Troj/Nitol-N

Category: Viruses and Spyware Protection available since:26 Jun 2013 01:55:06 (GMT)
Type: Trojan Last Updated:26 Jun 2013 01:55:06 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Nitol-N exhibits the following characteristics:

File Information

Size
47K
SHA-1
ef8958a98a43652efc9a6b3ff3a2f9565867ba46
MD5
99063801d8185450658859547a533e79
CRC-32
8408eaac
File type
Windows executable
First seen
2010-09-03

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\lpk.dll
  • C:\WINDOWS\system32\hra33.dll
  • C:\bin\lpk.dll
  • C:\gnu\bin\lpk.dll
  • C:\gnu\lib\gettext\lpk.dll
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\SOFTWARE.LOG
    Size
    39K
    SHA-1
    150b13a46135dee329d480987271df4edcfdcfca
    MD5
    8f98eb277e1dcb4b8941982c2512dfb7
    CRC-32
    7efa49ca
    File type
    Windows executable
    First seen
    2010-09-01
  • C:\WINDOWS\system32\rebfec.exe
    Size
    39K
    SHA-1
    150b13a46135dee329d480987271df4edcfdcfca
    MD5
    8f98eb277e1dcb4b8941982c2512dfb7
    CRC-32
    7efa49ca
    File type
    Windows executable
    First seen
    2010-09-01
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Distribuoeq\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Distribuoeq
    ImagePath
    C:\WINDOWS\system32\rebfec.exe
Processes Created
  • c:\windows\system32\rebfec.exe
DNS Requests
  • dingtao333.3322.org

download Try Sophos products for free
Download now