Troj/Inject-ABD

Category: Viruses and Spyware Protection available since:11 Dec 2012 14:51:54 (GMT)
Type: Trojan Last Updated:11 Dec 2012 14:51:54 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Inject-ABD exhibits the following characteristics:

File Information

Size
344K
SHA-1
c1204c1dfd41ffa29db60345a5da30a53f635191
MD5
e3b5e83f4e7ccac5c60368ec46255f00
CRC-32
9c7f8fea
File type
Windows executable
First seen
2012-12-02

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To
  • F:/sample.exe
  • c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\2012
    Size
    32
    SHA-1
    f8d91c44235eb9bd6a99f693733a9d68fcf274ba
    MD5
    52a447eb64bd8bc1c16d10b87b2df688
    CRC-32
    93c31e8b
    File type
    Data Log File (generic)
    First seen
    2012-12-07
  • F:/Autorun.ini
    Size
    28
    SHA-1
    1d6e848669f04e6aba25e60276e3bebd4a87238e
    MD5
    ce886cb8e7d70a3272703d782f525212
    CRC-32
    944186af
    File type
    Configuration Data File (generic)
    First seen
    2010-08-16
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    java
    c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    java
    c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
  • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
    4VW3LXAJK6
    December 7, 2012
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    java
    c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
  • HKCU\Software\VB and VBA Program Settings\SrvID\ID
    4VW3LXAJK6
    28/09/2012
  • HKCU\Software\Microsoft\Active Setup\Installed Components\{1DDBA29E-A8AF-35CF-DE19-391CD9BBEEBE}
    StubPath
    c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
    c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe:*:Enabled:Windows Messanger
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1DDBA29E-A8AF-35CF-DE19-391CD9BBEEBE}
    StubPath
    c:\Documents and Settings\test user\Application Data\BRTXEJJTWR4.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • 1imthedreamer.no-ip.org
  • 2imthedreamer.no-ip.org
  • 3imthedreamer.no-ip.org
  • 4imthedreamer.no-ip.org
  • imthedreamer.no-ip.org

download Try Sophos products for free
Download now