Troj/DwnLdr-KTV

Category: Viruses and Spyware Protection available since:26 Apr 2013 15:26:05 (GMT)
Type: Trojan Last Updated:26 Apr 2013 15:26:05 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/DwnLdr-KTV exhibits the following characteristics:

File Information

Size
910K
SHA-1
02445acf385968739df11f15ecf100b19c8cf7ea
MD5
2ea73c6311de96edc337bcbfc91e8254
CRC-32
92252e89
File type
Windows executable
First seen
2013-04-21

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Efeq\alym.lew
    Size
    477
    SHA-1
    75fdbc067b37ab0a0fdd4315152591bbc7082cad
    MD5
    3661761421c2d68266509e0dac9b1eac
    CRC-32
    c1d5cddf
    File type
    Unspecified binary - probably data
    First seen
    2013-04-26
  • c:\Documents and Settings\test user\Application Data\Qougmi\kohoc.exe
    Size
    910K
    SHA-1
    5d56b0402790c77eeb4ecb707c2a038179fdc1d7
    MD5
    efa90d1b2a1795a37eb0b80e401f0d6c
    CRC-32
    dcc9045f
    File type
    Windows executable
    First seen
    2013-04-26
  • c:\Documents and Settings\test user\Application Data\Efeq\alym.tmp
    Size
    563
    SHA-1
    e52034a6a9ba4306480549693e3e2da20e3812ed
    MD5
    72f7bc142df18f4ee4a4b890376b61d5
    CRC-32
    66c831c6
    File type
    Unspecified binary - probably data
    First seen
    2013-04-26
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Yteciz
    Ycdyhoow
    F□□□□□□□□□□□`□□`6□px□`e□@□□PY□□□□□□□@□□0□□□E□□□□□&□ M□0q□`9□□Q□□□□□□□@□□@□□ S□□T□□□□□Z□□□□0D□0'□□□□□□□□□□□@□□□□□□□@□□□f□`□□P□□□□□□□□□□□□□□□□□pk□P□□□□□□*□0$□ -□□|□□□□□□□@□□0□□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {B5900658-B683-C128-79C7-9C7C8F41D583}
    "c:\Documents and Settings\test user\Application Data\Qougmi\kohoc.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    12 45 86 22 7a 42 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\qougmi\kohoc.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://lugosi.us/sun/cfg.bin
DNS Requests
  • lugosi.us

download Try Sophos products for free
Download now