Examples of Troj/PcClien-NU include:
Example 1
File Information
- Size
- 557K
- SHA-1
- 0007a8cf45e0e6c1c2b5d687d928ba13aade96c1
- MD5
- 4460e06da50eebade8b8991f59b9acbe
- CRC-32
- 90e6de50
- File type
- Windows executable
- First seen
- 2012-12-05
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\~DF132E.tmp
- Size
- 112K
- SHA-1
- 5d7991384ccc3ef66f50f71082f7207c811fab32
- MD5
- 10290befca0e14c1460af4fe79c48a3f
- CRC-32
- c60c7746
- File type
- Microsoft OLE2 file format
- First seen
- 2012-10-14
- c:\Documents and Settings\test user\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML
- C:\WINDOWS\system32\RvmytjC.dll
- Size
- 61K
- SHA-1
- e8ad36cba984dc33725ecfd87fcbec02e1f0c915
- MD5
- 6177107eb89086ba2660e59a427b61ab
- CRC-32
- f77b4ab7
- File type
- Windows executable
- First seen
- 2012-12-04
Modified Files
- %PROFILE%\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
- Changed the file contents
Registry Keys Created
- HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
- ProxyExclude
- HKCU\Software\Microsoft\Windows Media\WMSDK\General
- VolumeSerialNumber
- 0x601f769f
- HKCU\Software\Microsoft\MediaPlayer\Player\Tasks\NowPlaying
- InitFlags
- 0x00000001
- HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS
- ProxyExclude
- HKLM\SYSTEM\CurrentControlSet\Services\BITS\Enum
- NextInstance
- 0x00000001
- HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP
- ProxyExclude
Registry Keys Modified
- HKLM\SYSTEM\CurrentControlSet\Services\BITS
- Start
- 0x00000002
- HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters
- ServiceDll
- C:\WINDOWS\system32\RvmytjC.dll
Processes Created
- c:\windows\system32\cmd.exe
DNS Requests
Example 2
File Information
- Size
- 557K
- SHA-1
- 001cbda69a16b5ea3dac73ab68782f45150fcc3a
- MD5
- e846cc8e15c504bbedc29e09c6a33d74
- CRC-32
- b774eb8f
- File type
- Windows executable
- First seen
- 2012-12-05
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML
- c:\Documents and Settings\test user\Local Settings\Temp\~DF2453.tmp
- Size
- 112K
- SHA-1
- 5d7991384ccc3ef66f50f71082f7207c811fab32
- MD5
- 10290befca0e14c1460af4fe79c48a3f
- CRC-32
- c60c7746
- File type
- Microsoft OLE2 file format
- First seen
- 2012-10-14
- C:\WINDOWS\system32\RwmvtuC.dll
- Size
- 61K
- SHA-1
- e8ad36cba984dc33725ecfd87fcbec02e1f0c915
- MD5
- 6177107eb89086ba2660e59a427b61ab
- CRC-32
- f77b4ab7
- File type
- Windows executable
- First seen
- 2012-12-04
Modified Files
- %PROFILE%\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
- Changed the file contents
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\BITS\Enum
- NextInstance
- 0x00000001
- HKCU\Software\Microsoft\Windows Media\WMSDK\General
- VolumeSerialNumber
- 0x601f769f
- HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP
- ProxyExclude
- HKCU\Software\Microsoft\MediaPlayer\Player\Tasks\NowPlaying
- InitFlags
- 0x00000001
- HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
- ProxyExclude
- HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS
- ProxyExclude
Registry Keys Modified
- HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters
- ServiceDll
- C:\WINDOWS\system32\RwmvtuC.dll
- HKLM\SYSTEM\CurrentControlSet\Services\BITS
- Start
- 0x00000002
Processes Created
- c:\windows\system32\cmd.exe
DNS Requests
Example 3
File Information
- Size
- 557K
- SHA-1
- 002a1b25c1f2ba88ba6d822b92306b193e764eba
- MD5
- a66bae4580e25eef6432e0ae0fd5111b
- CRC-32
- 40870994
- File type
- Windows executable
- First seen
- 2012-12-05
Runtime Analysis
Dropped Files
- C:\WINDOWS\system32\RnmctpC.dll
- Size
- 61K
- SHA-1
- e8ad36cba984dc33725ecfd87fcbec02e1f0c915
- MD5
- 6177107eb89086ba2660e59a427b61ab
- CRC-32
- f77b4ab7
- File type
- Windows executable
- First seen
- 2012-12-04
- c:\Documents and Settings\test user\Local Settings\Temp\~DF624.tmp
- Size
- 112K
- SHA-1
- 5d7991384ccc3ef66f50f71082f7207c811fab32
- MD5
- 10290befca0e14c1460af4fe79c48a3f
- CRC-32
- c60c7746
- File type
- Microsoft OLE2 file format
- First seen
- 2012-10-14
- c:\Documents and Settings\test user\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML
Modified Files
- %PROFILE%\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
- Changed the file contents
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\BITS\Enum
- NextInstance
- 0x00000001
- HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\RTSP
- ProxyExclude
- HKCU\Software\Microsoft\MediaPlayer\Player\Tasks\NowPlaying
- InitFlags
- 0x00000001
- HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\MMS
- ProxyExclude
- HKCU\Software\Microsoft\Windows Media\WMSDK\General
- VolumeSerialNumber
- 0x601f769f
- HKCU\Software\Microsoft\MediaPlayer\Preferences\ProxySettings\HTTP
- ProxyExclude
Registry Keys Modified
- HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters
- ServiceDll
- C:\WINDOWS\system32\RnmctpC.dll
- HKLM\SYSTEM\CurrentControlSet\Services\BITS
- Start
- 0x00000002
Processes Created
- c:\windows\system32\cmd.exe
DNS Requests