Troj/MSIL-RD

Category: Viruses and Spyware Protection available since:23 Apr 2014 13:04:43 (GMT)
Type: Trojan Last Updated:05 May 2014 15:51:59 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/MSIL-RD include:

Example 1

File Information

Size
865K
SHA-1
029a96abf38bc797886b49b61d4dbb50c1f558f7
MD5
fc25cb6d6b0090f6f3d57b08e1349a9e
CRC-32
1944f1ae
File type
Windows executable
First seen
2007-09-12

Runtime Analysis

Copies Itself To
  • F:/Sys.exe
  • c:\Documents and Settings\test user\Application Data\DataWork\nvvsvc.exe
  • c:\Documents and Settings\test user\Application Data\Windows Update.exe
Dropped Files
  • F:/autorun.inf
  • c:\Documents and Settings\test user\Application Data\Sample.lnk
    Size
    593
    SHA-1
    d03d6fb7774493496b1b3752ddfcd4062ba3a13c
    MD5
    2d27607b6dd617281b2608be4f6c7352
    CRC-32
    b4a9f650
    File type
    application/octet-stream
    First seen
    2014-04-21
  • c:\Documents and Settings\test user\Application Data\pid.txt
    Size
    4
    SHA-1
    18c85e8f2c6d60773372ef600c979ff3874a91db
    MD5
    6f2688a5fce7d48c8d19762b88c32c3b
    CRC-32
    d8f79985
    File type
    A small file (too small to be malicious)
    First seen
    2014-04-05
  • c:\Documents and Settings\test user\Application Data\pidloc.txt
  • c:\Documents and Settings\test user\Application Data\010112.txt
    Size
    8
    SHA-1
    6747e65163a8f63dc4b3e5c9067f52974cdd815d
    MD5
    f27a2dc8a6c2eb00054b55c9613a2a51
    CRC-32
    1b2c192b
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-04-21
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    53K
    SHA-1
    db88a832074cf222b498eef018e2b4a056456f93
    MD5
    f44363d23cd082c1a99eb91d33e1c927
    CRC-32
    1b37c2c8
    File type
    Microsoft CAB archive
    First seen
    2014-03-12
  • c:\Documents and Settings\test user\Local Settings\Temp\SysInfo.txt
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Size
    216
    SHA-1
    0b169bd31923fe3b2204d4bf28efdda96f6896cd
    MD5
    a8c6bf93b1bc8a232d6012de4dee3ead
    CRC-32
    f7ea08d5
    File type
    Unspecified binary - probably data
    First seen
    2014-04-21
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    sidebar
    c:\Documents and Settings\test user\Application Data\Sample.lnk
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\sample\DEBUG
    Trace Level
Processes Created
  • c:\Documents and Settings\test user\application data\windows update.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://whatismyipaddress.com/
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • smtp.mail.ru
  • whatismyipaddress.com
  • www.download.windowsupdate.com

Example 2

File Information

Size
186K
SHA-1
041d0836cc2da36d82f36437215f47114e671143
MD5
44e557d8dbe42d8410323952bfd1ade0
CRC-32
63a946e2
File type
Windows executable
First seen
2014-04-24

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\DataWork\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    53K
    SHA-1
    db88a832074cf222b498eef018e2b4a056456f93
    MD5
    f44363d23cd082c1a99eb91d33e1c927
    CRC-32
    1b37c2c8
    File type
    Microsoft CAB archive
    First seen
    2014-03-12
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Size
    216
    SHA-1
    11d5624aae5360f46eea50a82ed598c6bf8c0fc0
    MD5
    f8b1c3abc962dcc16f118f09da14e350
    CRC-32
    90cb0a57
    File type
    Unspecified binary - probably data
    First seen
    2014-04-24
  • c:\Documents and Settings\test user\Application Data\java\24-04-2014
    Size
    52
    SHA-1
    cf8027384dd024a334cf0bcd212232abdbd8656e
    MD5
    7334b9201722ecf35b14cb54c2a6c32e
    CRC-32
    a3a28803
    File type
    Unspecified binary - probably data
    First seen
    2014-04-24
  • c:\Documents and Settings\test user\Application Data\Sample.lnk
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    sidebar
    c:\Documents and Settings\test user\Application Data\Sample.lnk
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • www.download.windowsupdate.com
  • xecuter2.zapto.org

Example 3

File Information

Size
232K
SHA-1
060172154ff74ed91db0a20ffe7e1461797ccab2
MD5
540ba98f68cf9eed754e173409ee1698
CRC-32
b70eaeb1
File type
application/x-ms-dos-executable
First seen
2014-04-23

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\DataWork\iexplore.exe
  • c:\Documents and Settings\test user\Application Data\iexplorer.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    53K
    SHA-1
    db88a832074cf222b498eef018e2b4a056456f93
    MD5
    f44363d23cd082c1a99eb91d33e1c927
    CRC-32
    1b37c2c8
    File type
    Microsoft CAB archive
    First seen
    2014-03-12
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Size
    216
    SHA-1
    c39f8e9185f5e25aa421b960a3b6fbf378def854
    MD5
    1055589ca811b4a4205fe0b7862e85e6
    CRC-32
    01c24e8d
    File type
    Unspecified binary - probably data
    First seen
    2014-04-23
  • c:\Documents and Settings\test user\Local Settings\Temp\PC - 23-04-2014-20.42.28.gif
    Size
    40K
    SHA-1
    d92c285f58b2d0846b1efabc9deb4b135ac3daf0
    MD5
    cfebbad20c1e49e23718714a45891604
    CRC-32
    12e28efb
    File type
    Graphic interchange format
    First seen
    2014-04-23
  • c:\Documents and Settings\test user\Application Data\Sample.lnk
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    (Default)
    c:\Documents and Settings\test user\Application Data\iexplorer.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    sidebar
    c:\Documents and Settings\test user\Application Data\Sample.lnk
Processes Created
  • c:\Documents and Settings\test user\application data\iexplorer.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • smtp.gmail.com
  • www.download.windowsupdate.com

download Try Sophos products for free
Download now