Troj/Ramnit-CX

Category: Viruses and Spyware Protection available since:07 Apr 2013 06:12:00 (GMT)
Type: Trojan Last Updated:07 Apr 2013 06:12:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Ramnit-CX exhibits the following characteristics:

File Information

Size
97K
SHA-1
630ebe6fa1bd6f213dc57a4c5a332dd69c9b6a9f
MD5
8ac77b94f46617027b2b5b7c86cfd3e0
CRC-32
b11bb107
File type
Windows executable
First seen
2013-04-06

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\kujleaog.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\tvbjuwht.log
    Size
    28
    SHA-1
    68052877f205a187dc1e6c8a907138b727918cfc
    MD5
    ce1027873f419666cc2e5c71379dc4db
    CRC-32
    6c074a60
    File type
    Unspecified binary - probably data
    First seen
    2013-04-06
  • C:\Documents and Settings\All Users\Application Data\hwjhsolu.log
    Size
    64
    SHA-1
    edd17e4d15e5779efe27c04c2bdf3077d335d0a3
    MD5
    de2c5b6c50f5e05dff644959ff5b097c
    CRC-32
    717350f2
    File type
    Base64 encoded
    First seen
    2012-06-01
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    UacDisableNotify
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SpoQcxma
    c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service
    DeleteFlag
    0x00000001
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,,c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallOverride
    0x00000001
Processes Created
  • c:\docume~1\support\locals~1\temp\kujleaog.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • advjpbbhiwoccqa.com
  • agnhmtkxxko.com
  • aikiecaopi.com
  • ajqwbyetyjkj.com
  • aoiibtouhnv.com
  • aqmuiaddsxklxe.com
  • avmvnhsasuslrxswsyp.com
  • axigleyldgeq.com
  • axobrxdyeyn.com
  • axswdqnjgrnryt.com
  • bjetagymxvdhgfqit.com
  • bovexbjn.com
  • bqmnspbphsg.com
  • byifjajwmkl.com
  • cafmlrotpxh.com
  • cmbocnufjwedynauvf.com
  • cnlbabnssw.com
  • cqrpvccjaqpvfiosqek.com
  • crhgaxsejh.com
  • cwfktodbrv.com
  • cxwqxhxbujjcrxs.com
  • dadohbnoiu.com
  • dcgwwcnvnaalcrviddw.com
  • dfcpywecgpxdafddnx.com
  • dhlpcscshdrvpcpp.com
  • dthjrnnicjkdetclt.com
  • dthsjnnah.com
  • eaqanswyomvtkksj.com
  • eduqsjyun.com
  • eewbwvjommryy.com
  • ervlnaswjoaljqn.com
  • euspqcxqqyg.com
  • euudrkwclwmaqchisn.com
  • exggxwbvrb.com
  • eyfsdqtidnsfoqvl.com
  • ffixkfwdkpvknrckkog.com
  • fhlfkhytwhsr.com
  • filcrwfxwtdmn.com
  • fjrmpsghky.com
  • flbgrwxtbhv.com
  • fqenmlycbvcrw.com
  • fqqlcsfvxeqvhwurneo.com
  • fugwardol.com
  • fuycfraut.com
  • fvegevujmtnnk.com
  • gdohpxeqhmsp.com
  • ghwdrtxplacpt.com
  • gimmgckpl.com
  • gmanknqqplaklr.com
  • gobfuafamwpp.com
  • google.com
  • gtojwtnv.com
  • gukmqbclj.com
  • gveejaqxpyrb.com
  • gvmxpwrivm.com
  • hghipyrq.com
  • hhxecdlsbelfwlxywl.com
  • hiifwfamuwhhb.com
  • hmgutkmjfnccuratlh.com
  • hrofeoetf.com
  • hxlsxpmmtdqqvo.com
  • hyvhgsfjrxm.com
  • ibudkotvubjmwdp.com
  • ifuxxcqfvmueks.com
  • ijxahlsdiw.com
  • ikaslhxnntips.com
  • imojpwikfcdp.com
