Troj/Azber-A

Category: Viruses and Spyware Protection available since:07 Oct 2012 19:15:40 (GMT)
Type: Trojan Last Updated:07 Oct 2012 19:15:40 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Azber-A exhibits the following characteristics:

File Information

Size
93K
SHA-1
ec9a2382e9701a732cc5e000ed4e84bce3ca8944
MD5
1a9d0be319cb1934e4e7d0502cf31ac7
CRC-32
f42db257
File type
Windows executable
First seen
2012-10-06

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\kujleaog.exe
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\hwjhsolu.log
    Size
    64
    SHA-1
    edd17e4d15e5779efe27c04c2bdf3077d335d0a3
    MD5
    de2c5b6c50f5e05dff644959ff5b097c
    CRC-32
    717350f2
    File type
    Base64 encoded
    First seen
    2012-06-01
  • c:\Documents and Settings\test user\Local Settings\Application Data\tvbjuwht.log
    Size
    28
    SHA-1
    a9aefe9f73187cd1eac1373d50159b2a80e9cca8
    MD5
    7f085f44252eefad89d3e79b767212af
    CRC-32
    380d3082
    File type
    Unspecified binary - probably data
    First seen
    2012-10-06
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SOFTWARE\Microsoft\Security Center
    UacDisableNotify
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service
    DeleteFlag
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SpoQcxma
    c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Enum
    NextInstance
    0x00000001
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,,c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallOverride
    0x00000001
Processes Created
  • c:\docume~1\support\locals~1\temp\kujleaog.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • anypbvojndegpnm.com
  • apimyackpqd.com
  • attqfideqdholwyafo.com
  • bfbbvadypijthjh.com
  • buoprdhrhaighfcfl.com
  • bxqqsoxw.com
  • caytmlnlrou.com
  • cbscmebdlyfkdeeasmu.com
  • cdorpnmmafnomwyeny.com
  • ciqeutekeaojdxcxu.com
  • clufudjixpqmyspofp.com
  • cpugvsnhyrueqcyxnvo.com
  • cwnwhjtgqtt.com
  • cxatodxefolgkokdqy.com
  • daxwkcompfufkvaa.com
  • dcdtpewhb.com
  • derdamdyvt.com
  • dsooagtnljlwfpmewvm.com
  • dtqmfjuwgawuoswof.com
  • duomyvwabkuappgqxhp.com
  • ecguxgqdjcyhggfk.com
  • ecuamsraikwrwki.com
  • eehckdyaxxjqhdo.com
  • eijabgcrvhynghfx.com
  • empsqyowjuvvsvrwj.com
  • eonvwoabjwow.com
  • exvpgubuxrdvhijan.com
  • faexhycctgxdl.com
  • fjaapqjsqreelq.com
  • fjegwqbvoae.com
  • fmwuiydsiqsporrgw.com
  • ftmtkcjkomqdw.com
  • fxamvtgx.com
  • fymctauygyk.com
  • gadwjccnb.com
  • gaohkehqjs.com
  • garxfslj.com
  • gggyexvskphnets.com
  • ggplhlwurkffvsfxxdh.com
  • gjkdyorakldhem.com
  • gllurecirqjdybfy.com
  • gmajhefkqm.com
  • gnmbqnxvumfclqyug.com
  • gokbwlivwvgqlretxd.com
  • google.com
  • gpngcqfqrjmfydxckai.com
  • gvjkpsip.com
  • gylgunsiciis.com
  • havonolwc.com
  • hbjgehxcf.com
  • hcegcnlr.com
  • hgbstappdn.com
  • hhtxwgap.com
  • hjxaihieibafwv.com
  • hnywdakvhxvuoeuap.com
  • hpswpjjmvccxmimedi.com
  • hrwgpaisqjtadka.com
  • htmthgurhtchwlhwklf.com
  • hvjunwdwyoypxkk.com
  • iaoaagmfylemjyq.com
  • iblgthye.com
  • ieqpusccgyvca.com
  • iibdbafng.com
  • ijjuircfabvpqh.com
