Troj/Kryptik-BB

Category: Viruses and Spyware Protection available since:23 Jul 2013 14:09:53 (GMT)
Type: Trojan Last Updated:23 Jul 2013 14:09:53 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Kryptik-BB exhibits the following characteristics:

File Information

Size
113K
SHA-1
c69c7cbc88e9c8ab855ad06d33e61a2ea4fd0d09
MD5
c3059db70697af10b89cb765696c58e1
CRC-32
2a98854e
File type
Windows executable
First seen
2013-07-23

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\27ljm.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\27ljm.dat
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\mjl72.js
    Size
    3.2K
    SHA-1
    db11fecddd48656e59a7d38351cd9088fcec3d5d
    MD5
    f74b977537ff96a16dec1a3d3c1870ae
    CRC-32
    0056ca96
    File type
    JavaScript
    First seen
    2013-07-23
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\regmonstd.lnk
    Size
    802
    SHA-1
    c655a0cf226b567d6448311b8ca9a89e56cf0834
    MD5
    42ca0026a4b898700ed6c3393dc2ef7a
    CRC-32
    fc175409
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-07-23
  • c:\Documents and Settings\test user\Local Settings\Temp\mjl72.pad
    Size
    91M
    SHA-1
    705f3977eb19a4d268852b973554b7775c7a903e
    MD5
    0fb0535950e5e411fa6b819e83792562
    CRC-32
    81ccdced
    File type
    Unspecified binary - probably data
    First seen
    2013-07-23
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
Processes Created
  • c:\windows\system32\rundll32.exe
IP Connections
  • 37.139.53.169:80
  • 37.139.53.199:443
  • 37.139.53.199:80

download Try Sophos products for free
Download now