Troj/Reveton-CD

Category: Viruses and Spyware Protection available since:04 Mar 2013 14:30:42 (GMT)
Type: Trojan Last Updated:04 Mar 2013 14:30:42 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Reveton-CD include:

Example 1

File Information

Size
740
SHA-1
744d3782bf4bbae46ec08a0e7d9bfd90c971d8aa
MD5
ff0e99787aa4b229b1234b6cce81e0a4
CRC-32
ab018789
File type
Windows Shortcut file (.LNK)
First seen
2013-03-04

Example 2

File Information

Size
96K
SHA-1
7e36c3ba17c5f0f85548d81e6b4b6e5789191d0f
MD5
d3d0ad64748e5263ddbfeea9c5a972d0
CRC-32
87dcc96e
File type
Windows executable
First seen
2013-03-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
    Size
    740
    SHA-1
    744d3782bf4bbae46ec08a0e7d9bfd90c971d8aa
    MD5
    ff0e99787aa4b229b1234b6cce81e0a4
    CRC-32
    ab018789
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-03-04
  • C:\Documents and Settings\All Users\Application Data\elpmas.js
    Size
    2.4K
    SHA-1
    793977c2d5ea4834c4741af9aa58369406504ae7
    MD5
    4f4ccbf6cdcd37d863d21553635089dc
    CRC-32
    250f23fb
    File type
    JavaScript
    First seen
    2013-01-24
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    91M
    SHA-1
    ff1f49bdb798ad020a13844e15fb092695ce2201
    MD5
    2f3bf9cfcd89b6dbfd5f82c9736c8801
    CRC-32
    fe2d3fd0
    File type
    Unspecified binary - probably data
    First seen
    2013-03-04
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
IP Connections
  • 66.197.196.117:80

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information