Troj/Bebloh-A

Category: Viruses and Spyware Protection available since:17 Jul 2013 19:15:52 (GMT)
Type: Trojan Last Updated:17 Jul 2013 19:15:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Bebloh-A include:

Example 1

File Information

Size
129K
SHA-1
7c095541764a44e5858c0a64f4a09dab3e54aa51
MD5
b2df6e05e8868e5843d011a0eb544024
CRC-32
3c9e7f1f
File type
Windows executable
First seen
2013-07-17

Other vendor detection

Avira
TR/Crypt.XPACK.Gen2

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe
    Debugger
    winwpack.exe
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□#□`]□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\5C9ED9D1
    1819
    0x00000000
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□#□`]□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 23 d6 5d fb 82 ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 23 d6 5d fb 82 ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
HTTP Requests
  • http://www.google.com/
DNS Requests
  • bigyoheked.sendsmtp.com
  • ciheimorw.servegame.com
  • fulty.net
  • mugeipomex.sytes.net
  • raptorquest.com
  • reveck.com
  • www.google.com

Example 2

File Information

Size
221K
SHA-1
f6bdeb289ca66dd8f0880c678e8e6b61dff0331b
MD5
49c4ae59e0666e2a807d851bd6345de0
CRC-32
fb94493a
File type
Windows executable
First seen
2013-07-17

download Try Sophos products for free
Download now