Troj/Ramnit-EF

Category: Viruses and Spyware Protection available since:21 Dec 2013 12:08:05 (GMT)
Type: Trojan Last Updated:21 Dec 2013 12:08:05 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Ramnit-EF include:

Example 1

File Information

Size
340K
SHA-1
5f0fe368cf988f40aafd11a2684346eba94673ed
MD5
a012ffc16c5ced99a3e4919af760a7cf
CRC-32
53d41a31
File type
Windows executable
First seen
2013-11-25

Other vendor detection

Avira
TR/Rogue.1422298

Example 2

File Information

Size
340K
SHA-1
dfffb33595a1650e4194069523c49ee4051f5526
MD5
91d83ac111fd3013353c71bf453bad85
CRC-32
f754c653
File type
Windows executable
First seen
2013-11-25

Runtime Analysis

Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Ohpay
    "c:\Documents and Settings\test user\Application Data\Vopok\ohpay.exe"
  • HKCU\Software\Microsoft\Xifoixj
    ig414c4
    □□□0f□□6□□ □□□□□.□
Processes Created
  • c:\Documents and Settings\test user\application data\vopok\ohpay.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 109.157.128.220:2084
  • 166.143.197.68:8471
  • 174.95.170.238:4396
  • 67.230.94.4:1899
  • 69.95.46.22:8953
  • 75.99.113.250:8765
  • 85.24.208.124:2873
  • 99.114.99.151:9002

download Try Sophos products for free
Download now