Troj/Shiz-AW

Category: Viruses and Spyware Protection available since:19 Sep 2013 16:44:30 (GMT)
Type: Trojan Last Updated:19 Sep 2013 16:44:30 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Shiz-AW include:

Example 1

File Information

File type
Windows executable

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Dropped Files
  • C:\WINDOWS\AppPatch\agsjdnp.exe
    Size
    250K
    SHA-1
    660f6fe7c0ca918548bfac65df7bc2d953f901c2
    MD5
    ed5760ea4b96b6860786c4ae9128e1d0
    CRC-32
    ba357fa2
    File type
    Windows executable
    First seen
    2013-09-18
Registry Keys Created
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\apppatch\agsjdnp.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    userinit
    C:\WINDOWS\apppatch\agsjdnp.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    601f769f
    @□□□□□ □□□□□□□□□□□□□□0□□□P□□□□`<□□□□□□□□□□□□□□□□p□□`C□□□□0□□□□□`y□□□□p□□□_□□7□p□□0m□0=□p7□0□□0}□□V□□K□□□□□□□□□□`f□□□□□□□□k□p□□0□□0'□□□□□C□□□□□□□□□□□□□p□□□e□□□□□□□p□□□□□`Y□p□□□w□□□□□□□□w□□□□0□□□C□□3□□^□0□□□□□□Q□□k□□#□0□□□□□□□□□□□s□□□□□□□□□□□□□□□□0□□0□□p□□`□□□□□P#□`a□0a□□□□0□□0□□`V□0>□□g□□□□p□□□□□□□□□□□□7□`y□□)□□□□0s□0□□P□□Pv□pW□`e□□□□□□□p{□□□□□□□0□□0□□0□□□N□□□□□□□□;□0□□□□□p□□□#□□1□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    run
    C:\WINDOWS\apppatch\agsjdnp.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\apppatch\agsjdnp.exe,
DNS Requests
  • cicaratupig.eu
  • cihunemyror.eu
  • ciliqikytec.eu
  • cinepycusaw.eu
  • ciqydofudyx.eu
  • digivehusyd.eu
  • dikoniwudim.eu
  • dimutobihom.eu
  • divywysigud.eu
  • dixemazufel.eu
  • fobonobaxog.eu
  • fodakyhijyv.eu
  • fogeliwokih.eu
  • fokyxazolar.eu
  • foxivusozuc.eu
  • gadufiwabim.eu
  • gahihezenal.eu
  • galokusemus.eu
  • gatedyhavyd.eu
  • jefapexytar.eu
  • jejedudupuc.eu
  • jepororyrih.eu
  • jewuqyjywyv.eu
  • kefuwidijyp.eu
  • kemocujufys.eu
  • kepymexihak.eu
  • keraborigin.eu
  • lymylorozig.eu
  • lyruxyxaxaw.eu
  • lysovidacyx.eu
  • lyvejujolec.eu
  • magofetequb.eu
  • makagucyraj.eu
  • marytymenok.eu
  • masisokemep.eu
  • nofyjikoxex.eu
  • nojuletacuf.eu
  • nopegymozow.eu
  • nozoxucavaq.eu
  • pumadypyruv.eu
  • puregivytoh.eu
  • puvopalywet.eu
  • puzutuqeqij.eu
  • qederepuduf.eu
  • qegytuvufoq.eu
  • qeqinuqypoq.eu
  • qetoqolusex.eu
  • rydinivoloh.eu
  • rynazuqihoj.eu
  • ryqecolijet.eu
  • rytuvepokuv.eu
  • tucyguqaciq.eu
  • tunujolavez.eu
  • tupazivenom.eu
  • tuwikypabud.eu
  • vocumucokaj.eu
  • vofozymufok.eu
  • vojacikigep.eu
  • volebatijub.eu
  • voniqofolyt.eu
  • www.bing.com
  • xubifaremin.eu
  • xuqohyxeqak.eu
  • xutekidywyp.eu
  • xuxusujenes.eu

