Troj/DwnLdr-KNW

Category: Viruses and Spyware Protection available since:24 Jan 2013 23:57:39 (GMT)
Type: Trojan Last Updated:24 Jan 2013 23:57:39 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/DwnLdr-KNW include:

Example 1

File Information

Size
61K
SHA-1
8d427515a9106318afb133631b78bbe46728c43a
MD5
22b4da85e17ee47b876d08f282dba1a6
CRC-32
336a8641
File type
Windows executable
First seen
2011-09-04

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\dqhbchpo.exe
Dropped Files
  • C:\sample.txt
    Size
    175
    SHA-1
    af9e3e882d554b5d75d9ce11d6bb56b14f647997
    MD5
    6df96747865541d31b550ecb76b0f76b
    CRC-32
    c025c59a
    File type
    Unspecified binary - probably data
    First seen
    2012-12-31
Processes Created
  • c:\windows\system32\notepad.exe
  • c:\windows\system32\svchost.exe
IP Connections
  • 109.75.184.192:8080
  • 118.97.15.13:8080
  • 173.255.203.178:8080
  • 175.45.142.15:8080
  • 190.111.176.13:8080
  • 202.169.224.202:8080
  • 217.11.63.194:8080
  • 46.163.77.229:8080
  • 46.4.178.174:8080
  • 66.232.145.174:6667
  • 66.84.10.68:8080
  • 72.29.84.159:60000
  • 80.90.198.43:8080
  • 81.93.248.152:8080
  • 82.113.204.228:8080
  • 85.197.78.70:8080
  • 85.214.22.38:8080
  • 85.214.50.161:8080
  • 88.40.201.187:8080

Example 2

File Information

Size
106K
SHA-1
ee338ef28ce8c2c791664d497a1a804f8c7b13ac
MD5
c54e87c7d618bff8be2a2a5b376cd7a5
CRC-32
a3183cdd
File type
Windows executable
First seen
2013-01-24

download Try Sophos products for free
Download now