  • inxsymblbqalsalowfq.com
  • iplhvgnqcnbyhwxsdn.com
  • iyvtavwycqvlnrun.com
  • jdvtivimckmliwg.com
  • jewjkxjagfudj.com
  • jhchibrcyo.com
  • jifomwhvmxj.com
  • jkptcrsnliqcplhhb.com
  • jlxxsxpdiatjebvatqs.com
  • jmvymnksibdgmd.com
  • jpdvnajhhv.com
  • jpxxebircyyjhxgfe.com
  • jqafpkahjy.com
  • jqiaedrhettmbknif.com
  • jrxradmjkjdivjco.com
  • jyxqsfskeyr.com
  • kgajnefinlkn.com
  • kgqprnvopwjtoima.com
  • kijwoqgwjdhew.com
  • kjhsnywvufccay.com
  • kkiykxbsc.com
  • kmbnvnhxqkpop.com
  • kwnpeybys.com
  • kxduhbaqhnoxhew.com
  • lbantkjo.com
  • lbcffsokirnhlif.com
  • ldevtwblghjgajw.com
  • lgexottqjbd.com
  • lgnolyowelloqvoapja.com
  • lhpvdndlqexik.com
  • ljsfpgxdwkng.com
  • lmifmeowe.com
  • lmshsifkguc.com
  • lpgfaijjdvpkyncdrl.com
  • lrbqcxlxdyryuify.com
  • mfvgedcelh.com
  • mgmihqybl.com
  • mgnodqfisg.com
  • mlcymdthipoh.com
  • mwcbtjqskbl.com
  • myvqujcl.com
  • nbfplqkemrpedccrcyp.com
  • nentdfyokt.com
  • ngmtinmsgwx.com
  • nhedwmmg.com
  • niabhbpyig.com
  • njldhchogvyhjoy.com
  • nomjbffrclygo.com
  • nparibnvo.com
  • nqbvanrafsi.com
  • ntumvowecupvyu.com
  • nuhqtdvrwwk.com
  • nxktgmijiweu.com
  • ocnmsgvgn.com
  • oefertnpiw.com
  • oeppqinhskhbiy.com
  • opncxvfc.com
  • oppfwtygeahskm.com
  • oyrpekdshy.com
  • parvdvvipc.com
  • pcrtbwmrnotxtpnf.com
  • pigysyahadq.com
  • pmyadxuvmfmcajv.com
  • pogatjbrdndnlm.com
  • ppmeeywimaeibyp.com
  • psdfvjew.com
  • pytfdffpqmaymkho.com
  • qcbcfxbfuntohovjf.com
  • qdrsuxycnhbucojk.com
  • qjyxfqehlkrkmdbe.com
  • qlweutyvdlqth.com
  • qnodrvocb.com
  • qsmjjnpxs.com
  • qwgkbbnilkuliegjpyv.com
  • ramilhgme.com
  • rgdrgejio.com
  • rhuhjcyaaknox.com
  • rkjtwjwmesvwhpc.com
  • roiornfvclppad.com
  • ronlbmed.com
  • rpbqkufmcvvkhrgp.com
  • rqirwappmlbg.com
  • rrybjrmyfdrlks.com
  • rwddwwskwvtnfcx.com
  • rwtxpiehuiiucxkfckw.com
  • rxkrvqsnlgobkn.com
  • rxqptadfied.com
  • sdcepuelyqary.com
  • skikrapnsqe.com
  • slkxbdfnacvbyj.com
  • slvkqlmyrwh.com
  • sqhofbxqksckbfrs.com
  • suvucdluweptmhlxyhq.com
  • svtiseop.com
  • sxjdijvatcldovjljo.com
  • tbleofsef.com
  • tgrkqpausony.com
  • thiplpwllqexrctjby.com
  • torolvfw.com
  • trqaolysgaw.com
  • tuwgghifpyrc.com
  • txnhnwwxfam.com
  • ubdrwmcxmsgtxtx.com
  • uejgdopjiyxnnvws.com
  • uitctlnfgvexm.com
  • ulijexamcnlo.com
  • ulqwsfcxfe.com
  • unhcyfuglpsrmnh.com
  • uonowgioxcrla.com
  • uublwuyhygyetfyk.com
  • vjckfodjtbobafxmc.com
  • vsskvvgn.com
  • vsynhfxghhmpcc.com
  • vuxrkjrewjwl.com
  • wdasxkprruclcbxev.com
  • winikuevntsw.com
  • wmwluhjmchdlylshccm.com
  • wmxipgffbjsj.com
  • wpimtxbybqcqmyqbl.com
  • wrffvnjkdhvlw.com
  • wxsssfvmqi.com
  • xagqmdnhphspw.com
  • xffrllsxdeualrdfs.com
  • xlhiwperrtyv.com
  • xojuqslt.com
  • xygkltvhkvbje.com
  • ylmbqgaeya.com
  • ynjsipgopbbplsi.com
  • yssdpxfgsybxkf.com
  • yswkdrulyic.com
  • ywfdrgsgdcotai.com
  • ywyjnfyyvempl.com
  • ywyqjdqktqxsxkt.com
  • yycwkoxpn.com

download Try Sophos products for free
Download now