Troj/Ransom-QA

Category: Viruses and Spyware Protection available since:27 Mar 2013 05:32:05 (GMT)
Type: Trojan Last Updated:03 Jul 2013 01:12:16 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Ransom-QA include:

Example 1

File Information

Size
56K
SHA-1
007b7eba0aea57700f4f44029a59656e339ef83f
MD5
48afa73c3d54f7b074f66bf87fdccf2d
CRC-32
a6155927
File type
Windows executable
First seen
2013-03-18

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97D-E325-11CE-BFC1-08002BE10318}
    (Default)
    System
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetMan
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E980-E325-11CE-BFC1-08002BE10318}
    (Default)
    Floppy disk drive
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SharedAccess
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96B-E325-11CE-BFC1-08002BE10318}
    (Default)
    Keyboard
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\CryptSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS Wrapper
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot file system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Dhcp
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Primary disk
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\HelpSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97D-E325-11CE-BFC1-08002BE10318}
    (Default)
    System
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Ndisuio
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\System Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97B-E325-11CE-BFC1-08002BE10318}
    (Default)
    SCSIAdapter
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96F-E325-11CE-BFC1-08002BE10318}
    (Default)
    Mouse
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{36FC9E60-C465-11CF-8056-444553540000}
    (Default)
    Universal Serial Bus controllers
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdtcp.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97B-E325-11CE-BFC1-08002BE10318}
    (Default)
    SCSIAdapter
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ip6fw.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E980-E325-11CE-BFC1-08002BE10318}
    (Default)
    Floppy disk drive
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\EventLog
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmio.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Primary disk
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Messenger
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Network
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Streams Drivers
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Sophos Client Firewall
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpwd.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmio.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LmHosts
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\TDI
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\EventLog
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\RpcSs
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96A-E325-11CE-BFC1-08002BE10318}
    (Default)
    Hdc
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\termservice
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96B-E325-11CE-BFC1-08002BE10318}
    (Default)
    Keyboard
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
    (Default)
    Volume
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96A-E325-11CE-BFC1-08002BE10318}
    (Default)
    Hdc
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\AppMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBT
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOS
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot file system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E974-E325-11CE-BFC1-08002BE10318}
    (Default)
    NetService
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WinMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vga.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanWorkstation
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\File system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E977-E325-11CE-BFC1-08002BE10318}
    (Default)
    PCMCIA Adapters
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanServer
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NtLmSsp
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\WinMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\DcomLaunch
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
    (Default)
    Volume
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Tcpip
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmload.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SAVService
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Base
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vgasave.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{36FC9E60-C465-11CF-8056-444553540000}
    (Default)
    Universal Serial Bus controllers
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmserver
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\RpcSs
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PCI Configuration
    (Default)
    Driver Group
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MigAutoPlay
    "C:\Documents and Settings\All Users\Application Data\MigAutoPlay.exe"
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PCI Configuration
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E975-E325-11CE-BFC1-08002BE10318}
    (Default)
    NetTrans
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmboot.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AppMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetworkProvider
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SRService
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E973-E325-11CE-BFC1-08002BE10318}
    (Default)
    NetClient
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E977-E325-11CE-BFC1-08002BE10318}
    (Default)
    PCMCIA Adapters
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sermouse.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpdd.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SAVService
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PlugPlay
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E969-E325-11CE-BFC1-08002BE10318}
    (Default)
    Standard floppy disk controller
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E969-E325-11CE-BFC1-08002BE10318}
    (Default)
    Standard floppy disk controller
  • HKCU\Software\Microsoft\Windows\CurrentVersion
    DNS
    c:\test_item.exe
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\System Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmadmin
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmload.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\HelpSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
    (Default)
    Volume shadow copy
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP_TDI
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmboot.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ipnat.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdsessmgr
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PNP Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AFD
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmadmin
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Netlogon
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    (Default)
    Human Interface Devices
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    (Default)
    Human Interface Devices
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetDDEGroup
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SRService
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WZCSVC
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\CryptSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DnsCache
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DcomLaunch
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Base
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E972-E325-11CE-BFC1-08002BE10318}
    (Default)
    Net
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpcdd.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Sophos Client Firewall Manager
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SCSI Class
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vds
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sr.sys
    (Default)
    FSFilter System Recovery
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SCSI Class
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sr.sys
    (Default)
    FSFilter System Recovery
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Netlogon
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vga.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\File system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdpipe.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Browser
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vgasave.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sermouse.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmserver
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PlugPlay
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOSGroup
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96F-E325-11CE-BFC1-08002BE10318}
    (Default)
    Mouse
Processes Created
  • c:\windows\system32\svchost.exe

Example 2

File Information

Size
132K
SHA-1
0192cf9ed3fb2d888ac38a19e007bf6fbf2b4e0b
MD5
a40fc6992a91c1cce0b6519fc35e50a9
CRC-32
0d57ef76
File type
Windows executable
First seen
2013-05-03

