Troj/EncPk-AH

Category: Viruses and Spyware Protection available since:05 Mar 2014 00:52:56 (GMT)
Type: Trojan Last Updated:05 Mar 2014 00:52:56 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/EncPk-AH include:

Example 1

File Information

Size
322K
SHA-1
eb290982e5ad5d56beaeab0a8106f6695e55c8d4
MD5
89dc712584fa0f871dc5066cfc162e1f
CRC-32
a9d76fe7
File type
Windows executable
First seen
2014-03-04

Example 2

File Information

Size
322K
SHA-1
160fc14ff9e72ea6b28a6335de2a04a0932c04e2
MD5
862603d0518e85c9744a2f670599b140
CRC-32
090f83df
File type
Windows executable
First seen
2014-03-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\MicrosoftStart.exe
    Size
    322K
    SHA-1
    0dd06a0950bc31d4657e57e35b87bfabf0ae08c1
    MD5
    3f4cabf6e782bdca36874e7252496bbf
    CRC-32
    a4483227
    File type
    Windows executable
    First seen
    2014-03-04
  • c:\Documents and Settings\test user\Application Data\Microsoft\Kaobu
    Size
    1.4K
    SHA-1
    2a58fcf9764852a12681eed2493538c3c95d89a3
    MD5
    89517ca6465ac4eeadcec41cef0a48b5
    CRC-32
    e43eaaf4
    File type
    Unspecified binary - probably data
    First seen
    2014-03-04
  • c:\Documents and Settings\test user\Application Data\Adobe\UseAdobe.exe
    Size
    322K
    SHA-1
    eb290982e5ad5d56beaeab0a8106f6695e55c8d4
    MD5
    89dc712584fa0f871dc5066cfc162e1f
    CRC-32
    a9d76fe7
    File type
    Windows executable
    First seen
    2014-03-04
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\UseAdobe
    fWdc]\[r
    □□□□□□`□□□□□□□□0□□□-□□□□□□□□□□□□□@□□□u□□:□@7□@%□0□□□□□□w□`1□0□□□□□@>□0~□□q□`□□□□□□L□0□□□~□□□□□□□□m□□□□P□□`^□pU□□□□@□□0'□□□□□□□□□□p□□0□□□□□□q□Pa□□□□□□□p4□□□□□□□□W□□□□□□□p!□□□□□~□□&□@□□□V□□□□□W□ )□ k□@□□□□□□□□`□□`f□□S□□□□@□□@□□p□□□□□□□□□□□□u□□i□0@□P□□0.□□□□□□□□P□ O□`□□□]□ □□□□□□L□0□□□□□□|□0□□□□□□w□`1□0□□□□□@>□0~□□[□`]□□□□ 3□□□□□□□pO□p□□□□□□Z□□□□P□□□□□□□□□□□□ □0□□□□□□p□□□□□$□□□□`w□□s□□d□P□□0□□0□□ w□P□□@□□□□□0□□□□□□□□ G□P/□□□□ □□PB□@□□□□□□□□□>□p#□□□□ □□□□□□□□p□□□□□□□□`□□□□□□□□□k□p}□□'□0□□P&□`□□□□□□□□□□□ 4□`□□□□□□;□□□□□□□□□□□□□0□□□□□□w□`1□0□□□□□@>□0~□□□□p□□0□□`□□□□□`'□□I□P□□0□□□□□□w□`1□0□□□□□@>□0~□0□□□□□□w□`1□0□□□□□@>□0~□0□□□□□□w□`1□0□□□□□@>□0~□□8□□e□□m□□□□□□□P□□□□□□□□0□□□□□□w□`1□0□□□□□@>□0~□□□□`h□□□□□:□□□□□G□@!□@□□□y□□□□0□□0□□□□□□`□P!□□□□□□□PE□□□□□□□`f□□S□□□□0□□ [... 11328 intervening characters ...] 0□□□□□□w□`1□0□□□□□@>□0~□0□□□□□□w□`1□0□□□□□@>□0~□0□□□□□□w□`1□0□□□□□@>□0~□0□□□□□□w□`1□0□□□□□@>□0~□0□□□□□□w□`1□0□□□□□@>□0~□0□□□□□□w□`1□0□□□□□@>□0~□0□□□□□□w□`1□0□□□□□@>□0~□0□□□□□□w□`1□0□□□□□@>□0~□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\MicrosoftStart
    Yxpyudujhaujdapaosugogahkezyydziazirxunyxetau
    □□□□□□@V□□|□P□□@□□□□□@□□0□□pv□0M□□□□□□□0x□□V□□□□`!□□□□@□□□□□ □□□□□□□□ 0□@w□0(□□g□□□□Pi□P"□pV□□□□□z□□&□□o□□D□□□□□□□□@□□□□@z□□□□`□□□p□□E□`□□p□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {E93F8E10-3350-68DA-BB59-A4C3DF1EE312}
    "c:\Documents and Settings\test user\Application Data\Microsoft\MicrosoftStart.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1A10
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1A10
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    42 db 70 0b e0 37 cf 01
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000009
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\adobe\useadobe.exe
  • c:\docume~1\support\locals~1\temp\tmp3fcc5374.exe
  • c:\docume~1\support\locals~1\temp\tmp9c4dbbc5.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • latarauisdaer.in
  • www.google.bg
  • www.google.com

download Try Sophos products for free
Download now