONITORING
What's Happening
- Security News/Trends
  SECURITY HUBS
  LIBRARY
  Whats Popular
  WHAT'S NEW
  Community
  - Naked Security
  - Connect with Us
  IT SECURITY TRAINING
  ANATOMY OF AN ATTACK
- Partners
  RESELLER PARTNERS
  - Overview
  - Why Partner with Sophos?
  Managed Service Providers
  - Overview
  SYSTEM INTEGRATORS
  - Overview
  OEM and Technology
  WHAT'S POPULAR

Mal/Katusha-N

Category:	Viruses and Spyware	Protection available since:	05 Dec 2012 14:24:35 (GMT)
Type:	Malicious behavior	Last Updated:	28 Feb 2013 22:24:17 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Katusha-N include:

Example 1

File Information

Size: 55K
SHA-1: 0004b6271225ad98f5e1e489f998cdbc5264e214
MD5: 1d2422d4358c12d6f6f4e0753f496027
CRC-32: 2a53c779
File type: Windows executable
First seen: 2012-11-07

Example 2

File Information

Size: 8.0K
SHA-1: 0020bbbf62265f446f0f417deb7cc9cede2ad884
MD5: 8242a601234b222bbef98c624593e13e
CRC-32: f57f6bf5
File type: Windows executable
First seen: 2013-01-14

Example 3

File Information

Size: 82K
SHA-1: 0090c3ed60e4eb4041e6c9f28f903849fc6a4a02
MD5: c626c423096ad8afa7eebc6ecbf27b03
CRC-32: 4ffaafd7
File type: Windows executable
First seen: 2012-12-04

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\115781FdOh
Size
1.7K
SHA-1
afdda946b27b51d91e5cf987153d663eccdd3c27
MD5
d52d666b38e46ea38b779c52eae04f9f
CRC-32
40e708c9
File type
Windows Codepage 1252
First seen
2012-11-16
C:\WINDOWS\system32\drivers\etc\hosts.sam

Registry Keys Created

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
115984
cmd.exe /c copy C:\DOCUME~1\support\LOCALS~1\Temp\115781FdOh C:\WINDOWS\system32\drivers\etc\hosts /Y && attrib +H C:\WINDOWS\system32\drivers\etc\hosts /f
HKCU\Software\WinRAR
HWID
{4□@2□□6□□7□□-□ A□ 0□□4□ 7□@-□□5□p1□□0□□F□@5□PF□□0□□7□□}□

Processes Created

c:\windows\system32\at.exe
c:\windows\system32\cmd.exe
c:\windows\system32\reg.exe

DNS Requests

flirotte.info
vidderty.info

Try Sophos products for free
Download now