Troj/Reveton-BE exhibits the following characteristics:
File Information
- Size
- 188K
- SHA-1
- 51c2548c42dd240f810eec1611f07b75ffe1cf1a
- MD5
- 56d2562710bf8bb89c4b866183006b63
- CRC-32
- 54dcbc83
- File type
- Windows executable
- First seen
- 2012-07-05
Runtime Analysis
Dropped Files
- C:\Documents and Settings\All Users\Application Data\elpmas.pad
- Size
- 91M
- SHA-1
- 2a473e3533730e9fef92b620c16a3a258681f7b2
- MD5
- 1537105830c6653c02ea61ca897b8018
- CRC-32
- 88ac1565
- File type
- Unspecified binary - probably data
- First seen
- 2012-12-11
- c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
- Size
- 740
- SHA-1
- 50f9fa161db40c22225fa6979a4a531c7efad9bc
- MD5
- 8cefafd89a68d89d442229e72e9f3c91
- CRC-32
- 878ba899
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-12-11
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Internet Explorer\Main
- NoProtectedModeBanner
- 0x00000001
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 2500
- 0x00000003
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
IP Connections