Troj/Banspy-S exhibits the following characteristics:
File Information
- Size
- 1.9M
- SHA-1
- 82fb410e88d19c43e1e8db81e9c3a5629a84e47a
- MD5
- c537c4ddcc6f5567028059899ca9ba33
- CRC-32
- 18ebf69f
- File type
- Windows executable
- First seen
- 2012-12-05
Other vendor detection
- Kaspersky
- HEUR:Packed.Win32.Black.f
Runtime Analysis
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{391324CF-3852-4891-8240-B87C9B93A859}
- NoExplorer
- 0x00000001
- HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT
- iexplore.exe
- 0x00000001
- HKCR\CLSID\{391324CF-3852-4891-8240-B87C9B93A859}
- (Default)
- HKLM\SOFTWARE\Licenses
- {01E98067EA9E38090}
- V>□□□□□□□p□□□□□0□□□□□@□□□+□□n□□□□P□□□□□□□□□□□□#□□□□00□p□□□`□@□□PB□0□□P`□@□□□V□@□□□□□0.□□b□□5□□□□P□□□}□□□□ -□□□□□□□□]□□□□□□□□□□□□□□□□□y□p9□□□□□]□□□□□□□□□□□□□□;□□□□@□□□□□@□□□□□□i□ □□`□□@~□
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\EXT\CLSID
- {391324CF-3852-4891-8240-B87C9B93A859}
- 1□□□
- HKCR\CLSID\{8F577DD6-A889-B773-13C5-1FBA13C51FBA}
- (Default)
- Microsoft Shell Folder AutoComplete List
- HKCR\CLSID\{8F577DD6-A889-B773-13C5-1FBA13C51FBA}\InProcServer32
- ThreadingModel
- Apartment
- HKCR\CLSID\{391324CF-3852-4891-8240-B87C9B93A859}\InprocServer32
- ThreadingModel
- Apartment