Troj/Karag-Q

Category: Viruses and Spyware Protection available since:14 Nov 2012 20:30:09 (GMT)
Type: Trojan Last Updated:14 Nov 2012 20:30:09 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Karag-Q exhibits the following characteristics:

File Information

Size
134K
SHA-1
5ee0d8c03188cdbb0bafddd216f5a0fc9ced93a1
MD5
d5d034945a89c76d9c94742dcd1b2480
CRC-32
1e1c0f3c
File type
Windows executable
First seen
2012-11-14

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Task Scheduler\Task Scheduler.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#get-locked.info\settings.sol
    Size
    56
    SHA-1
    e8e182dd9908aa9390895ea3d61f1c6847cd6c24
    MD5
    06d353b92678bb534c15082820056860
    CRC-32
    5d7f2cd5
    File type
    Unspecified binary - probably data
    First seen
    2012-11-14
  • c:\Documents and Settings\test user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
    Size
    184
    SHA-1
    715e7b21d7707e7b1e68e46e13fa1062ef620056
    MD5
    fb0a9544bed8fdf0262443180538f199
    CRC-32
    8031da3c
    File type
    Unspecified binary - probably data
    First seen
    2012-11-14
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\Task Scheduler.lnk
    Size
    695
    SHA-1
    3325f04a64e6ae0b5631d70a5839c705cf92e8d5
    MD5
    08c60694cf87edc2ff35d0e29c724965
    CRC-32
    4b49eaba
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-09-11
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Task Scheduler
    "c:\Documents and Settings\test user\Application Data\Task Scheduler\Task Scheduler.exe"
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
    "c:\Documents and Settings\test user\Application Data\Task Scheduler\Task Scheduler.exe"
    DisableNXShowUI
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
    "c:\Documents and Settings\test user\Application Data\Task Scheduler\Task Scheduler.exe"
    DisableNXShowUI
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Task Scheduler
    "c:\Documents and Settings\test user\Application Data\Task Scheduler\Task Scheduler.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012111420121115
    CacheRepair
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    HideIcons
    0x00000001
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    Task Scheduler.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
Processes Created
  • c:\Documents and Settings\test user\application data\task scheduler\task scheduler.exe
  • c:\windows\system32\ipconfig.exe
HTTP Requests
  • http://get-locked.info/usa/bg_USA.jpg
  • http://get-locked.info/usa/fresh_buttons/buttons.css
  • http://get-locked.info/usa/index.php
  • http://get-locked.info/usa/jquery-ui.css
  • http://get-locked.info/usa/jquerywebcamhelper.swf
  • http://get-locked.info/usa/js/jquery-ui.js
  • http://get-locked.info/usa/js/jquery.flash.js
  • http://get-locked.info/usa/js/jquery.min.js
  • http://get-locked.info/usa/js/jquery.webcam.js
  • http://get-locked.info/usa/js/keyboard.js
DNS Requests
  • get-locked.info

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information