Mal/MSIL-IM

Category: Viruses and Spyware Protection available since:07 Apr 2014 12:16:33 (GMT)
Type: Malicious behavior Last Updated:07 Apr 2014 12:16:33 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/MSIL-IM include:

Example 1

File Information

Size
76K
SHA-1
0d17c1fbbae1efded47c5f63ca8bd444fe7a8be2
MD5
40f80ef31fb442cdf3e6a349e0195812
CRC-32
b7b24f3d
File type
Windows executable
First seen
2014-04-06

Example 2

File Information

Size
485K
SHA-1
7198df7984d4819d8e27e6b7aef66968fb0d2068
MD5
552dd16646f8e059173b4ff9af3c73fb
CRC-32
5928ea98
File type
application/x-ms-dos-executable
First seen
2014-04-05

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\PjqlzDUk\4QNG1Yp.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\PjqlzDUk\4QNG1Yp.exe.lnk
    Size
    897
    SHA-1
    1b29873a666bbda32eb97bcf4dc2df0140a73f8b
    MD5
    c40a7d9462e9abca331d5bf93e8dd4a7
    CRC-32
    d6a02091
    File type
    Windows Shortcut file (.LNK)
    First seen
    2014-04-06
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    AkQhwMrLvz
    c:\Documents and Settings\test user\Application Data\PjqlzDUk\4QNG1Yp.exe.lnk
Processes Created
  • c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
IP Connections
  • 91.187.174.140:1604

Example 3

File Information

Size
392K
SHA-1
94b8dee04b501862d4b66f376a806ccaaebb4122
MD5
d4bb706e3e461f1ccf390fc2fc786faf
CRC-32
c442e642
File type
application/x-ms-dos-executable
First seen
2014-04-07

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\dGNIWZiH\seb2plM.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\dGNIWZiH\seb2plM.exe.lnk
    Size
    897
    SHA-1
    d88a93a26825d343bc21ce17b77e63c4cd6b590b
    MD5
    ffd49a7cc10844e0c16d836bc0b56f6a
    CRC-32
    0c658fd1
    File type
    Windows Shortcut file (.LNK)
    First seen
    2014-04-07
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    XGdES9N8RW
    c:\Documents and Settings\test user\Application Data\dGNIWZiH\seb2plM.exe.lnk
Processes Created
  • c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
HTTP Requests
  • http://obi1.cwsurf.de/index.php
DNS Requests
  • obi1.cwsurf.de

download Try Sophos products for free
Download now