Troj/DotNet-F

Category: Viruses and Spyware Protection available since:17 Jan 2013 03:09:40 (GMT)
Type: Trojan Last Updated:04 Jun 2013 19:00:15 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/DotNet-F include:

Example 1

File Information

Size
399K
SHA-1
000c47fd91a04354e8c337b3cc7bae3fc4dc98dd
MD5
46c2f5369d7c7fae5d468e113efbe39f
CRC-32
f1b2d2d7
File type
Windows executable
First seen
2007-04-11

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\kamiz-tu-soule.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\supportlog.dat
  • c:\Documents and Settings\test user\Application Data\svchost.exe
    Size
    1.5K
    SHA-1
    d7e6737ec0d1c478a9d0bd6df20e33e0f410a014
    MD5
    0856a2a6089ef9046f78b1e45f5d8162
    CRC-32
    70632a6f
    File type
    Windows executable
    First seen
    2012-04-12
  • c:\Documents and Settings\test user\Local Settings\Temp\support7
    Size
    8
    SHA-1
    b69d6d238ab09f9ed5d5c30051c032ab69eaf417
    MD5
    354c5917ab5d0e501e5bbeaad7217ad6
    CRC-32
    9b3bac4a
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-05-03
  • c:\Documents and Settings\test user\Local Settings\Temp\support8
    Size
    8
    SHA-1
    0e48f5e8efbbdd5c6eac1188f33f4a4ab1078e55
    MD5
    c62a05e7120f89e1a80f3d5d8b8fd498
    CRC-32
    7535cd66
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-05-03
  • C:\WINDOWS\system32\Windows\svchost.exe
    Size
    1.5K
    SHA-1
    d7e6737ec0d1c478a9d0bd6df20e33e0f410a014
    MD5
    0856a2a6089ef9046f78b1e45f5d8162
    CRC-32
    70632a6f
    File type
    Windows executable
    First seen
    2012-04-12
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    HKCU
    C:\WINDOWS\system32\Windows\svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKLM
    C:\WINDOWS\system32\Windows\svchost.exe
  • HKCU\Software\kamiz
    NewGroup
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Policies
    C:\WINDOWS\system32\Windows\svchost.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    explorer.exe
    c:\Documents and Settings\test user\Application Data\kamiz-tu-soule.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    Policies
    C:\WINDOWS\system32\Windows\svchost.exe
Processes Created
  • c:\Documents and Settings\test user\application data\svchost.exe
  • c:\windows\system32\windows\svchost.exe
DNS Requests
  • kamize.no-ip.org

Example 2

File Information

Size
786K
SHA-1
005fb693680f72af92e5f4edc6e1eee9f94409e1
MD5
ce8f2dc458595da562840879f03504ce
CRC-32
e6712a02
File type
Windows executable
First seen
2012-04-21

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\RecoSheik.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    WinSteup
    c:\Documents and Settings\test user\Application Data\RecoSheik.exe
Processes Created
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
DNS Requests
  • blackshades.ru

Example 3

File Information

Size
141K
SHA-1
01141de44260e3e0ab5ffe41a118f20c203f1119
MD5
a96b649dc05be0912b3a03a8891b2bfb
CRC-32
d728ec5b
File type
Windows executable
First seen
2012-02-23

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\steal.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Startup Name
    c:\Documents and Settings\test user\Application Data\steal.exe

download Try Sophos products for free
Download now