Troj/Ransom-KM

Category:	Viruses and Spyware	Protection available since:	22 Nov 2012 17:20:38 (GMT)
Type:	Trojan	Last Updated:	22 Nov 2012 17:20:38 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Ransom-KM exhibits the following characteristics:

File Information

Size: 234K
SHA-1: bebf48db7c2f2a0d6a9353464eccfcc9ed347232
MD5: 1c070e37e062f32599ede2d0a0dab138
CRC-32: 25c89ad7
File type: Windows executable
First seen: 2012-11-22

Runtime Analysis

Dropped Files

C:\Documents and Settings\All Users\Application Data\lsass.exe
c:\Documents and Settings\test user\Start Menu\Programs\Startup\ctfmon.lnk
Size
990
SHA-1
868ea3afc8ef079df84b883f489a5fbb183eab5e
MD5
7bf3582c9a2a3955eca243bec9a07448
CRC-32
ef17d7be
File type
Windows Shortcut file (.LNK)
First seen
2012-11-22
C:\Documents and Settings\All Users\Application Data\elpmas.pad
Size
91M
SHA-1
d15c6a271c888ead6254a4e0c7cfe5b0bc2d3e56
MD5
48c4209feb7f844b25989c34cc94e295
CRC-32
825aa149
File type
Unspecified binary - probably data
First seen
2012-11-22

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
2500
0x00000003
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2500
0x00000003
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
2500
0x00000003
HKCU\Software\Microsoft\Internet Explorer\Main
NoProtectedModeBanner
0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
2500
0x00000003
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
2500
0x00000003

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1609
0x00000000

IP Connections

31.44.184.134:443
66.197.250.229:80

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Ransom-KM

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Registry Keys Modified

IP Connections

Free Mac Anti-Virus

Popular topics