Troj/Kazy-BR

Category: Viruses and Spyware Protection available since:25 Sep 2013 19:56:07 (GMT)
Type: Trojan Last Updated:25 Sep 2013 19:56:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Kazy-BR exhibits the following characteristics:

File Information

Size
513K
SHA-1
c0428f3d4e6a66362f252352ec61d8b2751e3677
MD5
bb00135ff964a07ca7a90354ed2afca7
CRC-32
591caeb3
File type
Windows executable
First seen
2013-09-23

Other vendor detection

Avira
TR/Kazy.252973

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\r58Ies.tmp
    Size
    19
    SHA-1
    ae78b1a84a7ad41cd73855a960f5f984c1baa10f
    MD5
    818b4df9ce38ac0a64e735911ace9110
    CRC-32
    95b4ac0c
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-08-14
  • c:\Documents and Settings\test user\Application Data\support.txt
    Size
    236
    SHA-1
    00aff158193875b583b98d909f3dab6451be3dd9
    MD5
    8ca13645a68d8696ad5f94f9bad10a44
    CRC-32
    bb058aaf
    File type
    Base64 encoded
    First seen
    2013-09-25
Registry Keys Created
  • HKCU\Software\Microsoft\Windows Script Host\Settings
    Enabled
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Shell
    c:\Documents and Settings\test user\Application Data\test_item.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\wscript.exe
HTTP Requests
  • http://freegeoip.net/json/
DNS Requests
  • ayool3.no-ip.org
  • freegeoip.net

download Try Sophos products for free
Download now