Troj/Bckdr-ROL

Category: Viruses and Spyware Protection available since:05 Jan 2013 05:08:20 (GMT)
Type: Trojan Last Updated:05 Jan 2013 05:08:20 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Bckdr-ROL exhibits the following characteristics:

File Information

Size
21M
SHA-1
cd6b952892c217fb32ca0b64e2136bc121da3f9c
MD5
cc8ff09058d9228b29f67ada97d91203
CRC-32
451cb28f
File type
Windows executable
First seen
2011-02-03

Other vendor detection

Avira
BDS/MSIL.Agent.J.1
Kaspersky
Trojan-Dropper.MSIL.StubRC.ila

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\398explorer.exe
  • c:\Documents and Settings\test user\Application Data\78explorer.exe
Dropped Files
  • F:/Autorun.ini
    Size
    30
    SHA-1
    3040775fca8a86b8ca8e63ffc82ce34b9b522e33
    MD5
    4e5fd084f807e1e03de2f967d63f57be
    CRC-32
    8b7bda1d
    File type
    Configuration Data File (generic)
    First seen
    2011-02-24
  • C:\Settings.ini
    Size
    487
    SHA-1
    94ee81744ae7f988e8270d3b526b7d606061e5b6
    MD5
    444de413ed7e345fe7e74f14b2917597
    CRC-32
    8a197bab
    File type
    Configuration Data File (generic)
    First seen
    2010-11-03
  • c:\Documents and Settings\test user\Local Settings\Temp\333istealer Crypt.exe
    Size
    528K
    SHA-1
    0d7f46209b3201ed5ebcf0dc2d12e4c693ba9dfb
    MD5
    c75069e67f45b4e64e0651481649ef79
    CRC-32
    a10d20e9
    File type
    Windows executable
    First seen
    2011-02-23
  • c:\Documents and Settings\test user\Application Data\576explorer.exe
    Size
    436K
    SHA-1
    bfa263df0c97b074a0615fc31d4dbfce0b4c4b56
    MD5
    e8e73866c486a645012c0f696c04a613
    CRC-32
    4207254b
    File type
    Windows executable
    First seen
    2011-02-08
  • c:\Documents and Settings\test user\Application Data\BlackShadesl.exe
  • F:/iexplore.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\123blackshades Crypt.exe
    Size
    436K
    SHA-1
    bfa263df0c97b074a0615fc31d4dbfce0b4c4b56
    MD5
    e8e73866c486a645012c0f696c04a613
    CRC-32
    4207254b
    File type
    Windows executable
    First seen
    2011-02-08
  • c:\Documents and Settings\test user\Local Settings\Temp\463Office 2010 Toolkit.exe
    Size
    16M
    SHA-1
    5e844596f34b82e8a315b928c5195c73a74fc877
    MD5
    cf973e3cc9f47b5b2e3305f8b17071eb
    CRC-32
    a4c13d50
    File type
    Windows executable
    First seen
    2010-10-11
  • c:\Documents and Settings\test user\Application Data\16explorer.exe
    Size
    528K
    SHA-1
    0d7f46209b3201ed5ebcf0dc2d12e4c693ba9dfb
    MD5
    c75069e67f45b4e64e0651481649ef79
    CRC-32
    a10d20e9
    File type
    Windows executable
    First seen
    2011-02-23
Modified Files
  • %PROGRAM FILES%\Internet Explorer\iexplore.exe
    • Set the hidden and archive flags
Registry Keys Created
  • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
    DC596I04Z1
    January 5, 2013
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    16explorer.exe
    c:\Documents and Settings\test user\Application Data\16explorer.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\Application Data\BlackShadesl.exe
    c:\Documents and Settings\test user\Application Data\BlackShadesl.exe:*:Enabled:Windows Messanger
  • HKCU\Software\VB and VBA Program Settings\SrvID\ID
    DC596I04Z1
    Cobra2
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\123blackshades crypt.exe
  • c:\Documents and Settings\test user\local settings\temp\333istealer crypt.exe
  • c:\Documents and Settings\test user\local settings\temp\463office 2010 toolkit.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • zombies-no-ip.biz

download Try Sophos products for free
Download now