Troj/Ramnit-DW

Category: Viruses and Spyware Protection available since:04 Oct 2013 22:04:31 (GMT)
Type: Trojan Last Updated:04 Oct 2013 22:04:31 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Ramnit-DW include:

Example 1

File Information

Size
192K
SHA-1
3d08a70ff2bd8c4c8a1484c6983b2ce0783a06c4
MD5
1dfaed8bea26c2d20a67ffe04190f3eb
CRC-32
663c4784
File type
Windows executable
First seen
2013-08-03

Other vendor detection

Avira
DR/Delphi.Gen

Example 2

File Information

Size
118K
SHA-1
5cc9835e67c10af03dcd7c20f5cdb5b923d8f55c
MD5
494ed261c72af32ecb9ae0f2210071a8
CRC-32
0c4d9919
File type
Windows executable
First seen
2013-04-18

Other vendor detection

Avira
TR/Ransom.Blocker.byhp

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    UacDisableNotify
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SpoQcxma
    c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,,c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallOverride
    0x00000001
Processes Created
  • c:\docume~1\support\locals~1\temp\kujleaog.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • aaofigjtpewjjcxu.com
  • amyyyawmowgdkmvwky.com
  • anlctniyumgaobm.com
  • aqoobqfiek.com
  • arwlvnouqen.com
  • aumvvwsymisdi.com
  • autdnsalmkwcure.com
  • avsmelgvnitlfbp.com
  • bbehgvwngdrw.com
  • bgyybqjkkvygigfa.com
  • bhwtanaalssy.com
  • bkfrypgyhl.com
  • bkksrnlwwqjowkdcd.com
  • boarxvie.com
  • brxewdjvvyst.com
  • bsamfgfrqgwol.com
  • bsnxxxjusidlhb.com
  • btfeltpqjporbsjd.com
  • bujgjpkdmonoheo.com
  • bwssmossronheqybf.com
  • cbxmgghmpkyuub.com
  • ccocfrsdggihuue.com
  • cfrdpbdhs.com
  • cfurumcdbeurv.com
  • cnyckdhkocdbps.com
  • cohqwnfxudn.com
  • cpuphhnsmyjacwqpsi.com
  • ctnqhryasecruqux.com
  • derdpawup.com
  • dffdwmapewrb.com
  • dgdvkuuptldoiis.com
  • dgfjklnqadhsqndf.com
  • djhmwplvppmrjm.com
  • djsllpvn.com
  • dltkwvcpabt.com
  • dqyumiqslaemuixxak.com
  • dtksryyl.com
  • dtpwxphwedfrlcpy.com
  • dxemyhpdelyjvdjlrij.com
  • eawuiywstvpc.com
  • ebhiubabsnpja.com
  • ebolkpdokgjpn.com
  • eihxsgiayptoowavlw.com
  • eilfhjoarqaatxjgv.com
  • ejcfigtgsjv.com
  • enrknkmmosror.com
  • eqjwtdqtsyh.com
  • eqvqqecctnqvurlshao.com
  • evkrpsfpujijytoa.com
  • exiefwmpaed.com
  • fevsvfqjneg.com
  • ffjryhypygps.com
  • fhehhtscqnsserdoan.com
  • fiforremlbd.com
  • fkrgyshmfenygtymhxh.com
  • fnkyvsbhqclyqtdfwl.com
  • fplqgyjmyglqqdly.com
  • fredsxgdbevcdt.com
  • fwdxfjwyyrsq.com
  • gbxmihgybo.com
  • gerbowwunfkxht.com
  • gfgmuuntqjgfjxlao.com
  • gmfjgxfqxxsmaqm.com
  • gmssfugko.com
  • gndavhihbdo.com
  • google.com
  • gsruftijmyinejj.com
  • hfmjnhngo.com
  • hgdkykbkaboh.com
  • hojduunoafxlrj.com
  • howhkddhnlrygqdh.com
  • hpbiyuedv.com
  • hwhircxjokhwxuplfr.com
  • hwjbxbqwgtlkvgu.com
  • iasglynksxtd.com
  • ifjbcecnjwxjjwk.com
