Troj/Banker-FVS

Category: Viruses and Spyware Protection available since:22 Jun 2013 13:44:32 (GMT)
Type: Trojan Last Updated:22 Jun 2013 13:44:32 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Banker-FVS include:

Example 1

File Information

Size
1.7M
SHA-1
7499a1fbd0cb856e10cc20ee35056642439809d6
MD5
64b2f6c4b54c74b499c307e53965a9ee
CRC-32
e89b4750
File type
Windows executable
First seen
2013-06-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Install.exe
    Size
    1.5M
    SHA-1
    86f187f4eed7de4f3d796ddc38aac541c88a72c2
    MD5
    d54278b3884d2861c0d4aa176653ed78
    CRC-32
    2ab55947
    File type
    application/x-ms-dos-executable
    First seen
    2013-06-08
  • c:\Documents and Settings\test user\Application Data\start.exe
    Size
    666K
    SHA-1
    e23d8dae2178b856faa9a47ed495167156f94281
    MD5
    435524f9b0aee874dea583cb82a3553c
    CRC-32
    0e276a6f
    File type
    Windows executable
    First seen
    2013-06-21
  • c:\Documents and Settings\test user\Application Data\Open2.bat
    Size
    121
    SHA-1
    d0e20a9f81b9f20bf1e235a5d2844722323786aa
    MD5
    095daf02cec22218f0d62e12ad18149b
    CRC-32
    63972d73
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-06-22
  • c:\Documents and Settings\test user\Application Data\Skype.cpl
    Size
    148K
    SHA-1
    edd6f2a735cd844640b24bb08a531f0dce056069
    MD5
    7592993ff4325f7418e6b7528574be78
    CRC-32
    edca2619
    File type
    Windows executable
    First seen
    2013-06-21
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013062220130623
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Skype\Phone\UI\General
    SkypeSetup
    SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
  • HKLM\SOFTWARE\Skype\Phone\UI
    InstallExitCode
    0x0000c357
  • HKLM\SOFTWARE\Skype\Installer
    DownloadETag
Processes Created
  • c:\Documents and Settings\test user\application data\install.exe
  • c:\Documents and Settings\test user\application data\start.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\rundll32.exe
HTTP Requests
  • http://ui.skype.com/ui/0/6.5.0.158/en/lightinstaller
  • http://www.emuto.pl/templates/atomic/language/en-GB/teste.zip
  • http://www.skype.com/go/downloading
DNS Requests
  • ui.skype.com
  • www.emuto.pl
  • www.skype.com

Example 2

File Information

Size
121
SHA-1
d0e20a9f81b9f20bf1e235a5d2844722323786aa
MD5
095daf02cec22218f0d62e12ad18149b
CRC-32
63972d73
File type
ASCII text / 8-bit Unicode Transformation Format
First seen
2013-06-22

Example 3

File Information

Size
666K
SHA-1
e23d8dae2178b856faa9a47ed495167156f94281
MD5
435524f9b0aee874dea583cb82a3553c
CRC-32
0e276a6f
File type
Windows executable
First seen
2013-06-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\tmp.zip
    Size
    417
    SHA-1
    8d456a3edde4938e81c029ddcf3902501617516c
    MD5
    fd3140b6c65c61b546e9176f7523fd75
    CRC-32
    76a19d08
    File type
    Hypertext Markup Language
    First seen
    2013-06-22
HTTP Requests
  • http://www.emuto.pl/templates/atomic/language/en-GB/teste.zip
DNS Requests
  • www.emuto.pl

download Try Sophos products for free
Download now