Troj/Reveton-BA exhibits the following characteristics:
File Information
- Size
- 249K
- SHA-1
- 396ecb3fce51b258455db0d60f2e254d75857345
- MD5
- 95334e97bf0c0bc7cc1e396a05d8dbe1
- CRC-32
- d96db793
- File type
- Windows executable
- First seen
- 2012-12-08
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
- Size
- 740
- SHA-1
- 636f22b1eaa47407e295a8d300ad64f5fc3aee7a
- MD5
- 0743b089410094b4ace2ec78d6994c7f
- CRC-32
- 165992c2
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-12-08
- C:\Documents and Settings\All Users\Application Data\elpmas.pad
- Size
- 91M
- SHA-1
- 64982683b0db16f4c3fcf8b196d43fdf21923d95
- MD5
- 7b93c06cc87b99a28d145272c7571d9c
- CRC-32
- e391b8d0
- File type
- Unspecified binary - probably data
- First seen
- 2012-12-08
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Internet Explorer\Main
- NoProtectedModeBanner
- 0x00000001
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 2500
- 0x00000003
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
IP Connections