Mal/ZipMal-A exhibits the following characteristics:
File Information
- Size
- 161K
- SHA-1
- 3b6e1e70b44f37c7d14beee32e279ef658d2c681
- MD5
- 357bd78a4bf5baf30a5f06155e9b14f9
- CRC-32
- 2f3c0190
- File type
- application/x-ms-dos-executable
- First seen
- 2011-03-21
Other vendor detection
- Avira
- TR/Dropper.Gen
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\1.doc
- C:\Documents and Settings\All Users\Application Data\SSK.LOG
- Size
- 414
- SHA-1
- 4066dbdc4ac8687abc77a45b861327342d9c5e99
- MD5
- b8f7aba938607b21cb11a310905ec09f
- CRC-32
- e6999a7d
- File type
- application/octet-stream
- First seen
- 2011-03-21
- C:\Documents and Settings\All Users\Application Data\winsvcfs.DLL
- Size
- 129K
- SHA-1
- 7108573d894fa17b51dc949ba2c8c376a9b12d99
- MD5
- 74bdec24bf329875fe885c5b3b89a237
- CRC-32
- 7b27d4fa
- File type
- application/x-ms-dos-executable
- First seen
- 2011-03-21
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\winsvcfs
- Type
- 0x00000010
- HKLM\SYSTEM\CurrentControlSet\Services\winsvcfs\Enum
- Count
- 0x00000001
- HKLM\SYSTEM\CurrentControlSet\Services\winsvcfs\Parameters
- ServiceMain
- NcfGj
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
- LocalService
- Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV winsvcfs
Processes Created
- c:\docume~1\support\locals~1\temp\1.exe
- c:\program files\windows nt\accessories\wordpad.exe
- c:\windows\system32\rundll32.exe
- c:\windows\system32\svchost.exe
HTTP Requests
- http://-\xbc+\x0f\xd7;C\xce\xf0q\xa9\x19\xa97\xd3\x0f\x95\x962\xf7\xb4\b\\;\x97\x1aL\xdf\xa9B\x06\x9b\xbeV\xd6\x9c\xb2\xe3\"j
DNS Requests
- download.windowsupdate.com
- news.servequake.com