Troj/Reconyc-A

Category: Viruses and Spyware Protection available since:24 Apr 2014 13:41:34 (GMT)
Type: Trojan Last Updated:09 May 2014 16:13:41 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Reconyc-A include:

Example 1

File Information

Size
106K
SHA-1
ba937ad38479e6e795222a2df7f87eaaa5aebadc
MD5
0c184f35844b6658d3effaa390bdf42f
CRC-32
531c1d92
File type
Windows executable
First seen
2014-04-23

Other vendor detection

Avira
TR/Dropper.MSIL.37833

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\svchost\svchost.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\cnki
  • c:\Documents and Settings\test user\Application Data\cnki1
  • c:\Documents and Settings\test user\Application Data\obxk\04-24-2014-10.38.41.dat
    Size
    794
    SHA-1
    ddaac86ebdd834fc44daff90f50506225f87a75d
    MD5
    4a7e407c80e4634844a0588013d11596
    CRC-32
    937bd7f7
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-04-24
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    c6f06c915d934f668c955981abef22ac
    c:\Documents and Settings\test user\Application Data\svchost\svchost.exe
Processes Created
  • c:\Documents and Settings\test user\application data\svchost\svchost.exe
HTTP Requests
  • http://bot.whatismyipaddress.com/
DNS Requests
  • bot.whatismyipaddress.com
  • mail.ahliatradings.com

Example 2

File Information

Size
105K
SHA-1
0d55ee3c5d9f920156b7fd0741480955e5edf1b7
MD5
40275f7c50036f8c247c3ebc96d9ba93
CRC-32
b9091369
File type
Windows executable
First seen
2014-04-22

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\svchost\svchost.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\rdokl1
  • c:\Documents and Settings\test user\Application Data\elek\04-22-2014-17.34.40.dat
    Size
    796
    SHA-1
    9b0a4d85bd0296d1f2aa7021656f78573a6018b4
    MD5
    41bb22d390da9736bbb82b61efc1c386
    CRC-32
    b117b448
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-04-22
  • c:\Documents and Settings\test user\Application Data\rdokl
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    5be4206931c9408aa993d186b408dd34
    c:\Documents and Settings\test user\Application Data\svchost\svchost.exe
Processes Created
  • c:\Documents and Settings\test user\application data\svchost\svchost.exe
HTTP Requests
  • http://bot.whatismyipaddress.com/
DNS Requests
  • bot.whatismyipaddress.com
  • rocnationspamz.allalla.com

Example 3

File Information

Size
105K
SHA-1
2f88f34631201521ba3abaa6798232092a692dfd
MD5
77a221f3590f9068ddc717df1d8f333b
CRC-32
856794ad
File type
Windows executable
First seen
2014-05-05

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\svchost\svchost.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\jfoj1
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    3e280aedf1e04734baf50fd0156eeb58
    c:\Documents and Settings\test user\Application Data\svchost\svchost.exe
Processes Created
  • c:\Documents and Settings\test user\application data\svchost\svchost.exe
HTTP Requests
  • http://bot.whatismyipaddress.com/
DNS Requests
  • bot.whatismyipaddress.com
  • mail.ahliatradings.com

download Try Sophos products for free
Download now