Mal/Spyeye-B

Category: Viruses and Spyware Protection available since:12 Nov 2010 19:44:39 (GMT)
Type: Malicious behavior Last Updated:12 Nov 2010 19:44:39 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Spyeye-B include:

Example 1

File Information

Size
196K
SHA-1
03b40daedc6818e5e80dd495960188805fc65694
MD5
df35e4e1b3827915234f3ad30d1d2869
CRC-32
5631e962
File type
application/x-ms-dos-executable
First seen
2010-10-19

Other vendor detection

Avira
TR/Injector.BI

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\jxiz.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    c:\Documents and Settings\test user\Application Data\jxiz.exe
DNS Requests
  • www.adx4bf1.com
  • www.adx4bf2.com

Example 2

File Information

Size
116K
SHA-1
0d0c1bef488ebbd6bc759ff9cd10f2764cad4350
MD5
19a7fe4e6c00cf49282ef9d3cabba059
CRC-32
335f1c40
File type
application/x-ms-dos-executable
First seen
2010-10-20

Other vendor detection

Kaspersky
Trojan-Spy.Win32.SpyEyes.czv

Runtime Analysis

Copies Itself To
  • C:\Program Files\Common Files\systems\SysWindows.exe
  • F:/DriverUSB.exe
Dropped Files
  • C:\Program Files\Common Files\systems\pinks.dll
    Size
    50
    SHA-1
    7acbb13c7a2c5ab8b6e99bb517d025d3c6685ad7
    MD5
    2df4f778749abc74dfa13666dba84f7e
    CRC-32
    e7f79142
    File type
    application/octet-stream
    First seen
    2010-10-21
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Winsys
    "C:\Program Files\Common Files\systems\SysWindows.exe"
Processes Created
  • c:\program files\common files\systems\syswindows.exe
  • c:\windows\explorer.exe
HTTP Requests
  • http://pde2.fayerwall.info/
  • http://polymat.digiline.be/FCKeditor/editor/pnl/index.php
DNS Requests
  • pde2.fayerwall.info
  • polymat.digiline.be

Example 3

File Information

Size
116K
SHA-1
13ad6aac6dd9a41eaa133ebc6bc3d9ab276f1d23
MD5
1ec21b62be55ec4d6ec5aa3a3ff12444
CRC-32
cf1ccc52
File type
application/x-ms-dos-executable
First seen
2010-10-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\jxiz.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    c:\Documents and Settings\test user\Application Data\jxiz.exe
DNS Requests
  • www.adx4bf1.com
  • www.adx4bf2.com

download Try Sophos products for free
Download now