Troj/Plugx-X

Category: Viruses and Spyware Protection available since:03 Dec 2013 13:54:11 (GMT)
Type: Trojan Last Updated:11 Apr 2014 21:25:11 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Plugx-X include:

Example 1

File Information

Size
109K
SHA-1
17d74931c91547f6db18864a478dd36d08da1abd
MD5
78818d3de2d39c93f5fc0832a3ab70da
CRC-32
6365e39a
File type
Windows executable
First seen
2013-11-25

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\DRM\RasTls\RasTls.exe
Dropped Files
  • C:\Documents and Settings\All Users\DRM\RasTls\cnexitdxsrgfiig
    Size
    8
    SHA-1
    62ac6893dbf3577d875c2994594ed42ba549f270
    MD5
    81f82434e7825ff305c29a21dc850b9c
    CRC-32
    4e4a2b2b
    File type
    application/octet-stream
    First seen
    2014-04-11
Processes Created
  • c:\documents and settings\all users\drm\rastls\rastls.exe
  • c:\windows\system32\svchost.exe
IP Connections
  • 172.16.255.255:53
DNS Requests
  • msn.catalogipdate.com

Example 2

File Information

Size
109K
SHA-1
75b6ebb44f66c5be9385d8ef1ef07639a90ea3d1
MD5
1a0a85eb12ce68640bbf0576ecedcc58
CRC-32
ed49f0c4
File type
Windows executable
First seen
2013-10-29

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\DRM\XXX\.exe
Dropped Files
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152355.jpg
    Size
    463K
    SHA-1
    c1a2be6442da587889c2540cfe2b20994b7f89d9
    MD5
    5524401d05ee3c88b73f62165300bebb
    CRC-32
    de30aa15
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152415.jpg
    Size
    467K
    SHA-1
    f6a8abbe40307ff051d532b5a8ff25a90dd70225
    MD5
    128dbe72b8bd71986e8e873efc2710f3
    CRC-32
    586ece63
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX\cnexitdxsrgfiig
    Size
    8
    SHA-1
    d1f49e5d511569ec78a59305b89739b188028929
    MD5
    13690d0d51c4b61e68bf91d27b1dc521
    CRC-32
    141c9f6e
    File type
    application/octet-stream
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152425.jpg
    Size
    461K
    SHA-1
    4a9f39007a54ab70326adb0c5181c62803e3320b
    MD5
    109108fe9499b25799e4f26ae86fc2dc
    CRC-32
    ea687d7f
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152350.jpg
    Size
    483K
    SHA-1
    ceb59177d39bb411050ec63f28ad44aabf1ff900
    MD5
    a746ddba0f52fc9496ba80fd0d92c584
    CRC-32
    6d136e95
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152410.jpg
    Size
    489K
    SHA-1
    6bec1d478a2e7f9580748e58eb775e98545b2db9
    MD5
    ae27d95e245442a33ce118a04c3e6dd7
    CRC-32
    6f0d0b4f
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152400.jpg
    Size
    463K
    SHA-1
    a4af1a2b769afe9d26ef588551574d3890a97e0c
    MD5
    0aeb45fd48358788375666b6454caf22
    CRC-32
    ff8e6235
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152435.jpg
    Size
    241K
    SHA-1
    395a474e3a9b30f50f4892acf5027e9ccc076786
    MD5
    b2afda382484548485695cbd71ab18af
    CRC-32
    cd8ba26c
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152420.jpg
    Size
    465K
    SHA-1
    5739593d4aa61127f7236b8b673f2bceae25a684
    MD5
    b4b9fc676303a471301a6e81f506f177
    CRC-32
    1c166d3d
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152405.jpg
    Size
    465K
    SHA-1
    50d201e7686a4df7ea59e56de5a9d5cdcae920e1
    MD5
    43053b81b679160f6d1b2f56fb0691fc
    CRC-32
    d28bfb3d
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152430.jpg
    Size
    465K
    SHA-1
    7e0414c64403aec0247d67528b712d942e92b476
    MD5
    459e9debb5bc29fdcb246555b93259fa
    CRC-32
    ad045eb3
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152345.jpg
    Size
    441K
    SHA-1
    7a726f507942459db5d0b4e0a39866307248231a
    MD5
    b5bc8059b8bd766a97954d62430c8603
    CRC-32
    3d66dcf1
    File type
    image/jpeg
    First seen
    2014-04-11
Processes Created
  • c:\documents and settings\all users\drm\xxx\.exe
  • c:\windows\system32\svchost.exe
IP Connections
  • 172.16.255.255:53

