Troj/Rebhip-AO exhibits the following characteristics:
File Information
- Size
- 7.2M
- SHA-1
- 0e71270f2778748fb1e82ca39906c525df89c1c7
- MD5
- fb9eb186b10f8a005cb904537bd0b009
- CRC-32
- 73272e18
- File type
- application/x-ms-dos-executable
- First seen
- 2012-12-29
Other vendor detection
- Avira
- TR/Dropper.Gen
Runtime Analysis
Copies Itself To
- C:\Program Files\Defender WIndows\csrss.exe
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\support7
- Size
- 8
- SHA-1
- a56dec14ccfda31c88442d963a5a875a9b87ff62
- MD5
- 9bbd9b7011947e28aa78da7f0e76ec40
- CRC-32
- 933ede85
- File type
- application/octet-stream
- First seen
- 2012-12-29
- c:\Documents and Settings\test user\Application Data\supportv1.18.0 - Trial versionlog.dat
- c:\Documents and Settings\test user\Local Settings\Temp\support8
- Size
- 8
- SHA-1
- 3d02e58155695d0c651075f9376c1cc6050cb5ce
- MD5
- e2ad48d13caa059a68cd57e4930d362f
- CRC-32
- f3f95760
- File type
- ASCII text / 8-bit Unicode Transformation Format
- First seen
- 2012-07-19
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{0V75MO1M-52B0-JM4F-3U3F-402AF4668HWG}
- StubPath
- C:\Program Files\Defender WIndows\csrss.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- Defender WIndows
- C:\Program Files\Defender WIndows\csrss.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Defender WIndows
- C:\Program Files\Defender WIndows\csrss.exe
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Defender WIndows
- C:\Program Files\Defender WIndows\csrss.exe
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
- Defender WIndows
- C:\Program Files\Defender WIndows\csrss.exe
- HKCU\Software\2205
- FirstExecution
- 29/12/2012 -- 18:08
DNS Requests