Troj/Buzus-HT

Category: Viruses and Spyware Protection available since:26 Aug 2013 05:41:18 (GMT)
Type: Trojan Last Updated:26 Aug 2013 05:41:18 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Buzus-HT exhibits the following characteristics:

File Information

Size
221K
SHA-1
c5d55d30882c403350631a6056950b1b9be39716
MD5
fbd495aa71473db4fb0ed2e58b39005d
CRC-32
17e407fb
File type
Windows executable
First seen
2013-08-25

Other vendor detection

Avira
TR/Dropper.Gen

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Iqsyav\isli.kon
    Size
    1.1K
    SHA-1
    5b10946013adb3b98c994387b175989f4db210ee
    MD5
    7058584e8b2c3a6206781417c86ad911
    CRC-32
    4c98c5a2
    File type
    Unspecified binary - probably data
    First seen
    2013-08-26
  • c:\Documents and Settings\test user\Application Data\Vudua\eqdoy.exe
    Size
    221K
    SHA-1
    c50adfcffda1e4f891d8bb849a5125d45ab4ab54
    MD5
    908b9c159a4b6abcd6a00f582b51fbe2
    CRC-32
    ab8716ed
    File type
    Windows executable
    First seen
    2013-08-26
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Iguls
    Ceco
    ?□□□□□□□□□#□@Z□@m□□R□□Q□□□□□□□p8□`c□□□□ c□□□□@□□□G□□□□□□□□□□@□□□□□ □□`□□□□□@□□□□□`□□p□□□□□ □□0i□□C□@□□p~□□x□p□□□p□□□□@□□`□□P3□@□□□□□□□□□□□□□□□k□□+□□□□□□□□□□□□□□q□□□□0A□□r□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {B5900658-B683-C128-79C7-9C7C8F41D583}
    "c:\Documents and Settings\test user\Application Data\Vudua\eqdoy.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    c6 7b 5a dc fb a1 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
Processes Created
  • c:\Documents and Settings\test user\application data\vudua\eqdoy.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://mdnetrn.com/kcc/cfg.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • mdnetrn.com
  • www.google.bg
  • www.google.com

download Try Sophos products for free
Download now