Troj/MSIL-SF

Category: Viruses and Spyware Protection available since:05 May 2014 15:51:59 (GMT)
Type: Trojan Last Updated:05 May 2014 15:51:59 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/MSIL-SF include:

Example 1

File Information

Size
6.5K
SHA-1
1775cdee4075f073caec291128aa3b4cfbee3876
MD5
6308047eb88cc0c8d6283c92750e1d87
CRC-32
65b25e4d
File type
Windows executable
First seen
2014-05-04

Example 2

File Information

Size
322K
SHA-1
d798ddfaf4dea1df4bd7f17b1e96650cfb656284
MD5
d27f17db512c997af15c457a159f45ec
CRC-32
4cf1cb1b
File type
Windows executable
First seen
2014-05-05

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Microsoft FxCop\SamSs.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft FxCop\wmiApSrv.exe
    Size
    6.5K
    SHA-1
    1775cdee4075f073caec291128aa3b4cfbee3876
    MD5
    6308047eb88cc0c8d6283c92750e1d87
    CRC-32
    65b25e4d
    File type
    Windows executable
    First seen
    2014-05-04
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Application Identity
    c:\Documents and Settings\test user\Application Data\Microsoft FxCop\wmiApSrv.exe
Processes Created
  • c:\Documents and Settings\test user\application data\microsoft fxcop\samss.exe
  • c:\Documents and Settings\test user\application data\microsoft fxcop\wmiapsrv.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\applaunch.exe
DNS Requests
  • chinatins.no-ip.biz

download Try Sophos products for free
Download now