Troj/PDFJs-AAS

Category: Viruses and Spyware Protection available since:26 Sep 2012 14:42:30 (GMT)
Type: Trojan Last Updated:10 Apr 2013 12:08:01 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/PDFJs-AAS include:

Example 1

File Information

Size
15K
SHA-1
15394831d623a7c61dc03446404a7ddbfa72aa0e
MD5
9a6ade2d6f5969795df9d3c53a1b5ecc
CRC-32
69d9ed1b
File type
Adobe Portable Document Format (PDF)
First seen
2012-11-15

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrCF04.tmp
    Size
    358
    SHA-1
    4a197ef744e6df801b6a3d4b3b602a8f3f1b1762
    MD5
    fb505a55eaa03789345a424b5a97d534
    CRC-32
    619fd875
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2012-11-15
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
HTTP Requests
  • http://www.unigis.uni-osnabrueck.de/plugins/content/jwsig.exe
DNS Requests
  • www.unigis.uni-osnabrueck.de

Example 2

File Information

Size
15K
SHA-1
5c827dce02369fc5ba8a97d2233e79129f27c364
MD5
379a80694f252b82e6e5b49dbda44512
CRC-32
3914650c
File type
Adobe Portable Document Format (PDF)
First seen
2012-09-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrAF28.tmp
    Size
    358
    SHA-1
    ac183e341ae1195828e38306e60b84bd9e365db4
    MD5
    2083c314fd9f35077a2829c7223c9a28
    CRC-32
    4fd95992
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2012-09-26
  • c:\Documents and Settings\test user\Local Settings\Temp\wpbt1.dll
    Size
    192K
    SHA-1
    b66554096d5931707cf7ef3553dfffbcb467622a
    MD5
    5a3d99150bd9a4702a507d1ce6b1ef68
    CRC-32
    fbed6e17
    File type
    Windows executable
    First seen
    2012-09-26
Registry Keys Created
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe
    Debugger
    defi.exe
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□_□□□□P□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□_□□□□P□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\5C9ED9D1
    1819
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
Registry Keys Modified
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 20 5f 6b c5 d5 9b cd 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 20 5f 6b c5 d5 9b cd 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
Processes Created
  • c:\docume~1\support\locals~1\temp\wpbt0.dll
  • c:\docume~1\support\locals~1\temp\wpbt1.dll
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://google.com/
  • http://sgdoe.de/includes/classes/subcats.exe
  • http://vivro.de/plugins/simplepie/simplepie.exe
DNS Requests
  • google.com
  • sgdoe.de
  • taskwire.net
  • vivro.de

Example 3

File Information

Size
13K
SHA-1
bbbcca8c960b007bc581d373789e0b5ee6d9776f
MD5
82dc01f6102cead5026fb2e351e7700e
CRC-32
0ce99755
File type
Adobe Portable Document Format (PDF)
First seen
2012-10-22

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrE153.tmp
    Size
    358
    SHA-1
    e905763107b721fe0e6ef650096273e48bd96f6c
    MD5
    03c6ef8233f08badac99ef274557aade
    CRC-32
    78bfa0a5
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2012-10-22
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
HTTP Requests
  • http://kg-raumland.de/foerder/raumland/bild/trophy/31.exe
  • http://www.synitech.de/media/system/image.exe
DNS Requests
  • kg-raumland.de
  • www.synitech.de

download Try Sophos products for free
Download now