  • igoenjooluspcljm.com
  • ilrouimjcrunbatw.com
  • impirojqgxxow.com
  • ivtymaxod.com
  • iwdkogqhwchjkjd.com
  • jgxmmedh.com
  • jhlcqawikxuuqh.com
  • jmjxkbpyafdu.com
  • jpvxosgafxjqvaga.com
  • jshrdldj.com
  • juorvtdewntft.com
  • kpxxppydhnhieswds.com
  • krviprhrymwnkddomby.com
  • ktqcoarhgwrnvqet.com
  • kxknyqvibh.com
  • lhsrajthcwjfswjn.com
  • lqmqegcntbsk.com
  • luyglxdp.com
  • lxsovsrlvufyvndmyy.com
  • lxuwqraxfcapbqtep.com
  • mbrujdgwgoplwxelfyk.com
  • mbrvcftevl.com
  • mbtqwwpqvvtty.com
  • mcycgywvtjxxfwsqbhv.com
  • mkjadokmghlh.com
  • mkycijuxcbljwswkibo.com
  • mmrjevpdwagcg.com
  • mvpclnwqqfngrsa.com
  • mxalvagxogrijm.com
  • nexefwfbmkbvmf.com
  • nhqaysoip.com
  • nkeccmfkqpeogccfx.com
  • nnfsoxqcfrulntvgq.com
  • nohfjatkyvdgprrwjn.com
  • nvilojhhbmy.com
  • nyyanylgruufnycdi.com
  • ocusetndgk.com
  • oeneqxfxvmnnnsnlttt.com
  • ohsfkvxiqvmaldifexr.com
  • oodrgeqkkpbpcd.com
  • oqbefuwe.com
  • otckffhqff.com
  • otpptynobjj.com
  • oxolysctsiusyxxfx.com
  • pcgsmaigc.com
  • pfvwtjuoph.com
  • pkduyobjwceutblvkgs.com
  • pvrhawtmklrvxqfaeb.com
  • pwhxxoveiduwg.com
  • pyqdetknrcinuankpaa.com
  • qfvbufuv.com
  • qhvcsnorqlltplomjsh.com
  • qikrnbyqkfa.com
  • qorqaawbiqdaboo.com
  • qvkwmsftcmpfivpbhma.com
  • reohksihcxhjj.com
  • rgratulheqob.com
  • rioilaxtoushpqkybt.com
  • rkmdrhjmdmaqawpa.com
  • rlmhvyxom.com
  • rqoqommtxeo.com
  • rtwjnclshiml.com
  • ryijybskuhv.com
  • rypcyxdufabqc.com
  • sdvlqybaetkjbaadd.com
  • skejulkdyxygcnox.com
  • sqehguwnwx.com
  • supqjqbos.com
  • sycndpaccqplk.com
  • sykvfmrbjvj.com
  • taptoockemwisnkgxuc.com
  • tfqxualjqmpeai.com
  • tncjqxakojxrqhhjfvi.com
  • tucuqenbvmlpkpump.com
  • ubqnocmdyghqx.com
  • uchukppcjspuoe.com
  • uflbianoumsitbhyax.com
  • uhjwwedv.com
  • ujdfvnjsbistbokq.com
  • ulvkxwgjcfwhsjrf.com
  • undjshhij.com
  • urxggavrdeebueorhhr.com
  • utkmcpia.com
  • uufclokmifrvjyc.com
  • uxhvvkwjptiupnhdafy.com
  • vccpiijuc.com
  • vggauqitefriixwohwm.com
  • viwdhihsgpoljh.com
  • vmbmmmvmtfjtboi.com
  • vpeuucbo.com
  • vrskqvexnj.com
  • vupkimcu.com
  • wdjwnqiualkbapofta.com
  • wgwnwojfpyq.com
  • whrejlvotltifj.com
  • wnbfoidtgxt.com
  • wrvfcayvtkqnijm.com
  • wshhramk.com
  • wtdueuxjycg.com
  • wtnyjmviftbe.com
  • xflfdregnlmvcwbsusn.com
  • xlkejwpy.com
  • xoognpnlet.com
  • xowdnbnddplwap.com
  • xpdfxltitkw.com
  • xpewktptwgpeupcfy.com
  • xsgsrjoubqe.com
  • xtbmkdsxieiyesusc.com
  • xxsryryvyfvirbp.com
  • xynvoyfkiyljsyimbwy.com
  • yddswrdoohvlgcvjrv.com
  • ygcirnvwyuam.com
  • ygdhcosmyii.com
  • ylxuacgpf.com
  • ynmrfgyyjkpgtugtwo.com
  • yolveoubbqsr.com
  • yonahsqvnlvud.com
  • ypnmjuycalfohjcbb.com
  • ypyylsqpl.com
  • ytpytcambvydsa.com
  • yvrktjohnvdb.com
  • ywjiexgdbsvmko.com
  • ywwmwkegf.com
  • yxpalnqdqbinut.com
  • yyskjkwrlh.com

