Troj/Reverton-E

Category: Viruses and Spyware Protection available since:16 Aug 2012 05:16:14 (GMT)
Type: Trojan Last Updated:16 Aug 2012 05:16:14 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Reverton-E include:

Example 1

File Information

Size
56K
SHA-1
5ebbd75c1e890c02ebd22b78ed3f33475ea4700f
MD5
bb9653393ddf71d97bb620cb7ad97ff5
CRC-32
9898e92a
File type
Windows executable
First seen
2012-08-15

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\owmhfbvrpesrqbv
    Size
    40
    SHA-1
    291b62647bfd131f2ceed0c13f784be11f255a69
    MD5
    c641d146510cd0239ef658027176102c
    CRC-32
    7d04eed5
    File type
    Unspecified binary - probably data
    First seen
    2012-06-21
DNS Requests
  • extasy.miriellographico.com
  • fiednurfnflm4o3r4fmnsid-33773.info

Example 2

File Information

Size
548K
SHA-1
f45debfac1961865373fdf624e79384fa3b9b115
MD5
249419262b92af873d4f75f067c46a7c
CRC-32
fc0bbc6b
File type
Windows executable
First seen
2012-08-15

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\ctfmon.lnk
    Size
    1.6K
    SHA-1
    5854e276b0d4feb92e373ee568c66a5f7240153d
    MD5
    f883412713d025a86052b5cc3f802f7f
    CRC-32
    ebb82826
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-08-15
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    4.3M
    SHA-1
    465a5cd23371106eaaf2c316d031e956de503ee9
    MD5
    243ee52c5067adb9eb2f61755d325dfb
    CRC-32
    23779c7a
    File type
    Unspecified binary - probably data
    First seen
    2012-08-15
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
IP Connections
  • 146.185.255.194:80

download Try Sophos products for free
Download now