Troj/Ransom-OW

Category: Viruses and Spyware Protection available since:09 Mar 2013 07:47:37 (GMT)
Type: Trojan Last Updated:09 Mar 2013 07:47:37 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Ransom-OW exhibits the following characteristics:

File Information

Size
93K
SHA-1
8128e0b2fe0c094be29c79871d4daac10a89d3f8
MD5
e343845066df8c271b5ac095f2d44183
CRC-32
f0eb709e
File type
Windows executable
First seen
2013-03-09

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    91M
    SHA-1
    7f74ff5d26dda7d52aff7ebb8086767eb1565087
    MD5
    b9db2e0c6116389bf6043f68a1df9c16
    CRC-32
    bc79e701
    File type
    Unspecified binary - probably data
    First seen
    2013-03-09
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
    Size
    740
    SHA-1
    d5656a80819602e12a9807c63aab9f780c0de645
    MD5
    96dcbd02da1967bfecbb8240bacbd0d8
    CRC-32
    8a7ad022
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-03-09
  • C:\Documents and Settings\All Users\Application Data\elpmas.js
    Size
    2.4K
    SHA-1
    793977c2d5ea4834c4741af9aa58369406504ae7
    MD5
    4f4ccbf6cdcd37d863d21553635089dc
    CRC-32
    250f23fb
    File type
    JavaScript
    First seen
    2013-01-24
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
IP Connections
  • 146.185.236.194:443
  • 146.185.236.194:80
  • 66.197.217.85:443
DNS Requests
  • whatwillber.com

download Try Sophos products for free
Download now