Mal/Proxy-G

Category: Viruses and Spyware Protection available since:30 Mar 2012 23:12:06 (GMT)
Type: Malicious behavior Last Updated:30 Mar 2012 23:12:06 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Proxy-G include:

Example 1

File Information

Size
769K
SHA-1
3c1c1fc5d3511a43145231f78b10428d28b6801b
MD5
ec05ab503b0537652fe7d0e199c3e074
CRC-32
2540004a
File type
application/x-ms-dos-executable
First seen
2012-03-28

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\Boot.exe
Dropped Files
  • C:\WINDOWS\log.txt
  • C:\WINDOWS\Unistall.pac
    Size
    26K
    SHA-1
    78f6f7b4dd2d19a0b6fc6ec00f92a076acaf25e2
    MD5
    69549ef3e5899f77159f9857fc2bb9f3
    CRC-32
    f9d38b43
    File type
    application/octet-stream
    First seen
    2012-03-23
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    AutoConfigURL
    file://C:\Windows\Unistall.pac
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    SUROWND
    C:\Windows\Boot.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion
    SUROWND
    C:\Windows\Boot.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    ProxyEnable
    0x00000001 (1)
HTTP Requests
  • http://www.quakelounge.de/components/com_poll/views/
  • http://www.quakelounge.de/components/com_poll/views/d.txt
DNS Requests
  • www.quakelounge.de

Example 2

File Information

Size
767K
SHA-1
05360f11af0fb3444da634ffa916ac9862232d05
MD5
7968a7a10ecb972a4b7f212f6c43415c
CRC-32
701f9fe1
File type
application/x-ms-dos-executable
First seen
2012-03-16

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\Boot.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion
    SUROWND
    C:\Windows\Boot.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    SUROWND
    C:\Windows\Boot.exe
DNS Requests
  • www.chaddlewood-primary.plymouth.sch.uk

Example 3

File Information

Size
769K
SHA-1
0c9dc776f5db0ea88d80ee8dda25a21e1b52c868
MD5
384d5d1575d12f051464ea085c671f94
CRC-32
45c46502
File type
application/x-ms-dos-executable
First seen
2012-01-11

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To
  • C:\Boot.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    AutoConfigURL
    file://C:\Unistall.pac
  • HKCU\Software\Microsoft\Windows\CurrentVersion
    SUROWND
    C:\Boot.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    SUROWND
    C:\Boot.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    ProxyEnable
    0x00000001 (1)
DNS Requests
  • www.tecinnova-international.de

download Try Sophos products for free
Download now