Troj/Pushdo-BE

Category: Viruses and Spyware Protection available since:25 Sep 2013 19:56:07 (GMT)
Type: Trojan Last Updated:25 Sep 2013 19:56:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Pushdo-BE include:

Example 1

File Information

Size
62K
SHA-1
22e0e8de0666660163e5a31fdf4f40cbf9764ef2
MD5
e5a65f78280cce4b63e94a1b0e3acbf3
CRC-32
802c1370
File type
Windows executable
First seen
2013-09-25

Other vendor detection

Avira
TR/Crypt.ZPACK.Gen

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\vifturnaskel.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    vifturnaskel
    c:\Documents and Settings\test user\vifturnaskel.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion
    vifturnaskelzap
    h□□□□□P□□□□□□h□0r□□|□p□□
HTTP Requests
  • http://www.business-edge.com/index.asp
DNS Requests
  • acicinvestor.ca
  • aciuba.com.br
  • acmepacificrepairs.com
  • acsmedioambiente.com
  • al-mawared.com
  • altonhousehotel.com
  • areafor.com
  • arquiteturadigital.com
  • asterisk.com.sg
  • audio-direkt.net
  • beechwoodmetalworks.com
  • berkshirebusiness.org
  • bethisraelcenter.org
  • bocr.cz
  • bredainternet.nl
  • brijindia.com
  • business-edge.com
  • cgc-england.com
  • childscope.com
  • chocolatecovers.com
  • choice-select.com
  • christybarry.com
  • chscreative.com
  • churchclothes.com
  • d4drmedia.com
  • dithd.com
  • dormfantasies.com
  • e-kagami.com
  • easygen.com
  • egao.net
  • eleterno.com
  • enzoyrodrigo.com.br
  • fabianonline.de
  • fastarchofamerica.com
  • fruitspot.co.za
  • fujino-lab.com
  • glmghotels.com
  • goodvaluecenter.com
  • hinnenwiese.de
  • ibcd.com.br
  • impex.com.pl
  • jeansmate.co.jp
  • kagu-hokuren.com
  • kamaruka.vic.edu.au
  • koetterfireprotection.com
  • kurecci.or.jp
  • kvadratoff.ru
  • leadershipforum.us
  • link-list-uk.com
  • lockerlookz.com
  • lognetic.com
  • mail57.us2.mcsv.net
  • marcusgrimes.co.uk
  • mastechn.com
  • mattiussiecologia.com
  • meubles-jacquelin.com
  • midwestga.com
  • mojacar-vacaciones.com
  • neurotoxininstitute.com
  • nuritech.com
  • ompgp.co.jp
  • optiver.com.au
  • padstow.com
  • penavision.co.in
  • perc.ca
  • pixemia.com
  • precisionsolutionsky.com
  • re-wakefield.co.uk
  • rea-soft.ru
  • rovoneli.com
  • ryumachi-jp.com
  • s2s.fr
  • sarpy.com
  • screaminpeach.com
  • sdlp.ie
  • sgprinting.ca
  • shbrazil.com
  • sigmametalsinc.com
  • smtp.live.com
  • steelpennygames.com
  • sun-ele.co.jp
  • taykon.com
  • teasing-video.com
  • theautospas.com
  • thesergery.com
  • timeturkey.com
  • toddpipe.com
  • topex.ro
  • trenpalau.com
  • unslp.edu.bo
  • urantiaproject.com
  • urayasu.net
  • vanguardpkg.com
  • westhillsstl.org
  • wlf.louisiana.gov
  • woodlandhillwinery.com
  • www.business-edge.com
  • xuanxiao.com
  • yamamoto-sr.com
  • youjoomla.com

Example 2

File Information

Size
62K
SHA-1
3de75c6145b886e198fa508656db78d359a31141
MD5
d4db39a5e099060b2dd215813387fe3d
CRC-32
b66f08c0
File type
Windows executable
First seen
2013-09-25

Other vendor detection

Avira
TR/Crypt.ZPACK.Gen

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\gubrumumunod.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    gubrumumunod
    c:\Documents and Settings\test user\gubrumumunod.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion
    gubrumumunodzap
    □□□0□□□□□□□□PD□□N□□X□0b□
DNS Requests
  • acicinvestor.ca
  • acsmedioambiente.com
  • actfactory.net
  • adultlivechat.us
  • aethora.com
  • al-mawared.com
  • alternative-aquitaine.co.uk
  • ans-service.com
  • asterisk.com.sg
  • atr-technologies.com
  • audio-direkt.net
  • austriansurfing.at
  • avant-ime.com
  • berkshirebusiness.org
  • biurimex.pl
  • bocr.cz
  • bredainternet.nl
  • brookfarm.com.au
  • business-edge.com
  • c21edu.com
  • capitalcitytuxedo.com
  • cath4choice.org
  • celebikalip.com.tr
  • christybarry.com
  • churchclothes.com
  • churchsupplies.net
  • csmbc.org
  • ctr4process.org
  • denville.ca
  • dithd.com
  • e-storming.com
  • egao.net
  • etcycles.com
  • fabianonline.de
  • fastarchofamerica.com
  • fleshercorp.com
  • frederickallergy.com
  • freepatentauction.com
  • fruitspot.co.za
  • gablemarine.com
  • geodecisions.com
  • golfpark-moossee.ch
  • graintrain.coop
  • hifuken.com
  • hinnenwiese.de
  • icigrain.com
  • iktus.fr
  • isle-karnataka.org
  • isp-h.com
  • jeangatz.com
  • jeansmate.co.jp
  • kagu-hokuren.com
  • kamaruka.vic.edu.au
  • kvadratoff.ru
  • le-mariage.com
  • lognetic.com
  • meubles-jacquelin.com
  • minatech.net
  • nanfangcw.com
  • nazcapictures.com
  • nd-evenementiel.com
  • neurotoxininstitute.com
  • nichedictionary.com
  • optiver.com.au
  • paintball.be
  • paulrenna.com
  • perc.ca
  • photoclubs.com
  • plus.ba
  • rewardhits.com
  • rovoneli.com
  • ryumachi-jp.com
  • safetyconnection.ca
  • sarpy.com
  • servico-ind.com
  • shakeyspizza.ph
  • shs-sales.co.uk
  • skaner.com.pl
  • slcago.org
  • smtp.live.com
  • solutioncorp.com
  • starmedia.ca
  • stepnet.de
  • stormwildlifeart.com
  • szostka.com
  • teasing-video.com
  • thedonaldsongroup.com
  • theprintinghouseltd.co.uk
  • tollefsondesign.com
  • totalearthcare.com.au
  • trinity-works.com
  • ulcndsu.org
  • violadagamba.com
  • wildrosemarketing.com
  • wkhk.net
  • wsipowerontheweb.com
  • xuanxiao.com
  • youjoomla.com
  • zeronet.co.jp

download Try Sophos products for free
Download now