Troj/Ransom-KP

Category: Viruses and Spyware Protection available since:27 Nov 2012 07:11:43 (GMT)
Type: Trojan Last Updated:27 Nov 2012 07:11:43 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Ransom-KP exhibits the following characteristics:

File Information

Size
137K
SHA-1
fd80e02a3b6899514b9e82a9bc81eec21cc8fcf8
MD5
f8f005037c69d7510fbf59926dde896c
CRC-32
e1962d09
File type
Windows executable
First seen
2012-08-30

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\lsass.exe
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    91M
    SHA-1
    3e443be4f535f2d40f98e507947d387de2bd47f4
    MD5
    db5741447c15ab80acb83693a6dd01d1
    CRC-32
    b4daee3d
    File type
    Unspecified binary - probably data
    First seen
    2012-11-27
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\ctfmon.lnk
    Size
    990
    SHA-1
    8a036db60c9fff77adcf091c20d5420d6d5f46ca
    MD5
    c06061a3a3b676da3dbfec0cefb004b2
    CRC-32
    09b225a6
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-11-27
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
IP Connections
  • 146.185.255.219:443
  • 66.197.250.229:443
  • 66.197.250.229:80
DNS Requests
  • whatwillber.com

download Try Sophos products for free
Download now