Troj/Poison-CO

Category: Viruses and Spyware Protection available since:07 Apr 2011 04:50:21 (GMT)
Type: Trojan Last Updated:07 Apr 2011 04:50:21 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Poison-CO include:

Example 1

File Information

Size
1.1M
SHA-1
015dc82f6c831dd9b4e607a7bc1b028a2f5e5d5f
MD5
00241719062b2313297372db26fd88e3
CRC-32
13b1dc59
File type
application/x-ms-dos-executable
First seen
2011-03-28

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\windowse.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\5F112C60
    Size
    14
    SHA-1
    73d3a3078df2feea32c01b4a6e496a19ba5e0407
    MD5
    d0df3143ce62f3dc3054d603e92f70fb
    CRC-32
    4505676e
    File type
    application/octet-stream
    First seen
    2011-04-07
  • C:\WINDOWS\wine.reg
    Size
    145
    SHA-1
    2e31b4798c3a527d64726d5c5a417c1960b17fac
    MD5
    aa3b4dfedc2965e77c7c44c56593805e
    CRC-32
    e5293d69
    File type
    application/octet-stream
    First seen
    2011-01-07
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windowse
    C:\WINDOWS\windowse.exe
Processes Created
  • c:\windows\regedit.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.aktuelforum.com/fixask/kontrol.php
  • http://www.facebookvids.com/s.php
DNS Requests
  • www.aktuelforum.com
  • www.facebookvids.com

Example 2

File Information

Size
3.6M
SHA-1
0240953f5bea7c161f7d88354b1d158b0721ad95
MD5
36a4ca93855f9d6cf3215ed2311f6476
CRC-32
93476a26
File type
application/x-ms-dos-executable
First seen
2011-03-27

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\svchost.exe
Dropped Files
  • C:\WINDOWS\TeamRat - PC.txt
    Size
    30
    SHA-1
    76ebf56436d43c380a7b2a9d55204dc1c14dd273
    MD5
    afaa5da96addf00ee6f4677eb9a5db5b
    CRC-32
    309bb746
    File type
    application/octet-stream
    First seen
    2011-04-07
  • C:\WINDOWS\csrss.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\5F112C60
    Size
    14
    SHA-1
    73d3a3078df2feea32c01b4a6e496a19ba5e0407
    MD5
    d0df3143ce62f3dc3054d603e92f70fb
    CRC-32
    4505676e
    File type
    application/octet-stream
    First seen
    2011-04-07
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    svchost
    C:\WINDOWS\svchost.exe
DNS Requests
  • beanh.hop.ru

Example 3

File Information

Size
1.2M
SHA-1
09907f456a8b203bd8b5d5b71e021da89eb1a015
MD5
78166511f364a6803a84d52bc1549842
CRC-32
d0e30ec0
File type
application/x-ms-dos-executable
First seen
2011-03-28

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\krnl386.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\5F112C60
    Size
    14
    SHA-1
    73d3a3078df2feea32c01b4a6e496a19ba5e0407
    MD5
    d0df3143ce62f3dc3054d603e92f70fb
    CRC-32
    4505676e
    File type
    application/octet-stream
    First seen
    2011-04-07
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    krnl386
    C:\WINDOWS\krnl386.exe
Processes Created
  • c:\windows\system32\attrib.exe
HTTP Requests
  • http://ac.tynt.com/
  • http://cdn.tynt.com/tc.js
  • http://ic.tynt.com/b/p
  • http://whos.amung.us/pingjs/
  • http://widgets.amung.us/classic.js
  • http://widgets.amung.us/widtemplates/classicoutline.gif
  • http://www.otelium.com/doluluk.php
DNS Requests
  • ac.tynt.com
  • cdn.tynt.com
  • ic.tynt.com
  • whos.amung.us
  • widgets.amung.us
  • www.otelium.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information