Troj/DBotMem-B

Category: Viruses and Spyware Protection available since:13 Mar 2012 16:58:05 (GMT)
Type: Trojan Last Updated:19 Jun 2014 08:50:12 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/DBotMem-B include:

Example 1

File Information

Size
161K
SHA-1
08a6ac1488803ee7e6eb257d54fcd0aef6978f55
MD5
acf5e4494f06e12a48ea62f520e8cbb9
CRC-32
6db9531e
File type
Windows executable
First seen
2013-09-17

Runtime Analysis

Copies Itself To
  • F:/SItSSrXMSDaXfgM.exe
  • c:\Documents and Settings\test user\Application Data\ScreenSaverPro.scr
  • c:\Documents and Settings\test user\Application Data\temp.bin
Dropped Files
  • C:\WINDOWS\wiaservc.log
    Size
    50
    SHA-1
    5f80aac6d6b0aef71581fdd847e8d862d952b51b
    MD5
    5697df482074e45d8e436a564e821e2d
    CRC-32
    e9b45da5
    File type
    application/octet-stream
    First seen
    2014-06-13
  • C:\WINDOWS\wiadebug.log
    Size
    159
    SHA-1
    0fb17be6fea976441c662a84f89c8cfbfa054d1b
    MD5
    7e089654c115a53f544b5ab330dd027b
    CRC-32
    22a60765
    File type
    application/octet-stream
    First seen
    2014-06-13
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Screen Saver Pro 3.1
    c:\Documents and Settings\test user\Application Data\ScreenSaverPro.scr
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
Processes Created
  • c:\windows\system32\mspaint.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://app.wipmania.net/icon/n.api
DNS Requests
  • app.wipmania.net

Example 2

File Information

Size
111K
SHA-1
090e7c693dd705c328c6797dbd5c4cd86d9d862f
MD5
3085d88529ac71899c54c58b6259dc32
CRC-32
6e328aaf
File type
Windows executable
First seen
2013-12-09

Runtime Analysis

Copies Itself To
  • F:/SItSSrXMSDaXfgM.exe
  • c:\Documents and Settings\test user\Application Data\c731200
  • c:\Documents and Settings\test user\Local Settings\Temp\Adobe\Reader_sl.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\c731200
    Size
    9
    SHA-1
    5f30369cfaac0f95940432af03ea142c4d0306a6
    MD5
    76a4e1315fb1509a5945f373944ff4a6
    CRC-32
    ba1c3eef
    File type
    application/octet-stream
    First seen
    2014-06-15
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Adobe System Incorporated
    C:\DOCUME~1\support\LOCALS~1\Temp\Adobe\Reader_sl.exe
Processes Created
  • c:\windows\system32\calc.exe
  • c:\windows\system32\charmap.exe
  • c:\windows\system32\notepad.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://api.wipmania.com/
DNS Requests
  • a.adoyou1understandme42.com
  • a.aiphon1egalaxyblack42.com
  • a.ajjjqws1fkxx42.com
  • a.amous1epadsafa42.com
  • api.wipmania.com

Example 3

File Information

Size
124K
SHA-1
0acc0a6a89a3034b6cf6b52f757ac86e3b8f22b5
MD5
5fee227e42517e429718d6b79e0dde40
CRC-32
5fc248d8
File type
Windows executable
First seen
2013-04-17

Runtime Analysis

Copies Itself To
  • F:/SItSSrXMSDaXfgM.exe
  • c:\Documents and Settings\test user\Application Data\ScreenSaverPro.scr
  • c:\Documents and Settings\test user\Application Data\temp.bin
Dropped Files
  • C:\WINDOWS\wiadebug.log
    Size
    157
    SHA-1
    bd19b8932f8e15c2c6b6195729d0e7be904ce695
    MD5
    5ca098f63e7540415bbb6ca435075c71
    CRC-32
    a80cf1c7
    File type
    application/octet-stream
    First seen
    2014-06-13
  • C:\WINDOWS\wiaservc.log
    Size
    50
    SHA-1
    5407d262023435f57bc87e287f0b50b54c0db9c3
    MD5
    1a9b7da637667196a466777b07329112
    CRC-32
    fccf22c5
    File type
    application/octet-stream
    First seen
    2014-06-13
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Screen Saver Pro 3.1
    c:\Documents and Settings\test user\Application Data\ScreenSaverPro.scr
Processes Created
  • c:\windows\system32\mspaint.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://api.wipmania.com/
DNS Requests
  • api.wipmania.com
  • e.balkrev.com
  • e.joyyven.com
  • e.lartanato.com

download Try Sophos products for free
Download now