Examples of Mal/TDSSPack-Z include:
Example 1
File Information
- Size
- 137K
- SHA-1
- 00581c453b4c46e29c2bd7617a23a8d51f727603
- MD5
- bbfb12cb44da5a3f97d49fcce9833835
- CRC-32
- 1ebf7beb
- File type
- application/x-ms-dos-executable
- First seen
- 2010-10-26
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Temp\4.tmp
Dropped Files
- C:\WINDOWS\Temp\6.tmp
- Size
- 137K
- SHA-1
- 179a56ffa80dff61f3e7018e9a1290bc832c54c3
- MD5
- ec066ed8a6ec490747b52c45a043f303
- CRC-32
- d111d0fe
- File type
- application/x-ms-dos-executable
- First seen
- 2010-10-26
Registry Keys Created
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- maxhttpredirects
- 0x000022b8
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- enablehttp1_1
- 0x00000001
- HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
- DefaultSpoolDirectory
- C:\WINDOWS\System32\spool\PRINTERS
- HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
- svchost.exe
- 0x000022b8
Registry Keys Modified
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- CurrentLevel
- 0x00000000
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- CurrentLevel
- 0x00000000
Processes Created
- c:\windows\system32\spoolsv.exe
Example 2
File Information
- Size
- 101K
- SHA-1
- 00c373f72a9387f83a134371260b57e8c86cbfa0
- MD5
- 25a8c13b929ba3cf0ae13c35ed8cc89c
- CRC-32
- 37a55684
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-27
Runtime Analysis
Registry Keys Created
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- DefaultConnectionSettings
- 3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 50 68 43 37 cd 5f cb 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- DefaultConnectionSettings
- 3c 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 50 68 43 37 cd 5f cb 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
- CachePath
- C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
- HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- SavedLegacySettings
- 3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
- Directory
- C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
- CachePath
- C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
- CachePath
- C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
- CachePath
- C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
- HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- SavedLegacySettings
- 3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
DNS Requests
Example 3
File Information
- Size
- 36K
- SHA-1
- 00de94e38fda2bab380173582e565ab7af71c411
- MD5
- 4f72468c7511afa52fb4100a61ec42d2
- CRC-32
- dbf262bb
- File type
- application/x-ms-dos-executable
- First seen
- 2011-03-23