Troj/Injecto-BQ exhibits the following characteristics:
File Information
- Size
- 250K
- SHA-1
- 5c4d3f19c80cd22a90f3796c0a55b089fb3ad85d
- MD5
- a8330babdaac01b4994af5107796d006
- CRC-32
- 5b75229a
- File type
- Windows executable
- First seen
- 2012-12-11
Other vendor detection
- Trend
- PAK_Generic.012
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
- Size
- 740
- SHA-1
- 31e589498a7d9aac15940051e949987db52db9f0
- MD5
- f9e883195b8b36735c41acfbfb7007ed
- CRC-32
- 6e71c29b
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-12-11
- C:\Documents and Settings\All Users\Application Data\elpmas.pad
- Size
- 91M
- SHA-1
- a4ab98c5c9e49eace19128225afd9429c60d84dc
- MD5
- d09f2aec5ca9255672db52cdeac81506
- CRC-32
- e6f82e60
- File type
- Unspecified binary - probably data
- First seen
- 2012-12-11
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Internet Explorer\Main
- NoProtectedModeBanner
- 0x00000001
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 2500
- 0x00000003
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
IP Connections
- 146.185.255.219:443
- 66.197.250.229:443
DNS Requests