What We Do
- Your Needs
  Security Goals
  INDUSTRIES & SECTORS
  COMPANY SIZE
  PRODUCT FEATURES
  CASE STUDIES
  - Education
  - Financial
  - Government
  - Healthcare
  - Technology
  - Other
- Why Sophos
  Company Overview
  Our People
  INNOVATIVE TECHNOLOGY
  ALERT SERVICES
- Products
  Product Features
  Product Families
  - Unified (formerly Astaro)
  - Endpoint
  - Network
  - Encryption
  - Web
  - Email
  - Mobile
  Complete Security
  - All-in-One Security Suites
  PRODUCTS BY NAME
  - Products A-Z
  Free Tools
  Next Steps
  RESOURCES
Getting Answers
- Support
  FIND AN ANSWER
  Support by Product
  - > View all
  Maintain your Product
  Hire an Expert
  WHAT'S POPULAR
- Threat Center
  THREAT ANALYSIS
  THREAT STATISTICS
  WHAT'S POPULAR
  Threat Definitions
  - A-Z of Threats
  THREAT MONITORING
What's Happening
- Security News/Trends
  SECURITY HUBS
  LIBRARY
  Whats Popular
  WHAT'S NEW
  Community
  - Naked Security
  - Connect with Us
  IT SECURITY TRAINING
  ANATOMY OF AN ATTACK
- Partners
  RESELLER PARTNERS
  - Overview
  - Why Partner with Sophos?
  Managed Service Providers
  - Overview
  SYSTEM INTEGRATORS
  - Overview
  OEM and Technology
  WHAT'S POPULAR

Troj/MSIL-AX

Category:	Viruses and Spyware	Protection available since:	22 Jan 2013 07:23:11 (GMT)
Type:	Trojan	Last Updated:	23 Jan 2013 10:27:59 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/MSIL-AX include:

Example 1

File Information

Size: 624K
SHA-1: d2739ff3e76e5f0b157faa3559bee64249c9027c
MD5: 3fa1e25a84ec324a86b30d6f44cc8f3d
CRC-32: 44a851e4
File type: Windows executable
First seen: 2013-01-22

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\Local Settings\Temp\panmap.exe

Dropped Files

c:\Documents and Settings\test user\Templates\CertPolEng.exe

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Certificate Policy Engine
c:\Documents and Settings\test user\Templates\CertPolEng.exe
HKCU\Software\DC3_FEXEC
22/01/2013 at 03:19:12
{8683e91a-044e-11df-871e-806d6172696f-1612674719}

Processes Created

c:\Documents and Settings\test user\local settings\temp\panmap.exe
c:\Documents and Settings\test user\templates\certpoleng.exe
c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe

DNS Requests

maxliberty02.zapto.org

Example 2

File Information

Size: 503K
SHA-1: 99a5daa7876eea392f35fc46180e0d5e899aa74b
MD5: 98c92224da7744d2d71cef9dcc90e386
CRC-32: f99f5261
File type: RAR compressed archive
First seen: 2013-01-22

Example 3

File Information

Size: 475K
SHA-1: a7a87bcfb968cf190807f77ad6b6f5586cc0bfd4
MD5: 2f5b30ee9f430a3e444f91b93b448a81
CRC-32: 6120fa2c
File type: Windows executable
First seen: 2013-01-23

Runtime Analysis

Copies Itself To

c:\Documents and Settings\test user\Local Settings\Temp\panmap.exe
c:\Documents and Settings\test user\Templates\explorer.exe

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\support8
c:\Documents and Settings\test user\Application Data\601F769F\ak.tmp
Size
31
SHA-1
c28e1f12aa19cb840841e1ca9cad543f98cfc2cf
MD5
ba29d7401798f0513a55993f520d2eb9
CRC-32
f65671c1
File type
ASCII text / 8-bit Unicode Transformation Format
First seen
2012-04-03
c:\Documents and Settings\test user\Templates\CertPolEng.exe

Registry Keys Created

HKCU\Software\remote
NewGroup
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Certificate Policy Engine
c:\Documents and Settings\test user\Templates\CertPolEng.exe

Processes Created

c:\Documents and Settings\test user\local settings\temp\panmap.exe
c:\Documents and Settings\test user\templates\certpoleng.exe
c:\Documents and Settings\test user\templates\explorer.exe
c:\windows\microsoft.net\framework\v2.0.50727\applaunch.exe

DNS Requests

efea8ed2.zapto.org

Try Sophos products for free
Download now