Troj/MSIL-NF

Category: Viruses and Spyware Protection available since:13 Mar 2014 09:25:51 (GMT)
Type: Trojan Last Updated:13 Mar 2014 09:25:51 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MSIL-NF exhibits the following characteristics:

File Information

Size
220K
SHA-1
b39cc62662e76f1084563690c5087c05d53732e0
MD5
cb2abc9ff45a3bbc1db85465b1d48e63
CRC-32
4562ec5b
File type
Windows executable
First seen
2014-03-12

Runtime Analysis

Copies Itself To
  • C:\Default Folder\Default File.exe
  • c:\Documents and Settings\test user\Application Data\Default Folder\Default File.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\sample\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\install.imp
    Size
    82
    SHA-1
    11d010d94d8de93b0f995ac0e5240d44a0df455d
    MD5
    a48c03bd9afcca5a1cff1fce97c3e4a4
    CRC-32
    cbbc89c2
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-01-21
  • c:\Documents and Settings\test user\Application Data\imlgs\12-03-2014
    Size
    281
    SHA-1
    33961ae8e73ed211a51c941a6aa8e3bcea36be8b
    MD5
    36dade905222ca602ff44a00d1749b1f
    CRC-32
    be1cd27b
    File type
    Unspecified binary - probably data
    First seen
    2014-03-06
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Default Key
    c:\Documents and Settings\test user\Application Data\Default Folder\Default File.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe
IP Connections
  • 1.1.1.1:
DNS Requests
  • ayool.no-ip.org

download Try Sophos products for free
Download now