Troj/Pirminay-D

Category: Viruses and Spyware Protection available since:11 Dec 2012 14:51:54 (GMT)
Type: Trojan Last Updated:11 Dec 2012 14:51:54 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Pirminay-D exhibits the following characteristics:

File Information

Size
569K
SHA-1
c6652f68aed1db399677dab48e1b58027205a631
MD5
449db9ec7b92efe8b3f04e37aa8327b0
CRC-32
a9f0aa94
File type
Windows executable
First seen
2012-12-11

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~unins5869.bat
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    6
    g□□0□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Dnldc
    C:\WINDOWS\system32\scriptpwv.exe
  • HKLM\SOFTWARE\zpppmcegc
    GY
    39 3d e9 6a cc e9 e0 95 0f ce 8b b7 88 48 51 09 37 1f c4 cf 17 53 46 4b 4c d7 bd 08 0d 3d 5f ad 1c 96 40 20 ae 55 bd b8 91 d5 1b fc a0 bc 31 38 7b 73 e7 50 91 e3 f4 33 1a c5 74 9c d1 52 77 07 98 51 91 97 b8 1a bb a5 b6 f3 86 c5 ff 7e 0c 48 c9 3d d7 fa 2f e2 76 40 ab 07 7e f9 32 cd 72 da 97 f2 f2 0a ef 3a ca be 43 1c 66 14 4f af 0c 82 48 52 e1 d5 7d ac 8e fe 3a b5 2c 49 3e 79 6b 8a f6 87 59 e2 c7 e7 d8 10 ca 68 4d d4 fd 5f 2f 6e ee 47 b8 72 e3 72 a7 23 a6 88 ec fd 6a 41 6d 4d 96 4a 63 5b fe fb 29 dc 83 b7 90 6d ed 72 e0 5f 1c 2d 25 1d d9 de cf 43 09 d0 bb c4 41 14 3c d7 6e 68 d1 10 13 09 5d ff e7 9e 5c 7f 9f 06 02 6f a0 e0 02 9d cf d9 52 84 83 7b 65 14 e7 91 54 ae 99 ba 89 21 c8 39 c3 23 ec 4f 76 58 04 94 47 bb 8c 08 a1 f7 be 3e 8b 55 d8 24 31 65 f8 fd bd 73 [... 149568 intervening characters ...] 35 f2 72 7a f6 3e 0b 01 64 7b 25 94 bb 3c 24 9e 44 91 28 44 31 f2 66 57 a7 78 bd bd b1 78 6c 92 5c 22 d8 4c 87 3a 43 d7 a9 e2 a6 5f a7 8a e7 4d 0e f3 ab de 5f 7f 69 56 0d f2 b9 bf 78 73 36 d3
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    6
    g□□0□□□
  • HKCU\Software\zpppmcegc
    GY
    39 3d e9 6a cc e9 e0 95 0f ce 8b b7 88 48 51 09 37 1f c4 cf 17 53 46 4b 4c d7 bd 08 0d 3d 5f ad 1c 96 40 20 ae 55 bd b8 91 d5 1b fc a0 bc 31 38 7b 73 e7 50 91 e3 f4 33 1a c5 74 9c d1 52 77 07 98 51 91 97 b8 1a bb a5 b6 f3 86 c5 ff 7e 0c 48 c9 3d d7 fa 2f e2 76 40 ab 07 7e f9 32 cd 72 da 97 f2 f2 0a ef 3a ca be 43 1c 66 14 4f af 0c 82 48 52 e1 d5 7d ac 8e fe 3a b5 2c 49 3e 79 6b 8a f6 87 59 e2 c7 e7 d8 10 ca 68 4d d4 fd 5f 2f 6e ee 47 b8 72 e3 72 a7 23 a6 88 ec fd 6a 41 6d 4d 96 4a 63 5b fe fb 29 dc 83 b7 90 6d ed 72 e0 5f 1c 2d 25 1d d9 de cf 43 09 d0 bb c4 41 14 3c d7 6e 68 d1 10 13 09 5d ff e7 9e 5c 7f 9f 06 02 6f a0 e0 02 9d cf d9 52 84 83 7b 65 14 e7 91 54 ae 99 ba 89 21 c8 39 c3 23 ec 4f 76 58 04 94 47 bb 8c 08 a1 f7 be 3e 8b 55 d8 24 31 65 f8 fd bd 73 [... 149568 intervening characters ...] 35 f2 72 7a f6 3e 0b 01 64 7b 25 94 bb 3c 24 9e 44 91 28 44 31 f2 66 57 a7 78 bd bd b1 78 6c 92 5c 22 d8 4c 87 3a 43 d7 a9 e2 a6 5f a7 8a e7 4d 0e f3 ab de 5f 7f 69 56 0d f2 b9 bf 78 73 36 d3
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\scriptpwv.exe
HTTP Requests
  • http://180.123.136.203/adj/Category.aspx
IP Connections
  • 180.123.136.203:80
DNS Requests
  • intohave.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information