Troj/Bckdr-ROL exhibits the following characteristics:
File Information
- Size
- 21M
- SHA-1
- cd6b952892c217fb32ca0b64e2136bc121da3f9c
- MD5
- cc8ff09058d9228b29f67ada97d91203
- CRC-32
- 451cb28f
- File type
- Windows executable
- First seen
- 2011-02-03
Other vendor detection
- Avira
- BDS/MSIL.Agent.J.1
- Kaspersky
- Trojan-Dropper.MSIL.StubRC.ila
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\398explorer.exe
- c:\Documents and Settings\test user\Application Data\78explorer.exe
Dropped Files
- F:/Autorun.ini
- Size
- 30
- SHA-1
- 3040775fca8a86b8ca8e63ffc82ce34b9b522e33
- MD5
- 4e5fd084f807e1e03de2f967d63f57be
- CRC-32
- 8b7bda1d
- File type
- Configuration Data File (generic)
- First seen
- 2011-02-24
- C:\Settings.ini
- Size
- 487
- SHA-1
- 94ee81744ae7f988e8270d3b526b7d606061e5b6
- MD5
- 444de413ed7e345fe7e74f14b2917597
- CRC-32
- 8a197bab
- File type
- Configuration Data File (generic)
- First seen
- 2010-11-03
- c:\Documents and Settings\test user\Local Settings\Temp\333istealer Crypt.exe
- Size
- 528K
- SHA-1
- 0d7f46209b3201ed5ebcf0dc2d12e4c693ba9dfb
- MD5
- c75069e67f45b4e64e0651481649ef79
- CRC-32
- a10d20e9
- File type
- Windows executable
- First seen
- 2011-02-23
- c:\Documents and Settings\test user\Application Data\576explorer.exe
- Size
- 436K
- SHA-1
- bfa263df0c97b074a0615fc31d4dbfce0b4c4b56
- MD5
- e8e73866c486a645012c0f696c04a613
- CRC-32
- 4207254b
- File type
- Windows executable
- First seen
- 2011-02-08
- c:\Documents and Settings\test user\Application Data\BlackShadesl.exe
- F:/iexplore.exe
- c:\Documents and Settings\test user\Local Settings\Temp\123blackshades Crypt.exe
- Size
- 436K
- SHA-1
- bfa263df0c97b074a0615fc31d4dbfce0b4c4b56
- MD5
- e8e73866c486a645012c0f696c04a613
- CRC-32
- 4207254b
- File type
- Windows executable
- First seen
- 2011-02-08
- c:\Documents and Settings\test user\Local Settings\Temp\463Office 2010 Toolkit.exe
- Size
- 16M
- SHA-1
- 5e844596f34b82e8a315b928c5195c73a74fc877
- MD5
- cf973e3cc9f47b5b2e3305f8b17071eb
- CRC-32
- a4c13d50
- File type
- Windows executable
- First seen
- 2010-10-11
- c:\Documents and Settings\test user\Application Data\16explorer.exe
- Size
- 528K
- SHA-1
- 0d7f46209b3201ed5ebcf0dc2d12e4c693ba9dfb
- MD5
- c75069e67f45b4e64e0651481649ef79
- CRC-32
- a10d20e9
- File type
- Windows executable
- First seen
- 2011-02-23
Modified Files
- %PROGRAM FILES%\Internet Explorer\iexplore.exe
- Set the hidden and archive flags
Registry Keys Created
- HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
- DC596I04Z1
- January 5, 2013
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- 16explorer.exe
- c:\Documents and Settings\test user\Application Data\16explorer.exe
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- c:\Documents and Settings\test user\Application Data\BlackShadesl.exe
- c:\Documents and Settings\test user\Application Data\BlackShadesl.exe:*:Enabled:Windows Messanger
- HKCU\Software\VB and VBA Program Settings\SrvID\ID
- DC596I04Z1
- Cobra2
Registry Keys Modified
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions
- 0x00000000
Processes Created
- c:\Documents and Settings\test user\local settings\temp\123blackshades crypt.exe
- c:\Documents and Settings\test user\local settings\temp\333istealer crypt.exe
- c:\Documents and Settings\test user\local settings\temp\463office 2010 toolkit.exe
- c:\windows\microsoft.net\framework\v2.0.50727\csc.exe
- c:\windows\microsoft.net\framework\v2.0.50727\cvtres.exe
- c:\windows\system32\cmd.exe
- c:\windows\system32\reg.exe
DNS Requests