Troj/DelfInj-BJ

Category: Viruses and Spyware Protection available since:05 May 2013 00:13:27 (GMT)
Type: Trojan Last Updated:12 Jun 2013 22:55:22 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/DelfInj-BJ include:

Example 1

File Information

Size
220K
SHA-1
0a5acfe163e98770fac26881442efa9a64e2930f
MD5
eb29f06c757c953bc519629cf95d497d
CRC-32
67d777a0
File type
Windows executable
First seen
2013-05-28

Example 2

File Information

Size
282K
SHA-1
1329dca0b7a0b975c750bb8ae6386e7f2d1df2f6
MD5
4ff55ecf8131201f221167f896910d62
CRC-32
90f503fe
File type
Windows executable
First seen
2013-05-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Dywuow\orati.qei
    Size
    477
    SHA-1
    663b8d756db363d04a8112d424b942ab97023be0
    MD5
    d567106500b21f101df3a897b21cc626
    CRC-32
    df7922fe
    File type
    Unspecified binary - probably data
    First seen
    2013-05-03
  • c:\Documents and Settings\test user\Application Data\Kupo\nogeo.exe
    Size
    282K
    SHA-1
    2a21a24fe46a08d38d1c4bb516662231f7d3507a
    MD5
    b4925feba867139af33136c88e9ebd94
    CRC-32
    eeb7874e
    File type
    Windows executable
    First seen
    2013-05-03
  • c:\Documents and Settings\test user\Application Data\Dywuow\orati.tmp
    Size
    563
    SHA-1
    70b6d52afcc9e0adf3ae0a9fb2c28ce474a779be
    MD5
    04f0ae3c553b40f33c395d058c7e564a
    CRC-32
    7d91d1e8
    File type
    Unspecified binary - probably data
    First seen
    2013-05-03
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Toyzb
    Feylr
    □□□□□□P)□□=□`D□□□□P□□□l□□□□□1□@[□p□□P□□p□□□□□0□□□□□0□□0:□@A□P□□ 3□□□□P□□p□□□t□□□□□A□□D□□g□0□□P#□□□□P□□□D□□□□0□□□l□□□□□d□□B□pC□□□□`□□□□□□□□□□□@□□□□□0n□□T□□:□p□□@{□0□□□□□ □□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {B5900658-B683-C128-79C7-9C7C8F41D583}
    "c:\Documents and Settings\test user\Application Data\Kupo\nogeo.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    24 ab 8f 3a 53 48 ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\kupo\nogeo.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.mkarlcaj.com/kar/cfg.bin
DNS Requests
  • www.mkarlcaj.com

Example 3

File Information

Size
218K
SHA-1
19fcdfb421a9ef3c7ffc6005408ed8ac529eea9a
MD5
9d6ea071bb3a89db6301f8894faeb010
CRC-32
a29fd179
File type
Windows executable
First seen
2013-05-20

download Try Sophos products for free
Download now