Troj/Cridex-BO

Category: Viruses and Spyware Protection available since:11 Apr 2013 16:19:27 (GMT)
Type: Trojan Last Updated:11 Apr 2013 16:19:27 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Cridex-BO exhibits the following characteristics:

File Information

Size
300K
SHA-1
7aa2f67d8f1bfb4949927095d3780e5263943120
MD5
9442bb179e22aa7c2198f830e5b51bce
CRC-32
ad72bcab
File type
Windows executable
First seen
2013-04-11

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\KB00674719.exe
    Size
    166K
    SHA-1
    0bd32fd1bbe39b441b59ee540d89885f36fb6254
    MD5
    9bd8070129b543ce0f34bcdc02be8598
    CRC-32
    c3625c70
    File type
    Windows executable
    First seen
    2013-04-11
  • c:\Documents and Settings\test user\Recent\WINDOWS.lnk
  • C:\WINDOWS\1.jpg
    Size
    71K
    SHA-1
    5d75df26d3a11266b8b3b2f3a2bbdcae780e290c
    MD5
    93faf3d2425d7ed3ad4f5f5c6fe78ed8
    CRC-32
    0b3cb455
    File type
    JPEG Interchange Format
    First seen
    2013-04-11
  • c:\Documents and Settings\test user\Recent\1.jpg.lnk
    Size
    486
    SHA-1
    a6eca31cebb24883fd7efef590d73e42c20ad4c4
    MD5
    598f808b5972188900e7a76ab84b0c4d
    CRC-32
    7d2d4b52
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-04-11
  • C:\WINDOWS\start.bat
    Size
    52
    SHA-1
    89bbfa4f5af2a0d4fb45a56549db6afbbb88c2fc
    MD5
    15c74597fd793fedd762e10116911ee0
    CRC-32
    044bc055
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-11
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
    {1D2680C9-0E2A-469D-B787-065558BC7D43} {000214E6-0000-0000-C000-000000000046} 0x401
    □□□□□□□l□□|□□V□P□□P6□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013041120130412
    CacheRepair
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    3
    W□□□□□□□□@□□□□□p□□0□□□□□□□□ □□□□□□□□□□□□□□□□□pI□□D□□W□0.□□n□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□p□□□□□□□□@□□□□□p□□0□□□□□□□□□□□□□□□□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg
    MRUListEx
    □□□□□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    KB00674719.exe
    "c:\Documents and Settings\test user\Application Data\KB00674719.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    7
    W□□□□□□□□@□□□□□p□□0□□□□□□□□ □□□□□□□□□□□□□□□□□pI□□D□□W□0.□□n□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□p□□□□□□□□@□□□□□p□□0□□□□□□□□□□□□□□□□□□□□□□□
  • HKCU\Software\WinRAR SFX
    C%%WINDOWS
    C:\WINDOWS
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    MRUListEx
    07 00 00 00 06 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    MRUListEx
    03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
Processes Created
  • c:\Documents and Settings\test user\application data\kb00674719.exe
  • c:\windows\1.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\rundll32.exe
  • c:\windows\system32\verclsid.exe
DNS Requests
  • allandnew.ru
  • belimbelom.ru
  • freehomeforyou.ru
  • sectionone1.ru

download Try Sophos products for free
Download now