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sr.sys
    (Default)
    FSFilter System Recovery
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96F-E325-11CE-BFC1-08002BE10318}
    (Default)
    Mouse
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SAVService
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ip6fw.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetDDEGroup
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmio.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E972-E325-11CE-BFC1-08002BE10318}
    (Default)
    Net
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97B-E325-11CE-BFC1-08002BE10318}
    (Default)
    SCSIAdapter
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AFD
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Base
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetMan
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\HelpSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOS
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ipnat.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NtLmSsp
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmload.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Primary disk
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PlugPlay
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SRService
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Ndisuio
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\termservice
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Dhcp
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DnsCache
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Base
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBT
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\WinMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96A-E325-11CE-BFC1-08002BE10318}
    (Default)
    Hdc
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97D-E325-11CE-BFC1-08002BE10318}
    (Default)
    System
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97D-E325-11CE-BFC1-08002BE10318}
    (Default)
    System
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    DisplaySwitch
    "C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe"
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E975-E325-11CE-BFC1-08002BE10318}
    (Default)
    NetTrans
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmadmin
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SharedAccess
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\RpcSs
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Messenger
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\EventLog
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot file system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Netlogon
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpcdd.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\File system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{36FC9E60-C465-11CF-8056-444553540000}
    (Default)
    Universal Serial Bus controllers
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PCI Configuration
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\CryptSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdpipe.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS Wrapper
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\HelpSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\System Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Sophos Client Firewall Manager
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmserver
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SAVService
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PNP Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E980-E325-11CE-BFC1-08002BE10318}
    (Default)
    Floppy disk drive
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SRService
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpdd.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Netlogon
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E980-E325-11CE-BFC1-08002BE10318}
    (Default)
    Floppy disk drive
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LmHosts
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sermouse.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmserver
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SCSI Class
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vds
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\File system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmboot.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOSGroup
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\CryptSvc
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PlugPlay
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E977-E325-11CE-BFC1-08002BE10318}
    (Default)
    PCMCIA Adapters
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdsessmgr
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96A-E325-11CE-BFC1-08002BE10318}
    (Default)
    Hdc
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmio.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
    (Default)
    Volume shadow copy
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sermouse.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
    (Default)
    Volume
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetworkProvider
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Tcpip
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\TDI
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96B-E325-11CE-BFC1-08002BE10318}
    (Default)
    Keyboard
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Network
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    (Default)
    Human Interface Devices
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpwd.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmload.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Filter
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PCI Configuration
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\System Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Streams Drivers
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DcomLaunch
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmboot.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\AppMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Browser
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Primary disk
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WinMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmadmin
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\RpcSs
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanWorkstation
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot file system
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E973-E325-11CE-BFC1-08002BE10318}
    (Default)
    NetClient
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WZCSVC
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdtcp.sys
    (Default)
    Driver
  • HKCU\Software\Microsoft\Windows\CurrentVersion
    MicroSoftTmp
    c:\test_item.exe
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vga.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E969-E325-11CE-BFC1-08002BE10318}
    (Default)
    Standard floppy disk controller
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sr.sys
    (Default)
    FSFilter System Recovery
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\EventLog
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96B-E325-11CE-BFC1-08002BE10318}
    (Default)
    Keyboard
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vga.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Sophos Client Firewall
    (Default)
    service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
    (Default)
    Human Interface Devices
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E969-E325-11CE-BFC1-08002BE10318}
    (Default)
    Standard floppy disk controller
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\DcomLaunch
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E977-E325-11CE-BFC1-08002BE10318}
    (Default)
    PCMCIA Adapters
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96F-E325-11CE-BFC1-08002BE10318}
    (Default)
    Mouse
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
    (Default)
    Volume
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot Bus Extender
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SCSI Class
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vgasave.sys
    (Default)
    Driver
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP_TDI
    (Default)
    Driver Group
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanServer
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97B-E325-11CE-BFC1-08002BE10318}
    (Default)
    SCSIAdapter
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{36FC9E60-C465-11CF-8056-444553540000}
    (Default)
    Universal Serial Bus controllers
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E974-E325-11CE-BFC1-08002BE10318}
    (Default)
    NetService
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AppMgmt
    (Default)
    Service
  • HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vgasave.sys
    (Default)
    Driver
Processes Created
  • c:\windows\system32\svchost.exe

Example 3

File Information

Size
159K
SHA-1
02e8524948c6828d7960f3cc6a12678aa438c160
MD5
61735c8dfcc4a696d83e165938a52a8e
CRC-32
ab88445f
File type
Windows executable
First seen
2013-06-27

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\gldoco.dat
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\ocodlg.js
    Size
    3.1K
    SHA-1
    6f0a9477478056ff40bd14120697efb7fcca9fd1
    MD5
    082a6ae7900b374e0617178bb5475098
    CRC-32
    76b1fffe
    File type
    JavaScript
    First seen
    2013-06-27
  • c:\Documents and Settings\test user\Local Settings\Temp\tratra.lnk
    Size
    790
    SHA-1
    b11ed57f2b7f217497c28ab8adbb1d3eb59d3c7f
    MD5
    5a5ed02b2f6d38412babaa3b0dbe3d1c
    CRC-32
    cb2d7b4a
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-06-27
  • C:\Documents and Settings\All Users\Application Data\ocodlg.pad
    Size
    91M
    SHA-1
    8eeabe1aa165e1b26a8d7a0b084a335d505bb707
    MD5
    f7421c028cfd11606703f30ac6ed822f
    CRC-32
    f0eac81b
    File type
    Unspecified binary - probably data
    First seen
    2013-06-27
  • C:\Documents and Settings\All Users\Application Data\sdaksda.txt
    Size
    790
    SHA-1
    b11ed57f2b7f217497c28ab8adbb1d3eb59d3c7f
    MD5
    5a5ed02b2f6d38412babaa3b0dbe3d1c
    CRC-32
    cb2d7b4a
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-06-27
  • C:\Documents and Settings\All Users\Application Data\rundll32.exe
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\regmonstd.lnk
    Size
    790
    SHA-1
    b11ed57f2b7f217497c28ab8adbb1d3eb59d3c7f
    MD5
    5a5ed02b2f6d38412babaa3b0dbe3d1c
    CRC-32
    cb2d7b4a
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-06-27
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon32.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\gldoco.dat,XFG00
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\docume~1\alluse~1\applic~1\rundll32.exe
IP Connections
  • 37.139.53.169:80

download Try Sophos products for free
Download now