Troj/Ransom-SF

Category: Viruses and Spyware Protection available since:23 Apr 2013 05:46:51 (GMT)
Type: Trojan Last Updated:23 Apr 2013 05:46:51 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Ransom-SF include:

Example 1

File Information

Size
126K
SHA-1
b81cbfd603c22234978970a1605374629fd73469
MD5
94e2c17b24fe613b2180020449dd3839
CRC-32
62ddcc50
File type
Windows executable
First seen
2012-07-08

Example 2

File Information

Size
300K
SHA-1
df8a9f85b32cd175e3e844ca2f8ae8e71fe32ca6
MD5
e0df71a125a5947ac367c2d16d0fd37b
CRC-32
9eac8b96
File type
Windows executable
First seen
2011-06-27

Example 3

File Information

Size
75K
SHA-1
6391d893405da81345f01a0f111edd1d062aab77
MD5
e87101ecfd8585f82d75e1097f24fb6b
CRC-32
adbecf97
File type
Windows executable
First seen
2013-04-22

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\skype.dat
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    explorer.exe,c:\Documents and Settings\test user\Application Data\skype.dat
Processes Created
  • c:\windows\system32\svchost.exe

download Try Sophos products for free
Download now