Troj/MSIL-GM

Category: Viruses and Spyware Protection available since:26 Sep 2013 07:07:43 (GMT)
Type: Trojan Last Updated:07 Jan 2014 07:11:16 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/MSIL-GM include:

Example 1

File Information

Size
649K
SHA-1
05177f74b7a70a2078dc73f128af19bf3a24f4bb
MD5
0678aee3db1e9198865bc51f5017024a
CRC-32
0a55aad6
File type
Windows executable
First seen
2013-09-27

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Cookies\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\logff.txt
Registry Keys Created
  • HKCU\Software\Microsoft\Windows Script Host\Settings
    Enabled
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Shell
    c:\Documents and Settings\test user\Cookies\test_item.exe
Processes Created
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\wscript.exe
HTTP Requests
  • http://www.myip.ru/en-EN/index.php
DNS Requests
  • www.limitlessproducts.org
  • www.myip.ru

Example 2

File Information

Size
650K
SHA-1
0e6c8454374c17b5f18477fe7ac830fc661052ef
MD5
af291ad43d04b39a68374bf8d24706f5
CRC-32
f8646cc4
File type
Windows executable
First seen
2013-09-23

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Cookies\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\logff.txt
Registry Keys Created
  • HKCU\Software\Microsoft\Windows Script Host\Settings
    Enabled
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Shell
    c:\Documents and Settings\test user\Cookies\test_item.exe
Processes Created
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\wscript.exe
HTTP Requests
  • http://www.myip.ru/en-EN/index.php
DNS Requests
  • www.limitlessproducts.org
  • www.myip.ru

Example 3

File Information

Size
742K
SHA-1
0fd5cfee048aff0c8d0f5d08559f076cc0c4ba5b
MD5
41cd7be40e41688bd96b649fe0c4ad8f
CRC-32
d555fa9e
File type
Windows executable
First seen
2013-09-29

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Cookies\test_item.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows Script Host\Settings
    Enabled
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    Shell
    c:\Documents and Settings\test user\Cookies\test_item.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\wscript.exe
HTTP Requests
  • http://www.myip.ru/en-EN/index.php
DNS Requests
  • www.limitlessproducts.org
  • www.myip.ru

download Try Sophos products for free
Download now