  • iueenjqheehbvhpkp.com
  • ivjbicjj.com
  • jdcfoplrebamtbcqa.com
  • jiwucjyxjibyd.com
  • jkocxjytlxvytl.com
  • jlormrurxa.com
  • jmdqxtwclkxellkxgn.com
  • jpeobmbipilmwsc.com
  • jptkockakusewlaqfdt.com
  • kabywdoswjvqgdso.com
  • kbohjdsc.com
  • kfucikjlowsaypemxe.com
  • khddwukkbwhfdiufhaj.com
  • ksewxcnjo.com
  • ksynclhbmctx.com
  • ktltiueyc.com
  • kuetvxnntsk.com
  • kuftuiyxrlyrbffu.com
  • kyonhkyryembre.com
  • ldiogjdyyxacm.com
  • ldyyuwwwgw.com
  • lecgcbtmbnofr.com
  • lhvlyhgojmdtq.com
  • ljxvlmvyyqjch.com
  • lkvcgnfsyhvlugcap.com
  • llhbeoxrxoqk.com
  • lnolxrnhb.com
  • lrpvmktouq.com
  • lsawmyxqxvmogvxifm.com
  • ltqgnbgqukixovfdaoi.com
  • lvhsmwthsn.com
  • lvmmllrmkpdll.com
  • mesctomcqxdvseeesd.com
  • mfpgvhnjp.com
  • miafnrcwjddy.com
  • mmdchhrh.com
  • mmxqkwglxtdtor.com
  • mrigtuhohkbsju.com
  • mshvgpvvs.com
  • mukevipvxvrq.com
  • mvorlnmwfkayjrqfni.com
  • ncxphtrpiawmchfylsy.com
  • ndtdktwnkplaavqsfa.com
  • nfadxfjmdfvqpj.com
  • nhvfyugxtgrnk.com
  • njopiyisfxnxw.com
  • nkootxbt.com
  • nucpjoumgxmhndsob.com
  • nulthurgrjvwqokbic.com
  • nvepdnpx.com
  • nvsgajhivvn.com
  • nwakycbynypuhbpkpx.com
  • nyigwkvffift.com
  • ocwbuffwnj.com
  • omqluoghcqw.com
  • oqrmgtfyglxye.com
  • osajklwmmhjp.com
  • otfbjejwjvcno.com
  • ouljuvkvn.com
  • owjvhbqartmagudc.com
  • oxlbfdxd.com
  • pbpanibyxfajxlr.com
  • pgahbyurf.com
  • ppdbeidwufrb.com
  • pqqvrioftjalqahlo.com
  • prqerbwwjvw.com
  • ptxfoqfjjxhdnekeh.com
  • pubecchfuxgquhguye.com
  • pvgnfjpvih.com
  • qbsqnpyyooh.com
  • qdonhyqsieseoqlm.com
  • qfdufqnr.com
  • qqtxsbps.com
  • qxthcmscxhradd.com
  • rbafexvqgsmmnnvfv.com
  • rcsllpxjlsypet.com
  • riacjyielwbe.com
  • rirbqsrjqsnw.com
  • rrnuptrt.com
  • rxatjyykg.com
  • rxkcrxbkc.com
  • ryauwismekfu.com
  • shkxklmbrgcqoeh.com
  • sjolcaml.com
  • snoknwlgcwgaafbtqkt.com
  • sohwjlifxvlmfguite.com
  • spykqqdavslss.com
  • swbadolov.com
  • takpkwhluhhediie.com
  • tfgyaoingy.com
  • tfipmwkcgigiey.com
  • tiqfgpaxvmhsxtk.com
  • treayxvaoaqol.com
  • ttwiysoohhkrhl.com
  • tuddhpqmbadaaht.com
  • ubkfgwqslhqyy.com
  • udyrxoed.com
  • uhguoyhafk.com
  • ukiixagdbdkd.com
  • uoqdcxvy.com
  • uqmgwttutorxwgums.com
  • uuwqjcksfo.com
  • uxxykffflohlhskeyi.com
  • vcxkjqaswogrbmqgfyf.com
  • vomdkymumbypgiqba.com
  • voohnyqdinl.com
  • vqokjkmppvllwxuk.com
  • vqurlimfhvxttpjr.com
  • vrguyjjxorlyen.com
  • vwaeloyyutodtr.com
  • wavmiijmnswdmbuhcn.com
  • wbuvoybqnqsbmhcdcfs.com
  • wgyndijomue.com
  • wpahyhff.com
  • xfjiribvjqd.com
  • xhxiowpga.com
  • xjhhggbuufmlirsmgjx.com
  • xjxsswjhxpfekmlcwv.com
  • xllnolng.com
  • xorutrhmdjwmfcpgsvq.com
  • xpgpwjnpcgatgypiepg.com
  • xqelqiidxspuqvi.com
  • xsflgqxa.com
  • xsmhhtctdkvikelygk.com
  • xtjjsdpqjrckayml.com
  • xwrmquiqjdsxk.com
  • xyttylxriaj.com
  • yaesbfejdxs.com
  • yblmyabknhn.com
  • ybxgengtxtycjemmqng.com
  • yeokcogbbprvybwqn.com
  • yktervxj.com
  • yniktagnfeuapbkkjm.com
  • ypwubsqx.com
  • yrluloqkxujrvv.com
  • yvywhtknppwkfcfvyhj.com
  • yywtmnpgo.com

download Try Sophos products for free
Download now