Troj/MSIL-PJ

Category: Viruses and Spyware Protection available since:09 Apr 2014 16:10:27 (GMT)
Type: Trojan Last Updated:09 Apr 2014 16:10:27 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MSIL-PJ exhibits the following characteristics:

File Information

Size
1.3M
SHA-1
19000292b7dbcad8f113e939634dbe8d7ff69adc
MD5
bde5c19cfef565e3a3212f815f23f66f
CRC-32
011e7b02
File type
Windows executable
First seen
2014-04-09

Other vendor detection

Avira
TR/Dropper.MSIL.Gen

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\XXAS.EXE
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\Defender.url
  • c:\Documents and Settings\test user\Local Settings\Temp\ANDRO.EXE
  • C:\Program Files\Common Files\lsmass.exe
  • c:\Documents and Settings\test user\Application Data\FlashPlayer\svchost.exe
  • C:\Documents and Settings\All Users\Application Data\wscntfy.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    EnableBalloonTips
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows-Audio Driver
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe:*:Enabled:Windows-Audio Driver
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Windows-Network Component
    C:\Program Files\Common Files\lsmass.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe:*:Enabled:Windows-Audio Driver
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD37E3C0-3D7C-0122-D759-4A18123B2C87}
    IsInstalled
    0x00000001
Processes Created
  • c:\documents and settings\all users\application data\wscntfy.exe
  • c:\docume~1\support\locals~1\temp\andro.exe
  • c:\docume~1\support\locals~1\temp\xxas.exe
  • c:\program files\common files\lsmass.exe
  • c:\windows\system32\netsh.exe
DNS Requests
  • google.com
  • movie-blog.ml

download Try Sophos products for free
Download now