Troj/Bublik-AA

Category: Viruses and Spyware Protection available since:04 Feb 2013 23:23:57 (GMT)
Type: Trojan Last Updated:01 May 2013 22:46:21 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Bublik-AA include:

Example 1

File Information

Size
190K
SHA-1
00949b327c2f4cd1f8cd988152da47ecd1dd3c19
MD5
94d33770473fb92d25fcf54fba1489ab
CRC-32
eee76014
File type
Windows executable
First seen
2013-01-26

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe
    Debugger
    videodf.exe
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\5C9ED9D1
    1819
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□)□□3□□'□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□)□□3□□'□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 80 29 8f 33 6a 27 ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 80 29 8f 33 6a 27 ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
HTTP Requests
  • http://google.com/
DNS Requests
  • advstar.com
  • datty.net
  • drodhefh.sytes.net
  • gombis.net
  • google.com
  • rowbdyer.my03.com
  • xhrowndh.myftp.org

Example 2

File Information

Size
222K
SHA-1
258dcd26581578fae2001f54e8861f7da7de2484
MD5
dc2f1263b46dfcf3f0cc132952501004
CRC-32
64745fe8
File type
Windows executable
First seen
2007-07-28

Example 3

File Information

Size
190K
SHA-1
2c9169439ad5c417039e00fab4de4a53d5264dd5
MD5
12117088cf01b3c8f404b656048a40dd
CRC-32
4ce7a209
File type
Windows executable
First seen
2013-01-26

Runtime Analysis

Registry Keys Created
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□@F□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\5C9ED9D1
    1819
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□@F□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe
    Debugger
    winqruser.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 80 16 5a cc a4 46 ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 80 16 5a cc a4 46 ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
HTTP Requests
  • http://google.com/
DNS Requests
  • cyaldibet.mrbasic.com
  • dnogrunvrein.sytes.net
  • gellax.com
  • google.com
  • gundireun.servegame.com
  • hediem.net
  • idore.net

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information