Troj/Palevo-CR exhibits the following characteristics:
File Information
- Size
- 1.2M
- SHA-1
- 516f2a2cb1e065b492585a173a23b53854b97692
- MD5
- afa573036e362f3a46aa692f10304a74
- CRC-32
- 6cdc182d
- File type
- Windows executable
- First seen
- 2012-11-28
Other vendor detection
- Kaspersky
- HEUR:Trojan.Win32.Generic
Runtime Analysis
Copies Itself To
Dropped Files
- C:\Program Files\Sosks\brun.dll
- Size
- 51M
- SHA-1
- 5b7a242c5ad155d543028c010947c52f41991b61
- MD5
- 6617ea98aabc51f7b18692e8cbd4ec80
- CRC-32
- 4a60b669
- File type
- Windows executable
- First seen
- 2012-11-28
- C:\log.txt
- Size
- 72
- SHA-1
- 47647eb1e2d93085485e5050537e35c6e5f91652
- MD5
- c7107edb46949b6848ee24a4722edb33
- CRC-32
- ee09d848
- File type
- Data Log File (generic)
- First seen
- 2012-11-28
- C:\Program Files\Sosks\4399Panel.exe
- Size
- 562K
- SHA-1
- d15493b834f7f467ec3201c09a8f8a90d7647cfe
- MD5
- 555269dc2e04db1a230a247951dd29fe
- CRC-32
- b1e07eb0
- File type
- Windows executable
- First seen
- 2012-02-01
- c:\Documents and Settings\test user\Recent\Sosks.lnk
- c:\Documents and Settings\test user\Recent\109281.jpg.lnk
- Size
- 645
- SHA-1
- c2bc410c8dc1a01f8695544fba96bcb8df1ee8fc
- MD5
- 0f1d3110610fb8d48401df7c751310a2
- CRC-32
- 6798ce67
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-11-28
- c:\Documents and Settings\test user\Start Menu\Programs\Startup\124468.lnk
- Size
- 648
- SHA-1
- 7208a63a2429a8a7d7e3c6eca1f6d662f798d235
- MD5
- f35504756d8b8b496caaf2cbe112fcea
- CRC-32
- 1ab7a19b
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-11-28
- C:\Program Files\Sosks\113421.xml
- Size
- 3.0K
- SHA-1
- 9312278b14fd11c9231ba41efc7c08f332fee886
- MD5
- 22b75ec2341e27f4363249990ac13d21
- CRC-32
- 10d4c9cb
- File type
- Unspecified binary - probably data
- First seen
- 2012-11-28
- C:\Program Files\Sosks\nss3.dll
- Size
- 51M
- SHA-1
- 5b7a242c5ad155d543028c010947c52f41991b61
- MD5
- 6617ea98aabc51f7b18692e8cbd4ec80
- CRC-32
- 4a60b669
- File type
- Windows executable
- First seen
- 2012-11-28
- C:\Program Files\Sosks\109281.jpg
- Size
- 18K
- SHA-1
- e2b86b4dd54d0f29e44406fea196c47eacc50fe1
- MD5
- 52598dd3b246417ae4bde420a90f75e3
- CRC-32
- cc9caa4e
- File type
- PNG (Portable Network Graphics) image format
- First seen
- 2012-11-28
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012112820121129
- CacheRepair
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
- 7
- S□□□□□0□□□□□0□□□□□ □□ □□□□□□□□□□□□□□□□□0o□0k□0.□□n□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□0□□□□□0□□□□□0□□□□□□□□□□□□□□□□□□□□□□□
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- App
- C:\Program Files\Sosks\4399Panel.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
- 3
- S□□□□□0□□□□□0□□□□□ □□ □□□□□□□□□□□□□□□□□0o□0k□0.□□n□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□0□□□□□0□□□□□0□□□□□□□□□□□□□□□□□□□□□□□
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg
- MRUListEx
- □□□□□□□□□□□□
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
- MRUListEx
- 07 00 00 00 06 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
- HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
- MRUListEx
- 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
Processes Created
- c:\windows\system32\rundll32.exe
IP Connections
DNS Requests