Troj/HkMain-K

Category: Viruses and Spyware Protection available since:13 Dec 2013 06:52:32 (GMT)
Type: Trojan Last Updated:13 Dec 2013 06:52:32 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/HkMain-K include:

Example 1

File Information

Size
140K
SHA-1
15a790598e7fd7f6c1ee45dbb21f3cf163091a9d
MD5
a3f628d5ece215a311ee878838e4974d
CRC-32
ac5156a1
File type
Windows executable
First seen
2013-12-10

Runtime Analysis

Registry Keys Created
  • HKCR\Cad.Document\DefaultIcon
    (Default)
    c:\test_item.exe,0
  • HKCR\Cad.Document\shell\printto\command
    (Default)
    c:\test_item.exe /pt "%1" "%2" "%3" "%4"
  • HKCR\Cad.Document
    (Default)
    Cad Document
  • HKCR\Cad.Document\shell\print\command
    (Default)
    c:\test_item.exe /p "%1"
  • HKCU\Software\Dmnrafozwi
    License
    0x000001c8
  • HKCR\.dat
    (Default)
    Cad.Document
  • HKCR\.dat\ShellNew
    NullFile
  • HKCR\Cad.Document\shell\open\command
    (Default)
    c:\test_item.exe "%1"
  • HKLM\SOFTWARE\Dmnrafozwi
    License
    0x000001c8
HTTP Requests
  • http://dns-rabbit.com/ajax3.17/script/
  • http://net-forwarding.com/b/shoe/456
  • http://networksecurityx.hopto.org/
DNS Requests
  • dns-rabbit.com
  • net-forwarding.com
  • networksecurityx.hopto.org

Example 2

File Information

Size
80K
SHA-1
aadf3f319795937d895257e8e8280d6dcdb2385d
MD5
9741d2aa6cf35ac6151f255c3f9963f8
CRC-32
615ee47c
File type
Windows executable
First seen
2013-12-11

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\st1m.bat
    Size
    115
    SHA-1
    f3dd90ea9c87070e0c08c9a03af2f29e7bc3f5df
    MD5
    00e194cd7e9c0c727205d1ea04db803a
    CRC-32
    deb15b36
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-10-12
Processes Created
  • c:\windows\explorer.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://networksecurityx.hopto.org/
DNS Requests
  • networksecurityx.hopto.org

Example 3

File Information

Size
80K
SHA-1
c33ee9e4d02d7b6de0ae77914720ef0626cccc6a
MD5
28cdefc25f2e961ed0d4af454d098e0b
CRC-32
30c694cc
File type
Windows executable
First seen
2013-12-09

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\st1m.bat
    Size
    115
    SHA-1
    f3dd90ea9c87070e0c08c9a03af2f29e7bc3f5df
    MD5
    00e194cd7e9c0c727205d1ea04db803a
    CRC-32
    deb15b36
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-10-12
Processes Created
  • c:\windows\explorer.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://networksecurityx.hopto.org/
DNS Requests
  • networksecurityx.hopto.org

download Try Sophos products for free
Download now