Troj/MSIL-IN

Category: Viruses and Spyware Protection available since:21 Dec 2013 12:08:05 (GMT)
Type: Trojan Last Updated:21 Dec 2013 12:08:05 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/MSIL-IN include:

Example 1

File Information

Size
1.5M
SHA-1
2c676f1f5675d8fe635b3d67ffe3304e8eefe929
MD5
db288368d51d684d19ac493e1a9a9a11
CRC-32
5437fae4
File type
Windows executable
First seen
2013-11-26

Other vendor detection

Avira
TR/Crypt.ZPACK.Gen

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\logmail.txt
Processes Created
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.myip.ru/en-EN/index.php
DNS Requests
  • smtp.gmail.com
  • www.myip.ru

Example 2

File Information

Size
1.7M
SHA-1
c473d0eb702f4009b54b603f2212e3c7f90a68ee
MD5
be5323f604f5af7e708643401c421136
CRC-32
1397e832
File type
Windows executable
First seen
2013-11-26

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    wextract_cleanup0
    rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\support\LOCALS~1\Temp\IXP000.TMP\"
Processes Created
  • c:\docume~1\support\locals~1\temp\ixp000.tmp\monty22.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.myip.ru/en-EN/index.php
DNS Requests
  • smtp.gmail.com
  • www.myip.ru

download Try Sophos products for free
Download now