Mal/VB-AC

Category: Viruses and Spyware Protection available since:10 Jul 2009 01:05:58 (GMT)
Type: Malicious behavior Last Updated:10 Jul 2009 01:05:58 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/VB-AC include:

Example 1

Other vendor detection

Avira
TR/Dropper.Gen
Kaspersky
Trojan-Downloader.Win32.VB.kax
Trend
WORM_VB.JNH

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\svshost.exe
Dropped Files
  • C:\WINDOWS\sample.txt
    Size
    16K
    SHA-1
    ffba9d4a1e96d32920545a04cc5e972c24e32b86
    MD5
    cb99a083b6cacdc88d319f473078f62f
    CRC-32
    dd20e89d
    File type
    application/octet-stream
    First seen
    2011-03-11
Modified Files
  • %WINDOWS%\msapps
    • Set the hidden and system flags
  • %WINDOWS%\Cursors
    • Set the hidden and system flags
  • %WINDOWS%\inf
    • Set the system flag
  • %WINDOWS%\PeerNet
    • Set the hidden and system flags
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\\test_item.exe
    c:\\test_item.exe:*:Enabled:Complete Server For Remote Administration via the Internet or LANDownloader
  • HKLM\SYSTEM\CurrentControlSet\Services\htoad
    ErrorControl
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Control
    ServicesPipeTimeout
    0x00002710
  • HKLM\SYSTEM\CurrentControlSet\Services\stuad
    ErrorControl
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\htuad
    ObjectName
    LocalSystem
Processes Created
  • c:\windows\system32\notepad.exe
HTTP Requests
  • http://www.prospysoft.com/AP.exe
  • http://www.prospysoft.com/BP.exe
DNS Requests
  • www.prospysoft.com

Example 2

Other vendor detection

Avira
TR/Dropper.Gen
Kaspersky
Trojan-Downloader.Win32.VB.kbu
Trend
WORM_VB.JNH

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\svshost.exe
Dropped Files
  • C:\WINDOWS\test_item.exe
Modified Files
  • %WINDOWS%\inf
    • Set the system flag
  • %WINDOWS%\Cursors
    • Set the hidden and system flags
  • %WINDOWS%\msapps
    • Set the hidden and system flags
  • %WINDOWS%\PeerNet
    • Set the hidden and system flags
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\stuad
    ErrorControl
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Control
    ServicesPipeTimeout
    0x00002710
  • HKLM\SYSTEM\CurrentControlSet\Services\htuad
    ObjectName
    LocalSystem
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\\test_item.exe
    c:\\test_item.exe:*:Enabled:Complete Server For Remote Administration via the Internet or LANWin32
  • HKLM\SYSTEM\CurrentControlSet\Services\htoad
    ErrorControl
    0x00000001
HTTP Requests
  • http://www.prospysoft.com/AP
DNS Requests
  • www.prospysoft.com

Example 3

File Information

Size
665K
SHA-1
470cec06d29bc2e8988664d01f773e7acf867c72
MD5
da2aa8c50fd5bb29a92a751dd34be5d1
CRC-32
dba1da90
File type
application/x-ms-dos-executable
First seen
2011-02-19

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy