Examples of Troj/DotNet-F include:
Example 1
File Information
- Size
- 399K
- SHA-1
- 000c47fd91a04354e8c337b3cc7bae3fc4dc98dd
- MD5
- 46c2f5369d7c7fae5d468e113efbe39f
- CRC-32
- f1b2d2d7
- File type
- Windows executable
- First seen
- 2007-04-11
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\kamiz-tu-soule.exe
Dropped Files
- c:\Documents and Settings\test user\Application Data\supportlog.dat
- c:\Documents and Settings\test user\Application Data\svchost.exe
- Size
- 1.5K
- SHA-1
- d7e6737ec0d1c478a9d0bd6df20e33e0f410a014
- MD5
- 0856a2a6089ef9046f78b1e45f5d8162
- CRC-32
- 70632a6f
- File type
- Windows executable
- First seen
- 2012-04-12
- c:\Documents and Settings\test user\Local Settings\Temp\support7
- Size
- 8
- SHA-1
- b69d6d238ab09f9ed5d5c30051c032ab69eaf417
- MD5
- 354c5917ab5d0e501e5bbeaad7217ad6
- CRC-32
- 9b3bac4a
- File type
- ASCII text / 8-bit Unicode Transformation Format
- First seen
- 2012-05-03
- c:\Documents and Settings\test user\Local Settings\Temp\support8
- Size
- 8
- SHA-1
- 0e48f5e8efbbdd5c6eac1188f33f4a4ab1078e55
- MD5
- c62a05e7120f89e1a80f3d5d8b8fd498
- CRC-32
- 7535cd66
- File type
- ASCII text / 8-bit Unicode Transformation Format
- First seen
- 2012-05-03
- C:\WINDOWS\system32\Windows\svchost.exe
- Size
- 1.5K
- SHA-1
- d7e6737ec0d1c478a9d0bd6df20e33e0f410a014
- MD5
- 0856a2a6089ef9046f78b1e45f5d8162
- CRC-32
- 70632a6f
- File type
- Windows executable
- First seen
- 2012-04-12
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- HKCU
- C:\WINDOWS\system32\Windows\svchost.exe
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM
- C:\WINDOWS\system32\Windows\svchost.exe
- HKCU\Software\kamiz
- NewGroup
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
- Policies
- C:\WINDOWS\system32\Windows\svchost.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
- explorer.exe
- c:\Documents and Settings\test user\Application Data\kamiz-tu-soule.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- Policies
- C:\WINDOWS\system32\Windows\svchost.exe
Processes Created
- c:\Documents and Settings\test user\application data\svchost.exe
- c:\windows\system32\windows\svchost.exe
DNS Requests
Example 2
File Information
- Size
- 786K
- SHA-1
- 005fb693680f72af92e5f4edc6e1eee9f94409e1
- MD5
- ce8f2dc458595da562840879f03504ce
- CRC-32
- e6712a02
- File type
- Windows executable
- First seen
- 2012-04-21
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\RecoSheik.exe
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- WinSteup
- c:\Documents and Settings\test user\Application Data\RecoSheik.exe
Processes Created
- c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
DNS Requests
Example 3
File Information
- Size
- 141K
- SHA-1
- 01141de44260e3e0ab5ffe41a118f20c203f1119
- MD5
- a96b649dc05be0912b3a03a8891b2bfb
- CRC-32
- d728ec5b
- File type
- Windows executable
- First seen
- 2012-02-23
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\steal.exe
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Startup Name
- c:\Documents and Settings\test user\Application Data\steal.exe