Troj/ProcHL-Z

Category: Viruses and Spyware Protection available since:12 Aug 2014 12:21:24 (GMT)
Type: Trojan Last Updated:12 Aug 2014 12:21:24 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/ProcHL-Z exhibits the following characteristics:

File Information

Size
100K
SHA-1
d97e85093f0e639c5d503424758a5a30e7cd455e
MD5
906f9199f9b6a9b095a4fc1679985a83
CRC-32
8531afa6
File type
Windows executable
First seen
2014-08-12

Runtime Analysis

Modified Files
  • C:\Documents and Settings\NetworkService\Local Settings\History
    • Set the hidden and system flags
  • C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
    • Set the hidden and system flags
Registry Keys Created
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□Z□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□Z□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\NetworkService\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\NetworkService\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
IP Connections
  • 174.142.192.137:8080

download Try Sophos products for free
Download now