Example 2

File Information

Size
250K
SHA-1
04b24bc0aec8c5a3b2d4fa9cb1b68e0c7d31492e
MD5
68aaff2283e8a973ef63fbbe3c77afb9
CRC-32
2571cde5
File type
Windows executable
First seen
2012-07-30

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Dropped Files
  • C:\WINDOWS\AppPatch\xqgfvm.exe
    Size
    250K
    SHA-1
    fcea404d9d752e594a835915516719421568ef6f
    MD5
    86786003a9e92b54f347f7f7654528c4
    CRC-32
    f07177e6
    File type
    Windows executable
    First seen
    2013-09-18
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    run
    C:\WINDOWS\apppatch\xqgfvm.exe
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\apppatch\xqgfvm.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    601f769f
    @□□□□□ □□□□□□□□□□□□□□0□□□P□□□□□*□□□□□□□PK□0□□□□□p□□`C□□□□0□□□□□`y□□□□p□□□_□□7□p□□0m□0=□p7□0□□0}□□V□□K□□□□□□□□□□`f□□□□□□□□k□p□□0□□0'□□□□□C□□□□□□□□□□□□□p□□□e□□□□□□□p□□□□□`Y□p□□□w□□□□□□□□w□□□□0□□□C□□3□□^□0□□□□□□Q□□k□□#□0□□□□□□□□□□□s□□□□□□□□□□□□□□□□0□□0□□p□□`□□□□□P#□`a□0a□□□□0□□0□□`V□0>□□g□□□□p□□□□□□□□□□□□7□`y□□)□□□□0s□0□□P□□Pv□pW□`e□□□□□□□p{□□□□□□□0□□0□□0□□□N□□□□□□□□;□0□□□□□p□□□#□□1□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    userinit
    C:\WINDOWS\apppatch\xqgfvm.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\apppatch\xqgfvm.exe,
DNS Requests
  • cicaratupig.eu
  • cihunemyror.eu
  • ciliqikytec.eu
  • cinepycusaw.eu
  • ciqydofudyx.eu
  • digivehusyd.eu
  • dikoniwudim.eu
  • dimutobihom.eu
  • divywysigud.eu
  • dixemazufel.eu
  • fobonobaxog.eu
  • fodakyhijyv.eu
  • fogeliwokih.eu
  • fokyxazolar.eu
  • foxivusozuc.eu
  • gadufiwabim.eu
  • gahihezenal.eu
  • galokusemus.eu
  • gatedyhavyd.eu
  • jefapexytar.eu
  • jejedudupuc.eu
  • jepororyrih.eu
  • jewuqyjywyv.eu
  • kefuwidijyp.eu
  • kemocujufys.eu
  • kepymexihak.eu
  • keraborigin.eu
  • lymylorozig.eu
  • lyruxyxaxaw.eu
  • lysovidacyx.eu
  • lyvejujolec.eu
  • magofetequb.eu
  • makagucyraj.eu
  • marytymenok.eu
  • masisokemep.eu
  • nofyjikoxex.eu
  • nojuletacuf.eu
  • nopegymozow.eu
  • nozoxucavaq.eu
  • pumadypyruv.eu
  • puregivytoh.eu
  • puvopalywet.eu
  • puzutuqeqij.eu
  • qederepuduf.eu
  • qegytuvufoq.eu
  • qeqinuqypoq.eu
  • qetoqolusex.eu
  • rydinivoloh.eu
  • rynazuqihoj.eu
  • ryqecolijet.eu
  • rytuvepokuv.eu
  • tucyguqaciq.eu
  • tunujolavez.eu
  • tupazivenom.eu
  • tuwikypabud.eu
  • vocumucokaj.eu
  • vofozymufok.eu
  • vojacikigep.eu
  • volebatijub.eu
  • voniqofolyt.eu
  • www.bing.com
  • xubifaremin.eu
  • xuqohyxeqak.eu
  • xutekidywyp.eu
  • xuxusujenes.eu

