Troj/Ransom-OB

Category: Viruses and Spyware Protection available since:15 Feb 2013 09:54:09 (GMT)
Type: Trojan Last Updated:15 Feb 2013 09:54:09 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Ransom-OB exhibits the following characteristics:

File Information

Size
451K
SHA-1
9c0f61927e24665871cd62b1433e8f595666462a
MD5
216b9fff584b39ae9214298c220fdedb
CRC-32
52d229dc
File type
Windows executable
First seen
2013-02-15

Other vendor detection

Avira
TR/ATRAPS.Gen
Kaspersky
Trojan-Ransom.Win32.Birele.mby

Runtime Analysis

Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\DcomLaunch
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\RpcSs
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Sophos Client Firewall
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{4D36E97B-E325-11CE-BFC1-08002BE10318}
    (Default)
    SCSIAdapter
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{4D36E96B-E325-11CE-BFC1-08002BE10318}
    (Default)
    Keyboard
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\NDIS Wrapper
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E96B-E325-11CE-BFC1-08002BE10318}
    (Default)
    Keyboard
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\vds
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\SCSI Class
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Sophos Client Firewall Manager
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\CryptSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\dmload.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\SAVService
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\vgasave.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\EventLog
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E980-E325-11CE-BFC1-08002BE10318}
    (Default)
    Floppy disk drive
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\dmboot.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\SRService
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    (Default)
    Human Interface Devices
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\dmadmin
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\NetDDEGroup
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Boot Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\tdtcp.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\SRService
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{4D36E96A-E325-11CE-BFC1-08002BE10318}
    (Default)
    Hdc
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E969-E325-11CE-BFC1-08002BE10318}
    (Default)
    Standard floppy disk controller
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\vgasave.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
    (Default)
    Volume shadow copy
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\File system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E977-E325-11CE-BFC1-08002BE10318}
    (Default)
    PCMCIA Adapters
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\NetBIOS
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Netlogon
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\LanmanWorkstation
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E972-E325-11CE-BFC1-08002BE10318}
    (Default)
    Net
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\dmio.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\CryptSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E974-E325-11CE-BFC1-08002BE10318}
    (Default)
    NetService
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{36FC9E60-C465-11CF-8056-444553540000}
    (Default)
    Universal Serial Bus controllers
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\ip6fw.sys
    (Default)
    Driver
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    test_item.exe
    c:\test_item.exe
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\PNP Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\HelpSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\NDIS
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{4D36E980-E325-11CE-BFC1-08002BE10318}
    (Default)
    Floppy disk drive
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\SharedAccess
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\EventLog
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E96A-E325-11CE-BFC1-08002BE10318}
    (Default)
    Hdc
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Network
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\AFD
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\DnsCache
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\NtLmSsp
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\sr.sys
    (Default)
    FSFilter System Recovery
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\WZCSVC
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{36FC9E60-C465-11CF-8056-444553540000}
    (Default)
    Universal Serial Bus controllers
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\System Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Ndisuio
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{4D36E96F-E325-11CE-BFC1-08002BE10318}
    (Default)
    Mouse
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\PlugPlay
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\NetBT
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\rdsessmgr
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Primary disk
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E97B-E325-11CE-BFC1-08002BE10318}
    (Default)
    SCSIAdapter
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Browser
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\Primary disk
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    (Default)
    Human Interface Devices
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
    (Default)
    Volume
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E973-E325-11CE-BFC1-08002BE10318}
    (Default)
    NetClient
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\dmload.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{4D36E97D-E325-11CE-BFC1-08002BE10318}
    (Default)
    System
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\dmserver
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\File system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\Base
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\AppMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Dhcp
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\PNP_TDI
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Tcpip
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\Boot Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\dmserver
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\PNP Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\System Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E975-E325-11CE-BFC1-08002BE10318}
    (Default)
    NetTrans
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Boot file system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\DcomLaunch
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{4D36E977-E325-11CE-BFC1-08002BE10318}
    (Default)
    PCMCIA Adapters
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\RpcSs
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\PCI Configuration
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\LanmanServer
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\HelpSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\rdpwd.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\WinMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\PCI Configuration
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\Netlogon
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\tdpipe.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\sr.sys
    (Default)
    FSFilter System Recovery
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\dmio.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\NetworkProvider
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\SCSI Class
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\SAVService
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E96F-E325-11CE-BFC1-08002BE10318}
    (Default)
    Mouse
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\dmadmin
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\sermouse.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\AppMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\NetBIOSGroup
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\termservice
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\vga.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\LmHosts
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Messenger
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Streams Drivers
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\ipnat.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{4D36E97D-E325-11CE-BFC1-08002BE10318}
    (Default)
    System
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\sermouse.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\NetMan
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
    (Default)
    Volume
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\rdpcdd.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\TDI
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\vga.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\WinMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\PlugPlay
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\rdpdd.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\Boot file system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N\Base
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\dmboot.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\{4D36E969-E325-11CE-BFC1-08002BE10318}
    (Default)
    Standard floppy disk controller
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M\Filter
    (Default)
    Driver Group
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    Hidden
    0x00000002
Processes Created
  • c:\windows\explorer.exe

download Try Sophos products for free
Download now