Troj/HkMain-U

Category: Viruses and Spyware Protection available since:11 Apr 2014 21:25:11 (GMT)
Type: Trojan Last Updated:11 Apr 2014 21:25:11 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/HkMain-U include:

Example 1

File Information

Size
94K
SHA-1
001dba687b86ca4b2e4d09580965dad1b73f0c7a
MD5
89bc307b092b2784f242f81f00a28a18
CRC-32
21eb977c
File type
Windows executable
First seen
2007-09-10

Runtime Analysis

Registry Keys Created
  • HKCR\SdiMul.Document\shell\open\command
    (Default)
    c:\test_item.exe "%1"
  • HKCR\.mul
    (Default)
    SdiMul.Document
  • HKCU\Software\NVIDIA Corporation\Global\nvUpdSrv
    GUID
    eba552ab-6dfa-43d4-82b9-f255265ea5dc
  • HKCR\SdiMul.Document\shell\printto\command
    (Default)
    c:\test_item.exe /pt "%1" "%2" "%3" "%4"
  • HKCR\SdiMul.Document\DefaultIcon
    (Default)
    c:\test_item.exe,0
  • HKCR\.mul\ShellNew
    NullFile
  • HKCR\SdiMul.Document
    (Default)
    SdiMul Document
  • HKCR\SdiMul.Document\shell\print\command
    (Default)
    c:\test_item.exe /p "%1"
IP Connections
  • 107.21.217.73:43993
  • 123.30.174.195:18387
  • 146.185.168.29:22512
  • 149.122.96.151:31993
  • 176.28.54.73:31571
  • 176.67.160.41:41047
  • 184.168.221.25:22903
  • 188.42.240.93:19592
  • 200.59.162.167:25833
  • 212.82.222.4:60541
  • 223.165.30.17:36991
  • 223.202.33.211:11197
  • 93.115.83.215:49191

Example 2

File Information

Size
229K
SHA-1
0081c7e2776970b0bd04eebb7c3d5bc77e653091
MD5
bb69ca15c09903f6f574347f865bf00f
CRC-32
4065cb44
File type
Windows executable
First seen
2007-09-10

Example 3

File Information

Size
105K
SHA-1
03034a2b05b2f78202cde2cf70857f9e337b9353
MD5
b33872d36f4979c45ec9685eaa23388c
CRC-32
c1e7ca4a
File type
Windows executable
First seen
2014-03-29

Runtime Analysis

Registry Keys Created
  • HKCR\.mul\ShellNew
    NullFile
  • HKCR\.mul
    (Default)
    SdiMul.Document
  • HKCU\Software\Dmnrafozwi
    License
    0x0000d594
  • HKCR\SdiMul.Document
    (Default)
    SdiMul Document
  • HKCR\SdiMul.Document\shell\print\command
    (Default)
    c:\test_item.exe /p "%1"
  • HKCR\SdiMul.Document\shell\open\command
    (Default)
    c:\test_item.exe "%1"
  • HKCR\SdiMul.Document\shell\printto\command
    (Default)
    c:\test_item.exe /pt "%1" "%2" "%3" "%4"
  • HKLM\SOFTWARE\Dmnrafozwi
    License
    0x0000d594
  • HKCR\SdiMul.Document\DefaultIcon
    (Default)
    c:\test_item.exe,0
HTTP Requests
  • http://consylt-pro.com/b/shoe/54676
  • http://ht-regito.com/libs2/jquery/
DNS Requests
  • consylt-pro.com
  • ht-regito.com

download Try Sophos products for free
Download now