Example 3

File Information

File type
Windows executable

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Dropped Files
  • C:\WINDOWS\AppPatch\ulkiutp.exe
    Size
    250K
    SHA-1
    736ec32fd438fb024c998307e06eba314fc104e7
    MD5
    32691a861666c6afb5c4b9ecd3b7bb2d
    CRC-32
    151262c0
    File type
    Windows executable
    First seen
    2013-09-18
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    userinit
    C:\WINDOWS\apppatch\ulkiutp.exe
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\apppatch\ulkiutp.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    run
    C:\WINDOWS\apppatch\ulkiutp.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    601f769f
    @□□□□□ □□□□□□□□□□□□□□0□□□P□□□□ 7□□□□□□□□□□□□□□□□p□□`C□□□□0□□□□□`y□□□□p□□□_□□7□p□□0m□0=□p7□0□□0}□□V□□K□□□□□□□□□□`f□□□□□□□□k□p□□0□□0'□□□□□C□□□□□□□□□□□□□p□□□e□□□□□□□p□□□□□`Y□p□□□w□□□□□□□□w□□□□0□□□C□□3□□^□0□□□□□□Q□□k□□#□0□□□□□□□□□□□s□□□□□□□□□□□□□□□□0□□0□□p□□`□□□□□P#□`a□0a□□□□0□□0□□`V□0>□□g□□□□p□□□□□□□□□□□□7□`y□□)□□□□0s□0□□P□□Pv□pW□`e□□□□□□□p{□□□□□□□0□□0□□0□□□N□□□□□□□□;□0□□□□□p□□□#□□1□□□□□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\apppatch\ulkiutp.exe,
DNS Requests
  • cicaratupig.eu
  • cihunemyror.eu
  • ciliqikytec.eu
  • cinepycusaw.eu
  • ciqydofudyx.eu
  • digivehusyd.eu
  • dikoniwudim.eu
  • dimutobihom.eu
  • divywysigud.eu
  • dixemazufel.eu
  • fobonobaxog.eu
  • fodakyhijyv.eu
  • fogeliwokih.eu
  • fokyxazolar.eu
  • foxivusozuc.eu
  • gadufiwabim.eu
  • gahihezenal.eu
  • galokusemus.eu
  • gatedyhavyd.eu
  • jefapexytar.eu
  • jejedudupuc.eu
  • jepororyrih.eu
  • jewuqyjywyv.eu
  • kefuwidijyp.eu
  • kemocujufys.eu
  • kepymexihak.eu
  • keraborigin.eu
  • lymylorozig.eu
  • lyruxyxaxaw.eu
  • lysovidacyx.eu
  • lyvejujolec.eu
  • magofetequb.eu
  • makagucyraj.eu
  • marytymenok.eu
  • masisokemep.eu
  • nofyjikoxex.eu
  • nojuletacuf.eu
  • nopegymozow.eu
  • nozoxucavaq.eu
  • pumadypyruv.eu
  • puregivytoh.eu
  • puvopalywet.eu
  • puzutuqeqij.eu
  • qederepuduf.eu
  • qegytuvufoq.eu
  • qeqinuqypoq.eu
  • qetoqolusex.eu
  • rydinivoloh.eu
  • rynazuqihoj.eu
  • ryqecolijet.eu
  • rytuvepokuv.eu
  • tucyguqaciq.eu
  • tunujolavez.eu
  • tupazivenom.eu
  • tuwikypabud.eu
  • vocumucokaj.eu
  • vofozymufok.eu
  • vojacikigep.eu
  • volebatijub.eu
  • voniqofolyt.eu
  • www.bing.com
  • xubifaremin.eu
  • xuqohyxeqak.eu
  • xutekidywyp.eu
  • xuxusujenes.eu

download Try Sophos products for free
Download now