Troj/Pushdo-Gen

Category: Viruses and Spyware Protection available since:02 Aug 2007 20:43:04 (GMT)
Type: Trojan Last Updated:17 Jul 2013 16:50:13 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Summary

Troj/Pushdo-Gen is a Trojan.

Detailed analysis

Example behaviors of Troj/Pushdo-Gen follow:

Example 1

Runtime Analysis

Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\Enum
    Count
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\runtime
    ImagePath
    \??\C:\WINDOWS\System32\drivers\runtime.sys
Processes Created
  • c:\program files\internet explorer\iexplore.exe
HTTP Requests
  • http://-/40e8001430303030303030303030303030303030303031306c0000015166000000007600000002
IP Connections
  • 75.125.207.82:80

Example 2

Runtime Analysis

Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\runtime
    ImagePath
    \??\C:\WINDOWS\System32\drivers\runtime.sys
  • HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\Enum
    Count
    0x00000000
Processes Created
  • c:\program files\internet explorer\iexplore.exe
HTTP Requests
  • http://-/40e8001430303030303030303030303030303030303031306c0000003c66000000007600000002
IP Connections
  • 208.66.195.165:80

Example 3

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\drivers\Rbh06.sys
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rbh06.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Services\Rbh06\Security
    Security
    01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\Rbh06
    Group
    SCSI Class
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rbh06.sys
    (Default)
    Driver
Processes Created
  • c:\windows\system32\cmd.exe

download Try Sophos products for free
Download now