Troj/MSIL-SO

Category: Viruses and Spyware Protection available since:09 May 2014 16:13:41 (GMT)
Type: Trojan Last Updated:09 May 2014 16:13:41 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MSIL-SO exhibits the following characteristics:

File Information

Size
965K
SHA-1
1e42b2e659ca803136ab91b22ca3c10e1c7098a9
MD5
4ea45e97e75305537d7b0c7db6fc56f8
CRC-32
c35acfe0
File type
application/x-ms-dos-executable
First seen
2014-05-09

Other vendor detection

Avira
TR/Dropper.MSIL.Gen

Runtime Analysis

Copies Itself To
  • C:\Program Files\payment.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\logmail.txt
  • c:\Documents and Settings\test user\Application Data\Temp.exe
    Size
    444K
    SHA-1
    d048aeba564c017f80ea7bbb234017068308992c
    MD5
    725cf1c3c011eb5e219014c48550459e
    CRC-32
    d2300def
    File type
    Windows executable
    First seen
    2014-05-09
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\Temp.exe
    Size
    444K
    SHA-1
    d048aeba564c017f80ea7bbb234017068308992c
    MD5
    725cf1c3c011eb5e219014c48550459e
    CRC-32
    d2300def
    File type
    Windows executable
    First seen
    2014-05-09
  • c:\Documents and Settings\test user\Application Data\Microsoft\Example.exe
    Size
    444K
    SHA-1
    d048aeba564c017f80ea7bbb234017068308992c
    MD5
    725cf1c3c011eb5e219014c48550459e
    CRC-32
    d2300def
    File type
    Windows executable
    First seen
    2014-05-09
Registry Keys Created
  • HKCU\Software\Policies\Microsoft\Windows\System
    DisableCMD
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Example
    c:\Documents and Settings\test user\Application Data\Microsoft\Example.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
Processes Created
  • c:\Documents and Settings\test user\application data\temp.exe
  • c:\Documents and Settings\test user\local settings\temp\payment.com
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
HTTP Requests
  • http://www.myip.ru/en-EN/index.php
DNS Requests
  • smtp.gmail.com
  • www.myip.ru

download Try Sophos products for free
Download now