Troj/DwnLdr-KNN

Category: Viruses and Spyware Protection available since:23 Jan 2013 23:52:41 (GMT)
Type: Trojan Last Updated:23 Jan 2013 23:52:41 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/DwnLdr-KNN exhibits the following characteristics:

File Information

Size
104K
SHA-1
c6542a0ef49e51db67ad42df04db13930062d809
MD5
01abe0dc85494cc8e0471c011cdd4bf9
CRC-32
7c9206a5
File type
Windows executable
First seen
2012-11-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Google Update.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\klGa
    Size
    32
    SHA-1
    906146798fe783a26cf489819f8915fd31efaba7
    MD5
    c53ffbf38dac46da3de82e24ea69ae80
    CRC-32
    5a534b79
    File type
    Data Log File (generic)
    First seen
    2012-11-19
  • c:\Documents and Settings\test user\Local Settings\Temp\tmp4.tmp
    Size
    389K
    SHA-1
    3a0795027fc8bdf364d7840a11ac79b8bd4da7fe
    MD5
    ec4f19300d8db033b5cee18634f982da
    CRC-32
    bad71752
    File type
    Windows executable
    First seen
    2012-11-19
  • c:\Documents and Settings\test user\Application Data\ns.exe
    Size
    389K
    SHA-1
    3a0795027fc8bdf364d7840a11ac79b8bd4da7fe
    MD5
    ec4f19300d8db033b5cee18634f982da
    CRC-32
    bad71752
    File type
    Windows executable
    First seen
    2012-11-19
  • c:\Documents and Settings\test user\Local Settings\Temp\tmp2.tmp
    Size
    25K
    SHA-1
    946f52aa4da2baad507c94eeffcdfd6340436067
    MD5
    e6692929636b9ee82821d1c526072a76
    CRC-32
    51c224af
    File type
    Icon for 32-bit Windows
    First seen
    2010-08-18
  • c:\Documents and Settings\test user\Application Data\gagi.exe
Registry Keys Created
  • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
    23W2EYIKYX
    November 19, 2012
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\Application Data\gagi.exe
    c:\Documents and Settings\test user\Application Data\gagi.exe:*:Enabled:Windows Messanger
  • HKCU\Software\VB and VBA Program Settings\SrvID\ID
    23W2EYIKYX
    Gagi
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Run32
    "c:\Documents and Settings\test user\Application Data\ns.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Google Update
    c:\Documents and Settings\test user\Application Data\Google Update.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\google update.exe
  • c:\Documents and Settings\test user\local settings\temp\tmp4.tmp
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
HTTP Requests
  • http://dl.dropbox.com/u/50328613/Servers/nem-s.txt
  • http://dl.dropbox.com/u/50328613/share/new2/pe.txt
  • http://supertennis.tk/tenis.exe
DNS Requests
  • 1n00bs.no-ip.biz
  • 2n00bs.no-ip.biz
  • 3n00bs.no-ip.biz
  • 4n00bs.no-ip.biz
  • 5n00bs.no-ip.biz
  • dl.dropbox.com
  • n00bs.no-ip.biz
  • supertennis.tk

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information