Troj/MSIL-BK

Category: Viruses and Spyware Protection available since:27 Feb 2013 23:35:01 (GMT)
Type: Trojan Last Updated:27 Feb 2013 23:35:01 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MSIL-BK exhibits the following characteristics:

File Information

Size
604K
SHA-1
c56f6172e5b98f126768afebb731a08e8ad09252
MD5
5d02c4850ceaef0be443f0a3b11c8c06
CRC-32
13a68f2b
File type
Windows executable
First seen
2012-11-03

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\FacbookUpdate.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AppLaunch\cvswindows.exe.exe
  • c:\Documents and Settings\test user\Application Data\slave
    Size
    34
    SHA-1
    2efd200c1b2ce5b392ff4077a37bf95f116c43c1
    MD5
    5816515f106460e49d4744ae4751c106
    CRC-32
    c2afcfcc
    File type
    Data Log File (generic)
    First seen
    2012-11-03
  • F:/Autorun.ini
    Size
    36
    SHA-1
    c64591a7ca18a829fde89f119c184114e776f11b
    MD5
    a6355858d5802b80dc9c3ea43c1756ba
    CRC-32
    d215b02a
    File type
    Configuration Data File (generic)
    First seen
    2012-11-03
  • F:/cvswindows.exe.exe
  • c:\Documents and Settings\test user\Application Data\server34423.exe
Registry Keys Created
  • HKCU\Software\VB and VBA Program Settings\SrvID\ID
    7IGAF2BIIK
    JPFX
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Defender
    c:\Documents and Settings\test user\Application Data\server34423.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows Defender
    c:\Documents and Settings\test user\Application Data\server34423.exe
  • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
    7IGAF2BIIK
    November 3, 2012
  • HKCU\Software\Microsoft\Active Setup\Installed Components\{BC22BFBE-FE6E-ABBB-CEFD-FCF833DE12A6}
    StubPath
    c:\Documents and Settings\test user\Application Data\server34423.exe
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{BC22BFBE-FE6E-ABBB-CEFD-FCF833DE12A6}
    StubPath
    c:\Documents and Settings\test user\Application Data\server34423.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\Application Data\server34423.exe
    c:\Documents and Settings\test user\Application Data\server34423.exe:*:Enabled:Windows Messanger
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Windows Defender
    c:\Documents and Settings\test user\Application Data\server34423.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\applaunch\cvswindows.exe.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • 1dragonpk.zapto.org
  • 2dragonpk.zapto.org
  • 3dragonpk.zapto.org
  • dragonpk.zapto.org

download Try Sophos products for free
Download now