Example 3

File Information

File type
Windows executable

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\kujleaog.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\tvbjuwht.log
  • C:\Documents and Settings\All Users\Application Data\hwjhsolu.log
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    UacDisableNotify
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SpoQcxma
    c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,,c:\Documents and Settings\test user\Local Settings\Application Data\kjwerxdj\spoqcxma.exe
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallOverride
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
Processes Created
  • c:\docume~1\support\locals~1\temp\kujleaog.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • aaofigjtpewjjcxu.com
  • amyyyawmowgdkmvwky.com
  • anlctniyumgaobm.com
  • aqoobqfiek.com
  • arwlvnouqen.com
  • aumvvwsymisdi.com
  • autdnsalmkwcure.com
  • avsmelgvnitlfbp.com
  • bbehgvwngdrw.com
  • bgyybqjkkvygigfa.com
  • bhwtanaalssy.com
  • bkfrypgyhl.com
  • bkksrnlwwqjowkdcd.com
  • boarxvie.com
  • brxewdjvvyst.com
  • bsamfgfrqgwol.com
  • bsnxxxjusidlhb.com
  • btfeltpqjporbsjd.com
  • bujgjpkdmonoheo.com
  • bwssmossronheqybf.com
  • cbxmgghmpkyuub.com
  • ccocfrsdggihuue.com
  • cfrdpbdhs.com
  • cfurumcdbeurv.com
  • cnyckdhkocdbps.com
  • cohqwnfxudn.com
  • cpuphhnsmyjacwqpsi.com
  • ctnqhryasecruqux.com
  • derdpawup.com
  • dffdwmapewrb.com
  • dgdvkuuptldoiis.com
  • dgfjklnqadhsqndf.com
  • djhmwplvppmrjm.com
  • djsllpvn.com
  • dltkwvcpabt.com
  • dqyumiqslaemuixxak.com
  • dtksryyl.com
  • dtpwxphwedfrlcpy.com
  • dxemyhpdelyjvdjlrij.com
  • eawuiywstvpc.com
  • ebhiubabsnpja.com
  • ebolkpdokgjpn.com
  • eihxsgiayptoowavlw.com
  • eilfhjoarqaatxjgv.com
  • ejcfigtgsjv.com
  • enrknkmmosror.com
  • eqjwtdqtsyh.com
  • eqvqqecctnqvurlshao.com
  • evkrpsfpujijytoa.com
  • exiefwmpaed.com
  • fevsvfqjneg.com
  • ffjryhypygps.com
  • fhehhtscqnsserdoan.com
  • fiforremlbd.com
  • fkrgyshmfenygtymhxh.com
  • fnkyvsbhqclyqtdfwl.com
  • fplqgyjmyglqqdly.com
  • fredsxgdbevcdt.com
  • fwdxfjwyyrsq.com
  • gbxmihgybo.com
  • gerbowwunfkxht.com
  • gfgmuuntqjgfjxlao.com
  • gmfjgxfqxxsmaqm.com
  • gmssfugko.com
  • gndavhihbdo.com
  • google.com
  • gsruftijmyinejj.com
  • hfmjnhngo.com
  • hgdkykbkaboh.com
  • hojduunoafxlrj.com
  • howhkddhnlrygqdh.com
  • hpbiyuedv.com
  • hwhircxjokhwxuplfr.com
  • hwjbxbqwgtlkvgu.com
  • iasglynksxtd.com
  • ifjbcecnjwxjjwk.com
  • igoenjooluspcljm.com
  • ilrouimjcrunbatw.com
  • impirojqgxxow.com
  • ivtymaxod.com
  • iwdkogqhwchjkjd.com
  • jgxmmedh.com
  • jhlcqawikxuuqh.com
  • jmjxkbpyafdu.com
  • jpvxosgafxjqvaga.com
