Mal/Swizzor-K

Category: Viruses and Spyware Protection available since:15 Mar 2010 23:13:53 (GMT)
Type: Malicious behavior Last Updated:15 Mar 2010 23:13:53 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Swizzor-K include:

Example 1

File Information

Size
748K
SHA-1
565a8f45624234cc5e284e28bd3220e8e2ef5d9f
MD5
b70c53f081ad3535c9152286f42b64f7
CRC-32
8b06a271
File type
application/x-ms-dos-executable
First seen
2010-09-21

Other vendor detection

Kaspersky
Trojan.Win32.Swizzor.d

Runtime Analysis

Dropped Files
  • C:\sample.dat
    Size
    3.4M
    SHA-1
    ec40071cb205b83581754b1453cdebedd116444b
    MD5
    55bd17062e038aa7f4c4acc9e16bd8cd
    CRC-32
    92403efc
    File type
    application/octet-stream
    First seen
    2010-09-21
DNS Requests
  • ads.range159-195.com

Example 2

File Information

Size
564K
SHA-1
c3a139b5c888e9e0873dd9024fbdad0df5391272
MD5
362256796b69d9eab2a5bb42cd36df61
CRC-32
49ade74c
File type
application/x-ms-dos-executable
First seen
2010-11-07

Other vendor detection

Kaspersky
Trojan.Win32.Obfuscated.akxh

Runtime Analysis

Registry Keys Created
  • HKCU\Software\BoreFiveBodyerror
    holemfcd
    f5 72 7e 6f cd d9 1c 8e 0d e0 ad c5 59 14 80 3b 2c 74 1d 85 41 34 55 8f 80 31 80 e3 ca 94 44 31 d2 95 07 89 42 29 dd 75 29 95 d6 16 67 67 9b 53 08 d3 9d a5 f3 c3 1e 5c ce 9a 5b fb f0 a5 9e 79 d5 d6 b6 b5 fd 87 cb fb c6 f2 dc b6 91 c3 46 b9 cc a0 d8 77 38 b7 fb 10 4f fe 25 14 a4 93 40 1c a4 e7 44 96 c1 48 3e d0 36 d8 b1 dc 08 ca d3 8f 2c 48 39 10 a7 f0 56 9e 9f 9b 40 db 0e e0 ac c5 5d 14 f3 4d 28 41 33 b3 12 31 26 e0 80 32 80 e5 ca 85 44 35 d2 96 07 8d 42 5c ef 19 73 90 8d 10 53 53 f8 67 3d e2 aa 92 c5 fb 2e 64 ce 98 5b fb f0 ce fb 1c d5 b1 8c e9 8e 93 cf 8b aa 97 f2 d3 e1 a6 46 ba c8 a0 d8 73 3c b7 fb 14 3a 8c 49 14 b8 fc cb e3 25 11 42 96 c2 48 3a d0 3f d8 b5 dc 09 ca a1 e0 2a 3d 38 47 f0 a7 0a a9 d2 c8 06 db
HTTP Requests
  • http://ayb.host127-0-0-1.com/abt
DNS Requests
  • ayb.host127-0-0-1.com

Example 3

File Information

Size
644K
SHA-1
db4479c79ee79164085ce570db97537475c1f739
MD5
6c626f1eafbebbf700f2b8c82c872103
CRC-32
5ad1c826
File type
application/x-ms-dos-executable
First seen
2011-01-05

Runtime Analysis

DNS Requests
  • ads.range159-195.com

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy