Troj/Buzus-EP

Category:	Viruses and Spyware	Protection available since:	10 Sep 2010 07:19:07 (GMT)
Type:	Trojan	Last Updated:	10 Sep 2010 07:19:07 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Buzus-EP include:

Example 1

File Information

Size: 30K
SHA-1: 11ef5b112b286c041f55fa0da4feee794cd0ef6d
MD5: 4178d4607e24b68e89db188ec4cfdc71
CRC-32: d0da012a
File type: application/x-ms-dos-executable
First seen: 2010-08-23

Other vendor detection

Kaspersky: Trojan.Win32.Buzus.eyzy

Runtime Analysis

Copies Itself To

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

Dropped Files

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini

Registry Keys Created

HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
test_item.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
12CFG214-K641-12SF-N85P
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

Registry Keys Modified

HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
0x3bea8a7d

DNS Requests

p34s3.hmarhelo.com

Example 2

File Information

Size: 30K
SHA-1: 13e9905ded5a0dd48018cbf148e00249ea182736
MD5: 6b4e4bc9807bfd123ed792b203263000
CRC-32: bee155bc
File type: application/x-ms-dos-executable
First seen: 2010-11-03

Example 3

File Information

Size: 18K
SHA-1: 1eabbe1e116b9daa8cd5dcb53c1933eadd5952ae
MD5: 67f18bae46ae6db3c02dc88712320bf8
CRC-32: 1aee5075
File type: application/x-ms-dos-executable
First seen: 2010-11-02

Try Sophos products for free
Download now