Troj/Kovter-C

Category: Viruses and Spyware Protection available since:25 Sep 2013 19:56:07 (GMT)
Type: Trojan Last Updated:25 Sep 2013 19:56:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Kovter-C include:

Example 1

File Information

Size
87K
SHA-1
76d0c1a274eeed1cc5d01f31efa117da993db5a6
MD5
411d1b7cca5c90e24e81fcac1bef9d43
CRC-32
6318de93
File type
Windows executable
First seen
2013-09-25

Other vendor detection

Avira
TR/Kovter.A.27

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\KB7835047\KB7835047.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    KB7835047
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB7835047\KB7835047.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    KB7835047
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB7835047\KB7835047.exe"
  • HKCU\Software\84AC59B0
    2
    1
  • HKCU\Software\Microsoft\Internet Explorer\Main
    UseThemes
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
    .Default
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    KB7835047
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB7835047\KB7835047.exe"
  • HKLM\SOFTWARE\84AC59B0
    2
    1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    KB7835047
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB7835047\KB7835047.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    Explorer.exe, "c:\Documents and Settings\test user\Local Settings\Application Data\KB7835047\KB7835047.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2300
    0x00000000
Processes Created
  • c:\windows\system32\svchost.exe
DNS Requests
  • xvertigo2.biz
  • xvertigo2.org

Example 2

File Information

Size
87K
SHA-1
933612d7a132d9cd0f8fadc7aaa723cd1087e666
MD5
22ac52d671b0ee48b7c371a3eb220b8a
CRC-32
96994fa8
File type
Windows executable
First seen
2011-09-04

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\KB3153242\KB3153242.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    KB3153242
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB3153242\KB3153242.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    KB3153242
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB3153242\KB3153242.exe"
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
    .Default
    0x00000001
  • HKCU\Software\Microsoft\Internet Explorer\Main
    UseThemes
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    KB3153242
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB3153242\KB3153242.exe"
  • HKLM\SOFTWARE\84AC59B0
    2
    1
  • HKCU\Software\84AC59B0
    2
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    KB3153242
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB3153242\KB3153242.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    Explorer.exe, "c:\Documents and Settings\test user\Local Settings\Application Data\KB3153242\KB3153242.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2300
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
Processes Created
  • c:\windows\system32\svchost.exe
DNS Requests
  • xvertigo2.biz
  • xvertigo2.org

Example 3

File Information

Size
87K
SHA-1
daedc8553b0d81c2b9f52e25a2f4327ed8445c29
MD5
1c821952547eb61fcb973e564abeb0a2
CRC-32
235ec87b
File type
Windows executable
First seen
2007-08-20

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\KB5442097\KB5442097.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
    .Default
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    KB5442097
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB5442097\KB5442097.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Main
    UseThemes
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    KB5442097
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB5442097\KB5442097.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Software\84AC59B0
    2
    1
  • HKLM\SOFTWARE\84AC59B0
    2
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    KB5442097
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB5442097\KB5442097.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    KB5442097
    "c:\Documents and Settings\test user\Local Settings\Application Data\KB5442097\KB5442097.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2300
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    Explorer.exe, "c:\Documents and Settings\test user\Local Settings\Application Data\KB5442097\KB5442097.exe"
Processes Created
  • c:\windows\system32\svchost.exe
DNS Requests
  • xvertigo2.biz

download Try Sophos products for free
Download now