Troj/Medfos-BP

Category: Viruses and Spyware Protection available since:09 Dec 2012 23:52:33 (GMT)
Type: Trojan Last Updated:09 Dec 2012 23:52:33 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Medfos-BP include:

Example 1

File Information

Size
170K
SHA-1
0ff17907d084e8b612f5df6983e8e0c8818d0cd8
MD5
440b5182d55d3981a2c57edbe1c7c67e
CRC-32
4051da03
File type
application/x-ms-dos-executable
First seen
2012-12-09

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\Piriform\uyrpengx.dll
    Size
    440K
    SHA-1
    120c95cab26ddf164abaf76e15be3fe72a8e7c9a
    MD5
    a609f60546dfeadcfd63c25077cfd1a8
    CRC-32
    96213923
    File type
    application/x-ms-dos-executable
    First seen
    2012-12-09
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Piriform
    RU□□D□□L□02□□E□□E□□"□0:□□D□□c□Pm□Pn□@s□□a□□d□□S□Pt□@i□□g□0\□0u□□p□□r□@\□□o□0a□□ □0e□@t□□n□ps□□A□□p□□i□0a□@i□□n□□D□□t□□\□□i□ i□`o□ m□□u□□r□□e□□g□□.□@l□□"□□D□`E□□c□pe□@A□□I□Px□@□□□□□p□□□d□`□□□□□□□□□
  • HKCU\Software\Piriform
    {89775F8E-69D8-D481-66A4-497EA2EDF109}
    □S□□□□□□□@.□`□□p□□□)□□B□□□□□□□□□□`□□ □□@^□PP□`9□□□□□□□PJ□Pv□□,□`□□`d□□□□□□□□:□P□□@□□□L□ □□0□□ □□□N□□Y□0□□0?□`□□□□□@□□□□□0□□□F□□'□□□□□□□□□□□□□@□□□/□`W□□□□□□□□□□P□□□□□□□□P□□□□□`□□□□□□□□□^□`□□□i□ □□□$□p□□□□□`d□□{□@-□□N□□?□□□□P□□□4□□S□□$□PO□□X□Pa□□□□□S□0G□□□□□□□ □□0%□`□□□□□ps□□□□0□□□□□`%□0□□PB□□□□ □□`□□□□□□'□□□□□□□□\□0i□P□□□□□`2□□□□0□□□□□P□□□l□□□□□□□`□□P8□□H□@□□□□□p□□□~□`□□PA□□□□□□□@□□□□□□□□□"□□W□□□□□□□@□□`%□@]□`□□□L□□□□□□□□[□□□□@T□□□□□_□p□□0□□p8□@l□□□□□d□□□□□□□□□□□□□□□□□□□0□□□□□p□□p5□p□□ □□□□□□|□□!□@□□0□□P□□□R□□|□□'□□□□pU□`□□□□□ □□0□□`h□□T□0□□□□□□□□□<□□□□pd□□□□□□□0□□0>□@□□□m□0&□□W□□=□PX□`□□□□□□m□07□@*□P□□□□□□□□□m□□@□□2□□□□□□□□□□0>□□z□@:□P□□□z□PH□□□□□7□□□□@□□□o□□□□□□□□D□□'□□K□□S□□8□□□□`□□`□□□□□□V□0□□□□□□□□□□□@□□□K□□□□`□□□□□`k□`□□0□□□□□□□□□q□p*□P□□□□□ □□□(□□□□□□□ [... 8334 intervening characters ...] `□□□□□□1□PG□□R□□`□ □□□x□p□□□'□□E□p*□`□□@□□0□□□□□□m□□~□□[□□|□□□□□□□Pf□□m□□□□□□□□□□`□□`□□□1□`,□□G□□□□`□□`,□□!□0□□`□□□□□ [□P_□0□□□□□□□□□□□□□□□w□□x□`□□ □□@□□0v□□□□@z□□□□□t□PM□□□□□□□□□□□□□□□□□□□□#□
Processes Created
  • c:\windows\system32\rundll32.exe

Example 2

File Information

Size
440K
SHA-1
120c95cab26ddf164abaf76e15be3fe72a8e7c9a
MD5
a609f60546dfeadcfd63c25077cfd1a8
CRC-32
96213923
File type
application/x-ms-dos-executable
First seen
2012-12-09

download Try Sophos products for free
Download now