  • jshrdldj.com
  • juorvtdewntft.com
  • kpxxppydhnhieswds.com
  • krviprhrymwnkddomby.com
  • ktqcoarhgwrnvqet.com
  • kxknyqvibh.com
  • lhsrajthcwjfswjn.com
  • lqmqegcntbsk.com
  • luyglxdp.com
  • lxsovsrlvufyvndmyy.com
  • lxuwqraxfcapbqtep.com
  • mbrujdgwgoplwxelfyk.com
  • mbrvcftevl.com
  • mbtqwwpqvvtty.com
  • mcycgywvtjxxfwsqbhv.com
  • mkjadokmghlh.com
  • mkycijuxcbljwswkibo.com
  • mmrjevpdwagcg.com
  • mvpclnwqqfngrsa.com
  • mxalvagxogrijm.com
  • nexefwfbmkbvmf.com
  • nhqaysoip.com
  • nkeccmfkqpeogccfx.com
  • nnfsoxqcfrulntvgq.com
  • nohfjatkyvdgprrwjn.com
  • nvilojhhbmy.com
  • nyyanylgruufnycdi.com
  • ocusetndgk.com
  • oeneqxfxvmnnnsnlttt.com
  • ohsfkvxiqvmaldifexr.com
  • oodrgeqkkpbpcd.com
  • oqbefuwe.com
  • otckffhqff.com
  • otpptynobjj.com
  • oxolysctsiusyxxfx.com
  • pcgsmaigc.com
  • pfvwtjuoph.com
  • pkduyobjwceutblvkgs.com
  • pvrhawtmklrvxqfaeb.com
  • pwhxxoveiduwg.com
  • pyqdetknrcinuankpaa.com
  • qfvbufuv.com
  • qhvcsnorqlltplomjsh.com
  • qikrnbyqkfa.com
  • qorqaawbiqdaboo.com
  • qvkwmsftcmpfivpbhma.com
  • reohksihcxhjj.com
  • rgratulheqob.com
  • rioilaxtoushpqkybt.com
  • rkmdrhjmdmaqawpa.com
  • rlmhvyxom.com
  • rqoqommtxeo.com
  • rtwjnclshiml.com
  • ryijybskuhv.com
  • rypcyxdufabqc.com
  • sdvlqybaetkjbaadd.com
  • skejulkdyxygcnox.com
  • sqehguwnwx.com
  • supqjqbos.com
  • sycndpaccqplk.com
  • sykvfmrbjvj.com
  • taptoockemwisnkgxuc.com
  • tfqxualjqmpeai.com
  • tncjqxakojxrqhhjfvi.com
  • tucuqenbvmlpkpump.com
  • ubqnocmdyghqx.com
  • uchukppcjspuoe.com
  • uflbianoumsitbhyax.com
  • uhjwwedv.com
  • ujdfvnjsbistbokq.com
  • ulvkxwgjcfwhsjrf.com
  • undjshhij.com
  • urxggavrdeebueorhhr.com
  • utkmcpia.com
  • uufclokmifrvjyc.com
  • uxhvvkwjptiupnhdafy.com
  • vccpiijuc.com
  • vggauqitefriixwohwm.com
  • viwdhihsgpoljh.com
  • vmbmmmvmtfjtboi.com
  • vpeuucbo.com
  • vrskqvexnj.com
  • vupkimcu.com
  • wdjwnqiualkbapofta.com
  • wgwnwojfpyq.com
  • whrejlvotltifj.com
  • wnbfoidtgxt.com
  • wrvfcayvtkqnijm.com
  • wshhramk.com
  • wtdueuxjycg.com
  • wtnyjmviftbe.com
  • xflfdregnlmvcwbsusn.com
  • xlkejwpy.com
  • xoognpnlet.com
  • xowdnbnddplwap.com
  • xpdfxltitkw.com
  • xpewktptwgpeupcfy.com
  • xsgsrjoubqe.com
  • xtbmkdsxieiyesusc.com
  • xxsryryvyfvirbp.com
  • xynvoyfkiyljsyimbwy.com
  • yddswrdoohvlgcvjrv.com
  • ygcirnvwyuam.com
  • ygdhcosmyii.com
  • ylxuacgpf.com
  • ynmrfgyyjkpgtugtwo.com
  • yolveoubbqsr.com
  • yonahsqvnlvud.com
  • ypnmjuycalfohjcbb.com
  • ypyylsqpl.com
  • ytpytcambvydsa.com
  • yvrktjohnvdb.com
  • ywjiexgdbsvmko.com
  • ywwmwkegf.com
  • yxpalnqdqbinut.com
  • yyskjkwrlh.com

download Try Sophos products for free
Download now