Troj/Reveton-BO exhibits the following characteristics:
File Information
- Size
- 228K
- SHA-1
- 6db189695a89ac4dd52baa8bbb65400211d4c5c0
- MD5
- 79d4270521a71e2361f6c4fceb55cb0c
- CRC-32
- ee896c66
- File type
- Windows executable
- First seen
- 2012-09-09
Other vendor detection
- Trend
- PAK_Generic.012
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
- Size
- 740
- SHA-1
- 7ce38352eb690dcb4a35086a94fd2bd258d7327d
- MD5
- 23a2d29d88e2e1d0046e6cee50e0411d
- CRC-32
- a39b5ecd
- File type
- Windows Shortcut file (.LNK)
- First seen
- 2012-12-08
- C:\Documents and Settings\All Users\Application Data\elpmas.pad
- Size
- 91M
- SHA-1
- 19f89e002758d14becace14f69640ec849c56214
- MD5
- 99068cc2980b84286a158511629cc680
- CRC-32
- ce00e293
- File type
- Unspecified binary - probably data
- First seen
- 2012-12-08
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 2500
- 0x00000003
- HKCU\Software\Microsoft\Internet Explorer\Main
- NoProtectedModeBanner
- 0x00000001
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
IP Connections