Troj/Dloadr-DTH

Category: Viruses and Spyware Protection available since:29 Sep 2013 00:22:10 (GMT)
Type: Trojan Last Updated:29 Sep 2013 00:22:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Dloadr-DTH include:

Example 1

File Information

Size
24K
SHA-1
5fb75e57f496e62190e5e657061617da7dbbe370
MD5
cd129356570194026d43e6f47129e3b5
CRC-32
87401a81
File type
Windows executable
First seen
2013-09-24

Example 2

File Information

Size
1.6M
SHA-1
c68277cd78007b020261b119bacff72b7fc3c370
MD5
3df815da2790296e02e7957ee4a2d883
CRC-32
82e38424
File type
Visual Basic Script
First seen
2013-09-28

Example 3

File Information

Size
19M
SHA-1
cb08fd2d1b825e3b51ebe4901e9189db1e48be75
MD5
cd110268580ab04231179d31ab63d978
CRC-32
0d1775c2
File type
Windows executable
First seen
2013-09-28

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\OYYGP\BUIQU
    Size
    33K
    SHA-1
    5842ab362472731cdc81bb211a9e7338ecbc4fad
    MD5
    4882361d3c2c4ce2c58659d2c83208f9
    CRC-32
    c5c3c9c9
    File type
    Unspecified binary - probably data
    First seen
    2013-09-28
  • c:\Documents and Settings\test user\Local Settings\Temp\got.exe
    Size
    939K
    SHA-1
    730ff16b996fb1896930fe6c0538bfbb5d1eb29d
    MD5
    3ea54741b525afab45c9f94482f2dac5
    CRC-32
    b3a96d6a
    File type
    Windows executable
    First seen
    2013-09-28
  • c:\Documents and Settings\test user\OYYGP\IWBUZ.exe
    Size
    733K
    SHA-1
    cae4e8c730de5a01d30aabeb3e5cb2136090ed8d
    MD5
    71d8f6d5dc35517275bc38ebcc815f9f
    CRC-32
    4aca8fdb
    File type
    Windows executable
    First seen
    2012-01-31
  • c:\Documents and Settings\test user\OYYGP\TWNMJ
    Size
    1.1K
    SHA-1
    91054b30f93017d6cfe96701ea8e4f09c80866c2
    MD5
    10aac20a9532c596a6823a7806ed0b8e
    CRC-32
    a62aa268
    File type
    Unspecified binary - probably data
    First seen
    2013-09-28
  • c:\Documents and Settings\test user\OYYGP\FFEUL
    Size
    14K
    SHA-1
    8452383f70ae4530ec735a276a21e8e2f976dda9
    MD5
    74d7deb179c66784bf1c0c0fc7b01d6e
    CRC-32
    d68637c9
    File type
    Unspecified binary - probably data
    First seen
    2013-09-28
  • c:\Documents and Settings\test user\OYYGP\NFDGZBYYNJ-YFIWI-PGMHMSLGVC.vbe
    Size
    1.6M
    SHA-1
    c68277cd78007b020261b119bacff72b7fc3c370
    MD5
    3df815da2790296e02e7957ee4a2d883
    CRC-32
    82e38424
    File type
    Visual Basic Script
    First seen
    2013-09-28
  • c:\Documents and Settings\test user\Cookies\ekerturizm.exe
    Size
    24K
    SHA-1
    5fb75e57f496e62190e5e657061617da7dbbe370
    MD5
    cd129356570194026d43e6f47129e3b5
    CRC-32
    87401a81
    File type
    Windows executable
    First seen
    2013-09-24
  • c:\Documents and Settings\test user\OYYGP\GQSYH
    Size
    2.3K
    SHA-1
    e9092e86fcaff96c88dd479170b8a39eb308affc
    MD5
    a749a4ebad5c07536782d2fcbdf5ecab
    CRC-32
    26b7fa0c
    File type
    Unspecified binary - probably data
    First seen
    2013-09-13
  • c:\Documents and Settings\test user\OYYGP\YMQGIX
    Size
    102K
    SHA-1
    02b16d04332188e1fa33bcb9693bdae4205a535f
    MD5
    a2a2304848104e707fc22076f285d83a
    CRC-32
    cd14e4ab
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-09-28
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    HideFileExt
    0x00000001
Processes Created
  • c:\Documents and Settings\test user\cookies\ekerturizm.exe
  • c:\Documents and Settings\test user\local settings\temp\got.exe
  • c:\docume~1\support\oyygp\iwbuz.exe
  • c:\windows\system32\mshta.exe
  • c:\windows\system32\wscript.exe
HTTP Requests
  • http://ekerturizm.com/Uploads/Slide/got.exe
  • http://ekerturizm.com/Uploads/Slide/parit.exe
  • http://ekerturizm.com/Uploads/Slide/selokan.exe
DNS Requests
  • ekerturizm.com

download Try Sophos products for free
Download now