Troj/Inject-ABD

Category:	Viruses and Spyware	Protection available since:	11 Dec 2012 14:51:54 (GMT)
Type:	Trojan	Last Updated:	11 Dec 2012 14:51:54 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Inject-ABD exhibits the following characteristics:

File Information

Size: 344K
SHA-1: c1204c1dfd41ffa29db60345a5da30a53f635191
MD5: e3b5e83f4e7ccac5c60368ec46255f00
CRC-32: 9c7f8fea
File type: Windows executable
First seen: 2012-12-02

Other vendor detection

Kaspersky: HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To

F:/sample.exe
c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
c:\Documents and Settings\test user\Local Settings\Temp\test_item.exe

Dropped Files

c:\Documents and Settings\test user\Application Data\2012
Size
32
SHA-1
f8d91c44235eb9bd6a99f693733a9d68fcf274ba
MD5
52a447eb64bd8bc1c16d10b87b2df688
CRC-32
93c31e8b
File type
Data Log File (generic)
First seen
2012-12-07
F:/Autorun.ini
Size
28
SHA-1
1d6e848669f04e6aba25e60276e3bebd4a87238e
MD5
ce886cb8e7d70a3272703d782f525212
CRC-32
944186af
File type
Configuration Data File (generic)
First seen
2010-08-16

Registry Keys Created

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
java
c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
java
c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
4VW3LXAJK6
December 7, 2012
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
java
c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
HKCU\Software\VB and VBA Program Settings\SrvID\ID
4VW3LXAJK6
28/09/2012
HKCU\Software\Microsoft\Active Setup\Installed Components\{1DDBA29E-A8AF-35CF-DE19-391CD9BBEEBE}
StubPath
c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe:*:Enabled:Windows Messanger
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1DDBA29E-A8AF-35CF-DE19-391CD9BBEEBE}
StubPath
c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe

Registry Keys Modified

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
DoNotAllowExceptions
0x00000000

Processes Created

c:\windows\system32\cmd.exe
c:\windows\system32\reg.exe

DNS Requests

1imthedreamer.no-ip.org
2imthedreamer.no-ip.org
3imthedreamer.no-ip.org
4imthedreamer.no-ip.org
imthedreamer.no-ip.org

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Inject-ABD

File Information

Other vendor detection

Runtime Analysis

Copies Itself To

Dropped Files

Registry Keys Created

Registry Keys Modified

Processes Created

DNS Requests

Free Mac Anti-Virus

Popular topics