Troj/Inject-ARH

Category: Viruses and Spyware Protection available since:20 Nov 2013 23:33:51 (GMT)
Type: Trojan Last Updated:03 Dec 2013 01:11:06 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Inject-ARH include:

Example 1

File Information

Size
2.4M
SHA-1
8a1b26c1ccf0beb3e74634de0d9b13327712f768
MD5
2a65f8d2f243a76e56eab7956b9a9b06
CRC-32
72af3f72
File type
Windows executable
First seen
2013-11-20

Other vendor detection

Avira
TR/Crypt.XPACK.Gen2

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\rlhywqed.rlh
    Size
    167K
    SHA-1
    6d989611978ea6e0a5e08beb42d89f1cefbb7446
    MD5
    ae7a869e57a747abbbe36d69b284e595
    CRC-32
    5f52a746
    File type
    Unspecified binary - probably data
    First seen
    2013-11-20
  • C:\Documents and Settings\All Users\Application Data\{B90B5256-142C-5A1E-C980-38A04633123D}\NPServiceApp.dll
    Size
    1.8M
    SHA-1
    29a0e1a686c9960517749410e0a70c0d63df1f40
    MD5
    a1e18611ce4b76b69aafb4c713b4d72c
    CRC-32
    d7f02d41
    File type
    Windows executable
    First seen
    2013-11-20
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Handlers
    C:\WINDOWS\System32\RunDll32.exe shell32.dll,SHCreateLocalServerRunDll {E720A70C-0C54-1148-1E21-AF6C97887BB8} -Embedding
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    AppInit_DLLs
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\{B90B5~1\NPSERV~1.DLL
Processes Created
  • c:\windows\system32\rundll32.exe
HTTP Requests
  • http://198.50.216.201/img/icon.gif
IP Connections
  • 198.50.216.200:80
  • 198.50.216.201:80
  • 198.50.216.204:80

Example 2

File Information

Size
1.8M
SHA-1
29a0e1a686c9960517749410e0a70c0d63df1f40
MD5
a1e18611ce4b76b69aafb4c713b4d72c
CRC-32
d7f02d41
File type
Windows executable
First seen
2013-11-20

Example 3

File Information

Size
1.8M
SHA-1
29a6ab58881d186951ccf9cea265059f79a61b0e
MD5
ea0cfcb02c7b0afe729ad10ec55c3f5d
CRC-32
8b810a1f
File type
Windows executable
First seen
2007-08-25

download Try Sophos products for free
Download now