Troj/NaalBot-A

Category: Viruses and Spyware Protection available since:23 Apr 2013 02:02:16 (GMT)
Type: Trojan Last Updated:23 Apr 2013 02:02:16 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/NaalBot-A include:

Example 1

File Information

Size
181K
SHA-1
1556387f2504a41f58cac1b1580bb7677a27b6dc
MD5
1658221864a4b1011c19179f40af6b11
CRC-32
a13f0f9e
File type
Windows executable
First seen
2013-04-20

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\iexplorer.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000001
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe

Example 2

File Information

File type
Windows executable

Example 3

File Information

Size
181K
SHA-1
591853a98f6fb300f30b3dfb1218c396a26a1e0b
MD5
e3d0b63771d474177495337cb99ba4b8
CRC-32
7627fffd
File type
Windows executable
First seen
2013-04-04

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system\csrss.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFFF93.tmp
    Size
    16K
    SHA-1
    2bb169b469b5eac2f3defe55e58b2cc186d3b33c
    MD5
    41dbd84290488f148061a73c200285f9
    CRC-32
    2023ecc2
    File type
    Microsoft OLE2 file format
    First seen
    2011-06-06
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Security Center
    UACDisableNotify
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Player
    C:\Windows\system\csrcs.exe
HTTP Requests
  • http://essimpleesclaroteparto.info/h2orlz/bots.php
DNS Requests
  • essimpleesclaroteparto.info

download Try Sophos products for free
Download now