Troj/Ransom-MC

Category: Viruses and Spyware Protection available since:11 Jan 2013 04:23:31 (GMT)
Type: Trojan Last Updated:21 Jan 2013 23:38:43 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Ransom-MC include:

Example 1

File Information

Size
144K
SHA-1
4746486d91d1a94cd76415b6e1e52bc96dc9fe9e
MD5
d28964c1f895c8edcb613f8b2cb5d051
CRC-32
10faff6a
File type
Windows executable
First seen
2013-01-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
    Size
    740
    SHA-1
    5cd04bdd6c0248bccd375625e9fa5f413bee4a40
    MD5
    4a4bd26493e55d7eb2fcc8660dda24e8
    CRC-32
    18ee64fe
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-01-10
  • C:\Documents and Settings\All Users\Application Data\elpmas.js
    Size
    2.4K
    SHA-1
    8ee4bff2fd557efb4f54333291d53e29c25b7658
    MD5
    f401340119e2ee08feab6563955c783b
    CRC-32
    dfc09537
    File type
    JavaScript
    First seen
    2012-12-22
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    91M
    SHA-1
    c920fdb2c503c6f1d55f059459e589d260cf56e9
    MD5
    be212e4495146c4dd1f7846a408d953c
    CRC-32
    3130ecd2
    File type
    Unspecified binary - probably data
    First seen
    2013-01-10
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
IP Connections
  • 31.44.184.55:80

Example 2

File Information

Size
140K
SHA-1
a75fee8ad428e8f0cd357422aea175e4664ae5f8
MD5
189711e590217d54b24877574683d73e
CRC-32
87e0ac97
File type
Windows executable
First seen
2013-01-12

Example 3

File Information

Size
144K
SHA-1
e8b603ddff2e5947d598147b99bebf3220579b16
MD5
0f6aaace6733771cf0e988d5e767b08c
CRC-32
2f9a7647
File type
Windows executable
First seen
2013-01-10

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
    Size
    740
    SHA-1
    2987fdf9a1640ba71c799916149c97e2f6ac6c3e
    MD5
    b129ca09a383e57ba60e667a5b6092b7
    CRC-32
    7876eb33
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-01-10
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    91M
    SHA-1
    1e542097e2607692e6b84e3a5e966a250a83b54d
    MD5
    fd39b209258883a7d10929997feae4de
    CRC-32
    1e2d23a9
    File type
    Unspecified binary - probably data
    First seen
    2013-01-10
  • C:\Documents and Settings\All Users\Application Data\elpmas.js
    Size
    2.4K
    SHA-1
    8ee4bff2fd557efb4f54333291d53e29c25b7658
    MD5
    f401340119e2ee08feab6563955c783b
    CRC-32
    dfc09537
    File type
    JavaScript
    First seen
    2012-12-22
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
IP Connections
  • 199.255.236.252:80

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information