Troj/Ransom-QN

Category: Viruses and Spyware Protection available since:05 Apr 2013 15:56:52 (GMT)
Type: Trojan Last Updated:05 Apr 2013 15:56:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Ransom-QN include:

Example 1

File Information

Size
4.8M
SHA-1
8555809cfb9bd7884e30ed6ad0491986dbb7c1d0
MD5
b442a78dcc677046e91a9d855a9821e8
CRC-32
eb917068
File type
Windows executable
First seen
2013-04-05

Example 2

File Information

Size
387K
SHA-1
cc3cdc3a79689c61370827466bd1fa44ce1773f3
MD5
322bc1ddf691b8a9f7815ac1f4b9e9b7
CRC-32
3f6ebb40
File type
Windows executable
First seen
2013-04-01

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\{23E45463-726A-0AEE-7652-F20A3F25D914}.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *EvtMgr6
    "c:\Documents and Settings\test user\Application Data\{23E45463-726A-0AEE-7652-F20A3F25D914}.exe"
  • HKCU\Software\Microsoft
    VersionInfo
    e\□0E□□^□0E□□0□`E□□^□0E□□□□□□□ ]□0E□□N□PE□□^□0E□□R□PE□□^□0E□□R□PE□□^□0E□□^□0E□□^□0E□□□□0□□□^□0E□□^□0E□□□□0□□□□□□□□□□□□□□0^□0E□□B□□□□□□□□□□□W□P□□P□□□□□□□□□E□□□□0□□□□□□□□`$□P□□□□□□□□P^□0E□□□□□□□□□□□□□□^□0E□P^□0E□□^□0E□□□□□□□□/□P□□□□□□□□□□□□□□□%□P□□□□□□□□□/□P□□□h□0□□□n□0□□□B□0□□P^□0E□□□□□□□□^□0E□□^□0E□□^□0E□□h□0□□□B□0□□□□□`e□□W□0E□□h□0□□□□□□□□□□□P□□□□□□E□□□□□□□□^□0E□□□□p□□□□□`e□□□□p□□□^□0E□□□□□□□P□□□□□□W□0E□□□□□□□□z□□□□□*□□□□□□□□□□P^□0E□P□□□□□P□□□□□□r□□□□□□□p□□□^□0E□□□□□□□□^□0E□□□□P□□□□□□E□□□□0□□□□□□□□□^□0E□□^□0E□□^□0E□ □□P□□□^□0E□p^□0E□□□□□□□@□□P□□□□□□□□□;□□□□□B□□□□□E□□□□□^□0E□□^□0E□□□□□□□□□□□□□□□□P□□□□□□□□□^□0E□□^□0E□□E□□□□P□□□□□@h□□□□□□□□□□□^□0E□P^□0E□□□□□□□□^□0E□□□□□□□□□□□□□□□□□□□`&□P□□□D□0□□□□□□□□□□□0□□□E□□□□P□□□□□□&□P□□□□□□□□□□□□□□P^□0E□□^□0E□□^□0E□□^□0E□ [... 150 intervening characters ...] □^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□□^□0E□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    "c:\Documents and Settings\test user\Application Data\{23E45463-726A-0AEE-7652-F20A3F25D914}.exe" /nr
Processes Created
  • c:\Documents and Settings\test user\application data\{23e45463-726a-0aee-7652-f20a3f25d914}.exe
IP Connections
  • 46.165.240.142:80
DNS Requests
  • apbojfsktijjhek.org
  • bhlaemueulyfdyj.com
  • ddvwedpmpiwedba.biz
  • drqecftcvvfdktv.org
  • fmveywemcptloea.net
  • fnbbcvokqsdcduv.info
  • gcqoaoxbvrddgsv.biz
  • hgalevwtwmba.biz
  • higbynyuwmrkouy.ru
  • hwbiwpdkdaajkst.co.uk
  • imvsxhwywcjbcot.info
  • ixblafsjqobcpsm.org
  • jslfwgxsxwxidic.com
  • olgfbeqnoqfsdaw.net
  • qhqcbulvjndrmov.ru
  • qvljywplpblqkcn.co.uk
  • srvgynktkxjpmpv.com
  • tdhdfmiblfabk.net

download Try Sophos products for free
Download now