Troj/Luder-E

Category: Viruses and Spyware Protection available since:06 May 2013 03:51:38 (GMT)
Type: Trojan Last Updated:06 May 2013 03:51:38 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Luder-E include:

Example 1

File Information

Size
249K
SHA-1
9ea7b580c2c23e291142d828ba611d60e76c8041
MD5
d67ef9808230a3c8156efa06ede984dc
CRC-32
22cf6d91
File type
Windows executable
First seen
2013-05-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Riidx\voyf.bul
    Size
    3.8K
    SHA-1
    9a72cb53bfb6f6a06ac72d45c0e0b29ffc1cb5ae
    MD5
    e6579a23942726bd96c01707c633a811
    CRC-32
    37f0ecb8
    File type
    Unspecified binary - probably data
    First seen
    2013-05-05
  • c:\Documents and Settings\test user\Application Data\Keymqa\iqvi.exe
    Size
    249K
    SHA-1
    e992b4d96a4267ca17d3c0dcf79fe8541f1bb269
    MD5
    5ff9cf7120496b348eb6e439ea96f2cc
    CRC-32
    edf3488c
    File type
    Windows executable
    First seen
    2013-05-05
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Olyfdaid
    "c:\Documents and Settings\test user\Application Data\Keymqa\iqvi.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Okxu
    Awsoysyq
    T□□□□□□q□p□□p`□□□□@W□□□□@□□□□□□q□p□□p`□□□□@W□□□□@□□□□□□q□p□□p`□□□□@W□□□□`□□`□□□□□□□□□□□P□□□y□@□□@□□□□□□q□p□□p`□□□□@W□□□□@□□□□□□q□p□□p`□□□□@W□□□□@□□□□□□q□p□□p`□□□□@W□□□□`□□□9□ □□□□□`□□□.□□□□□□□@□□□□□□q□p□□p`□□□□@W□□□□@□□□□□□q□p□□p`□□□□@W□□□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    b0 7d f8 59 a2 49 ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\keymqa\iqvi.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • d71b28d222eb1f01.com

Example 2

File Information

Size
172K
SHA-1
7fb280348ed1b1a7955a334b2a870e92ee9c9b31
MD5
0c8f16bc36f7046b56d16dbf2486841e
CRC-32
bbe2951a
File type
Windows executable
First seen
2013-05-05

Example 3

File Information

Size
52K
SHA-1
1684ae9e3354212f9653907a4b65f4c0fd2a8035
MD5
0a5a0d552a82345f46fa8ed62a884e93
CRC-32
5cebbafc
File type
Windows executable
First seen
2013-05-04

download Try Sophos products for free
Download now