Troj/MSIL-GA

Category: Viruses and Spyware Protection available since:29 Sep 2013 03:35:39 (GMT)
Type: Trojan Last Updated:23 Jan 2014 19:09:29 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/MSIL-GA include:

Example 1

File Information

Size
170K
SHA-1
122266a29720c3dadabe7f9d00c2d74c6e29740f
MD5
ef84c6f45c3ab3f1326ee1931b18d8c1
CRC-32
d5ab0f6c
File type
Windows executable
First seen
2013-09-28

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Kasai\vyygcia.exe
    Size
    170K
    SHA-1
    4257a6a61c78c34939db5c5c17d2522f6c5a19d1
    MD5
    a9e62e3b4f77bc12f46afad491fa8cd7
    CRC-32
    1a7a490f
    File type
    Windows executable
    First seen
    2013-09-28
  • c:\Documents and Settings\test user\Application Data\Qaxab\likaha.ewu
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
  • HKCU\Software\Microsoft\Wosoeb
    Awutvuegc
    5□□□?□□□□□^□□|□□Z□□□□□□□□□□□□□@□□□□□□□□□□□□□□ □□`□□□□□□□□□□□ ~□□,□□□□□□□□□□@n□0□□□□□□N□P□□@□□@□□□2□□M□`&□□3□□□□□□□□□□p@□□o□□I□□□□□X□□□□□□□P□□`~□ □□P2□ □□`□□□□□□□□□□□□□□P□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {7EDCD9A2-D1AF-5370-9F95-A4AA2FF3F645}
    "c:\Documents and Settings\test user\Application Data\Kasai\vyygcia.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    %windir%\explorer.exe
    %windir%\explorer.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    1c fd b9 00 9a bc ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\kasai\vyygcia.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • vmaxxmobile.com

Example 2

File Information

Size
170K
SHA-1
4257a6a61c78c34939db5c5c17d2522f6c5a19d1
MD5
a9e62e3b4f77bc12f46afad491fa8cd7
CRC-32
1a7a490f
File type
Windows executable
First seen
2013-09-28

Example 3

File Information

Size
162K
SHA-1
94331a1f33434360a767533767e07f5d243553e1
MD5
2a794993362f3edc01bc6265a9d36109
CRC-32
3b82a3d2
File type
PK ZIP archive
First seen
2013-09-28

Other vendor detection

Avira
TR/Dropper.Gen

download Try Sophos products for free
Download now