Examples of Troj/Rerol-A include:
Example 1
File Information
- Size
- 16K
- SHA-1
- 53fbfb28413b16a3dfc69798560fb24c3a0c58dc
- MD5
- 5e2360a8c4a0cce1ae22919d8bff49fd
- CRC-32
- 3e962ad1
- File type
- Windows executable
- First seen
- 2014-04-28
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\test_item.exe
Dropped Files
- C:\WINDOWS\system32\mfidmdi.dll
- c:\Documents and Settings\test user\Local Settings\Temp\explorer.exe
- Size
- 77K
- SHA-1
- 2a2390f5280c8c2499eecdef7ea77620ca961c67
- MD5
- e7dc3bbe8b38b7ee0e797a0e27635cfa
- CRC-32
- bb928f2c
- File type
- Windows executable
- First seen
- 2014-04-16
- C:\WINDOWS\system32\khuvaxu.exe
- Size
- 77K
- SHA-1
- 2a2390f5280c8c2499eecdef7ea77620ca961c67
- MD5
- e7dc3bbe8b38b7ee0e797a0e27635cfa
- CRC-32
- bb928f2c
- File type
- Windows executable
- First seen
- 2014-04-16
Registry Keys Created
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
- load
- c:\windows\system32\khuvaxu.exe
Registry Keys Modified
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
- Shell
- Explorer.exe,C:\DOCUME~1\support\APPLIC~1\test_item.exe,
Processes Created
- c:\docume~1\support\locals~1\temp\explorer.exe
- c:\windows\system32\cmd.exe
DNS Requests
- sop.avstore.com.tw
- sophos.skypetm.com.tw
Example 2
File Information
- File type
- Windows executable
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\test_item.exe
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- Userinit
- C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\support\APPLIC~1\test_item.exe,
Processes Created
- c:\windows\system32\cmd.exe
DNS Requests
Example 3
File Information
- File type
- Windows executable
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Start Menu\Programs\Startup\KAVUpdate.exe
Processes Created
- c:\windows\system32\cmd.exe
IP Connections