Example 3

File Information

Size
109K
SHA-1
e9e76c160c8758fabdf273bd163cbd0d10db5883
MD5
99eb8cd253890b6d6c2fe187c8bf820b
CRC-32
0f155450
File type
Windows executable
First seen
2007-08-22

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\DRM\XXX\.exe
Dropped Files
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152403.jpg
    Size
    525K
    SHA-1
    5f6d89bf0e1c476055bf7e7e51058caccfc244de
    MD5
    ff33a7136a7016612b1827f48f8552a3
    CRC-32
    aec8bbf7
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152353.jpg
    Size
    544K
    SHA-1
    b5c6bab1e3c47ac884b0d145e4920503c4e0f730
    MD5
    cd024259580aebe2c44103d686758f77
    CRC-32
    5bccca43
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152423.jpg
    Size
    526K
    SHA-1
    23d5f957cb7bcb51c36456b3fe992f274ba1a4e0
    MD5
    07815d31aba6c4620b5c583205d505b8
    CRC-32
    35177939
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152413.jpg
    Size
    550K
    SHA-1
    c1789f8ed6aaded46453da71a835bb86982ba05a
    MD5
    d0fe6f9a513b0d5224895f5f47edc252
    CRC-32
    b5a36aa1
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152408.jpg
    Size
    523K
    SHA-1
    bff8937f428dcda3882ca12c1ccebd5fa1df472e
    MD5
    fceee42b5d075cc9aea716be2e2dbf14
    CRC-32
    89a5c20b
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152348.jpg
    Size
    502K
    SHA-1
    56c475dd51e7990a20fd127573351cbf62cc3df3
    MD5
    48b254df81a0db965a084a87e325895d
    CRC-32
    2234b75b
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152438.jpg
    Size
    713K
    SHA-1
    a37f0c9799effb484956863a8e4b13bda0c45465
    MD5
    f227487d3cc32a681535f232983bc25f
    CRC-32
    78475fc3
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152428.jpg
    Size
    522K
    SHA-1
    93d6b7ae149c603745167eb4b359ec58920dbc0e
    MD5
    498542146e44c6a01f20092b506bc7f4
    CRC-32
    2d888981
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152418.jpg
    Size
    528K
    SHA-1
    a700c51772c2148252b9d9ceb319fc439effd9cb
    MD5
    38b8f49fa302c6994a83764ea88a0ec2
    CRC-32
    02bf8438
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX\cnexitdxsrgfiig
    Size
    8
    SHA-1
    b10ca04d5c5fa6e3044affe0a76b7266b49fdbc8
    MD5
    d1e964d68fcad608914f7ece96a4259f
    CRC-32
    edcbcb64
    File type
    application/octet-stream
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152433.jpg
    Size
    526K
    SHA-1
    a2aeebdeef804a44ffa0066b2cae021f80d97dfc
    MD5
    edbe353b010b07fe3cff39e3ade13250
    CRC-32
    a2a91ac3
    File type
    image/jpeg
    First seen
    2014-04-11
  • C:\Documents and Settings\All Users\DRM\XXX-SCREEN\support\20140411152358.jpg
    Size
    524K
    SHA-1
    a9c48f506e1fc19be43b9eadff96ff3610ee5209
    MD5
    ce9839df47b6f0fbde1e0d43537c126b
    CRC-32
    a40ac906
    File type
    image/jpeg
    First seen
    2014-04-11
Processes Created
  • c:\documents and settings\all users\drm\xxx\.exe
  • c:\windows\system32\svchost.exe
IP Connections
  • 172.16.255.255:53

download Try Sophos products for free
Download now