Troj/EyeStye-M

Category: Viruses and Spyware Protection available since:30 Nov 2012 16:54:47 (GMT)
Type: Trojan Last Updated:30 Nov 2012 16:54:47 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/EyeStye-M exhibits the following characteristics:

File Information

Size
196K
SHA-1
f8a82cb251b4c2fa7dc122bb904deb631ae628ba
MD5
48af07650f386844d1a41782b32a74af
CRC-32
39f857c9
File type
Windows executable
First seen
2011-09-21

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1409
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Recovery
    ClearBrowsingHistoryOnExit
    0x00000000
  • HKEY_USERS\.DEFAULT\Software\Microsoft Windows
    00000056655C5082
    □□□□r□□h□□h□□o□□l□□l□□n□□n□0c□0c□px□□,□□/□0&□`T□□A□□□□ □□□□□□□□□r□□i□`Q□@M□□)□□2□0-□□)□□)□□X□□:□□<□□K□□J□05□@@□□□□P□□□□□□□□@□□P□□@□□p□□□□□□□□0□□□□□P□□□□□@□□□□□□□□□□□□□□□□□□□□□□□P□□P□□□□□□□□□□□□□□`□□@□□ □□0□□□□□□□□□□□p□□□□□□□□P□□□□□□□□□□□□□□□,□□□□P%□ V□`V□□□□□y□□□□□v□`□□ s□0□□□e□PE□P□□□x□□□□Pp□□□□□□□□□□□□□p)□□□□□□□□□□□W□PQ□ B□ B□□^□□□□P□□□d□p□□□□□□g□`h□□z□□|□□F□□K□□y□□|□□K□□K□□Z□□Z□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnIntranet
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1409
    0x00000003
  • HKEY_USERS\S-1-5-18\Software\Microsoft Windows
    00000056655C5082
    □□□□r□□h□□h□□o□□l□□l□□n□□n□0c□0c□px□□,□□/□0&□`T□□A□□□□ □□□□□□□□□r□□i□`Q□@M□□)□□2□0-□□)□□)□□X□□:□□<□□K□□J□05□@@□□□□P□□□□□□□□@□□P□□@□□p□□□□□□□□0□□□□□P□□□□□@□□□□□□□□□□□□□□□□□□□□□□□P□□P□□□□□□□□□□□□□□`□□@□□ □□0□□□□□□□□□□□p□□□□□□□□P□□□□□□□□□□□□□□□,□□□□P%□ V□`V□□□□□y□□□□□v□`□□ s□0□□□e□PE□P□□□x□□□□Pp□□□□□□□□□□□□□p)□□□□□□□□□□□W□PQ□ B□ B□□^□□□□P□□□d□p□□□□□□g□`h□□z□□|□□F□□K□□y□□|□□K□□K□□Z□□Z□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1409
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\PhishingFilter
    ShownServiceDownBalloon
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnPost
    00 00 00 00
Processes Created
  • c:\svchost\3d1a3642448.exe
IP Connections
  • 91.220.35.226:8888
DNS Requests
  • google-adsense-n1.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information