Troj/Buzus-EO

Category: Viruses and Spyware Protection available since:10 Sep 2010 05:31:20 (GMT)
Type: Trojan Last Updated:10 Sep 2010 05:31:20 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Buzus-EO include:

Example 1

File Information

Size
137K
SHA-1
2749217146b0a569e0ea3001fc44173fe01f7eff
MD5
4ef6ef7a17798dd44a796d315ae96aaf
CRC-32
247c49ba
File type
application/x-ms-dos-executable
First seen
2010-08-21

Example 2

File Information

Size
152K
SHA-1
5695ecd95bec686d3fd8db852903a7bde873b42a
MD5
579fe28afa2bbe0c557a921d34b0eca7
CRC-32
23768eb2
File type
application/x-ms-dos-executable
First seen
2010-08-21

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\drivers\changer.sys
  • C:\WINDOWS\system32\dllcache\ndisuio.sys
  • C:\WINDOWS\system32\dllcache\irenum.sys
  • C:\WINDOWS\system32\drivers\i2omgmt.sys
  • C:\WINDOWS\system32\dllcache\pcntpci5.sys
  • C:\WINDOWS\system32\drivers\TDPIPE.sys
  • C:\WINDOWS\system32\drivers\RDPWD.sys
  • C:\WINDOWS\system32\dllcache\ipnat.sys
  • C:\WINDOWS\system32\dllcache\modem.sys
  • C:\WINDOWS\system32\dllcache\ip6fw.sys
  • C:\WINDOWS\system32\drivers\lbrtfdc.sys
  • C:\WINDOWS\system32\drivers\Modem.sys
  • C:\WINDOWS\system32\dllcache\imapi.sys
  • C:\WINDOWS\system32\dllcache\mrxdav.sys
  • C:\WINDOWS\system32\dllcache\asyncmac.sys
  • C:\WINDOWS\system32\dllcache\changer.sys
  • C:\WINDOWS\system32\dllcache\atmarpc.sys
  • C:\WINDOWS\system32\dllcache\cdaudio.sys
  • C:\WINDOWS\system32\drivers\Cdaudio.sys
  • C:\WINDOWS\system32\dllcache\sfloppy.sys
  • C:\WINDOWS\system32\dllcache\rdpwd.sys
  • C:\WINDOWS\system32\dllcache\tdpipe.sys
  • C:\WINDOWS\system32\dllcache\tdtcp.sys
  • C:\WINDOWS\system32\drivers\TDTCP.sys
  • C:\WINDOWS\system32\dllcache\lbrtfdc.sys
  • C:\WINDOWS\system32\dllcache\i2omgmt.sys
  • c:\Documents and Settings\test user\Local Settings\Temp\3ebcb056.tmp
    Size
    23K
    SHA-1
    6fbacd5335e38a414e778f711b61e678f02eca48
    MD5
    524e2a44e33be87b8ad0ef6ee87a52a4
    CRC-32
    3b898412
    File type
    application/x-ms-dos-executable
    First seen
    2010-08-21
  • C:\WINDOWS\system32\drivers\Sfloppy.sys
  • C:\WINDOWS\system32\dllcache\ipinip.sys
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\IRENUM\Enum
    Count
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\PDFRAME\Enum
    Count
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdc\Enum
    NextInstance
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\PCIDump\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\i2omgmt\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\TDTCP\Enum
    NextInstance
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\IpNat\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\AsyncMac\Enum
    Count
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\Changer\Enum
    NextInstance
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\Atmarpc\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Ndisuio\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Ip6Fw\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\RDPWD\Enum
    NextInstance
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\PDRFRAME\Enum
    Count
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\PDRELI\Enum
    NextInstance
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd\Enum
    INITSTARTFAILED
    0x00000001
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\WDICA\Enum
    NextInstance
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\TDPIPE\Enum
    NextInstance
    0x00000000
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x4c6edf6d
Processes Created
  • c:\docume~1\support\locals~1\temp\bhrjq.exe
  • c:\docume~1\support\locals~1\temp\elfpyh.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://204.45.118.250/exc1
  • http://204.45.118.250/noi1
  • http://64.120.144.69/mybackup21.rar
  • http://cacrazy.com/dimqlweyg/kbsqlga.php
  • http://cacrazy.com/dimqlweyg/nezgb.php
  • http://cacrazy.com/dimqlweyg/qhysq.php
  • http://cacrazy.com/dimqlweyg/ridxsdls.php
  • http://cacrazy.com/dimqlweyg/vadyjelgez.php
IP Connections
  • 204.45.118.250:80
  • 64.120.144.69:80
DNS Requests
  • cacrazy.com

Example 3

File Information

Size
468K
SHA-1
b399875c0c49357fe6008dfa4d5f328246a6b700
MD5
cd8f149c7bbca13942975bfe3c97b469
CRC-32
0be458c3
File type
application/x-ms-dos-executable
First seen
2010-08-22

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy