Troj/Shiz-AX

Category: Viruses and Spyware Protection available since:19 Sep 2013 16:44:30 (GMT)
Type: Trojan Last Updated:19 Sep 2013 16:44:30 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Shiz-AX include:

Example 1

File Information

Size
293K
SHA-1
02a63addbd0178a8871011d431de2a40999c7f49
MD5
eaada41746e282530bc45c9ff25ca22e
CRC-32
04b4ff85
File type
Windows executable
First seen
2012-07-16

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Dropped Files
  • C:\WINDOWS\AppPatch\kdbkaxt.exe
    Size
    293K
    SHA-1
    2d8de0704347ac84f6bba3006f1758743686c1c1
    MD5
    f906c38cf5507e7390cc63ed461fe517
    CRC-32
    ae4b6335
    File type
    Windows executable
    First seen
    2013-09-18
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    601f769f
    @□□□□□ □□□□□□□□□□□□□□0□□□P□□□□□?□□□□□□□□□□□□□□□□p□□`C□□□□0□□□□□`y□□□□p□□□_□□7□p□□0m□0=□p7□0□□0}□□V□□K□□□□□□□□□□`f□□□□□□□□k□p□□0□□0'□□□□□C□□□□□□□□□□□□□p□□□e□□□□□□□p□□□□□`Y□p□□□w□□□□□□□□w□□□□0□□□C□□3□□^□0□□□□□□Q□□k□□#□0□□□□□□□□□□□s□□□□□□□□□□□□□□□□0□□0□□p□□`□□□□□P#□`a□0a□□□□0□□0□□`V□0>□□g□□□□p□□□□□□□□□□□□7□`y□□)□□□□0s□0□□P□□Pv□pW□`e□□□□□□□p{□□□□□□□0□□0□□0□□□N□□□□□□□□;□0□□□□□p□□□#□□1□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    run
    C:\WINDOWS\apppatch\kdbkaxt.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    userinit
    C:\WINDOWS\apppatch\kdbkaxt.exe
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\apppatch\kdbkaxt.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\apppatch\kdbkaxt.exe,
DNS Requests
  • cicaratupig.eu
  • cihunemyror.eu
  • ciliqikytec.eu
  • cinepycusaw.eu
  • ciqydofudyx.eu
  • digivehusyd.eu
  • dikoniwudim.eu
  • dimutobihom.eu
  • divywysigud.eu
  • dixemazufel.eu
  • fobonobaxog.eu
  • fodakyhijyv.eu
  • fogeliwokih.eu
  • fokyxazolar.eu
  • foxivusozuc.eu
  • gadufiwabim.eu
  • gahihezenal.eu
  • galokusemus.eu
  • gatedyhavyd.eu
  • jefapexytar.eu
  • jejedudupuc.eu
  • jepororyrih.eu
  • jewuqyjywyv.eu
  • kefuwidijyp.eu
  • kemocujufys.eu
  • kepymexihak.eu
  • keraborigin.eu
  • lymylorozig.eu
  • lyruxyxaxaw.eu
  • lysovidacyx.eu
  • lyvejujolec.eu
  • magofetequb.eu
  • makagucyraj.eu
  • marytymenok.eu
  • masisokemep.eu
  • nofyjikoxex.eu
  • nojuletacuf.eu
  • nopegymozow.eu
  • nozoxucavaq.eu
  • pumadypyruv.eu
  • puregivytoh.eu
  • puvopalywet.eu
  • puzutuqeqij.eu
  • qederepuduf.eu
  • qegytuvufoq.eu
  • qeqinuqypoq.eu
  • qetoqolusex.eu
  • rydinivoloh.eu
  • rynazuqihoj.eu
  • ryqecolijet.eu
  • rytuvepokuv.eu
  • tucyguqaciq.eu
  • tunujolavez.eu
  • tupazivenom.eu
  • tuwikypabud.eu
  • vocumucokaj.eu
  • vofozymufok.eu
  • vojacikigep.eu
  • volebatijub.eu
  • voniqofolyt.eu
  • www.bing.com
  • xubifaremin.eu
  • xuqohyxeqak.eu
  • xutekidywyp.eu
  • xuxusujenes.eu

Example 2

File Information

File type
Windows executable

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Dropped Files
  • C:\WINDOWS\AppPatch\cniwldy.exe
    Size
    293K
    SHA-1
    610a1742dba6f346e2571d34d0d883dada666ab4
    MD5
    e61eca175ba51cf1d7858b79dfdf7205
    CRC-32
    6dc3eb34
    File type
    Windows executable
    First seen
    2013-09-18
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    run
    C:\WINDOWS\apppatch\cniwldy.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    601f769f
    @□□□□□ □□□□□□□□□□□□□□0□□□P□□□□@5□ □□0□□ □□□□□□□□p□□`C□□□□0□□□□□`y□□□□p□□□_□□7□p□□0m□0=□p7□0□□0}□□V□□K□□□□□□□□□□`f□□□□□□□□k□p□□0□□0'□□□□□C□□□□□□□□□□□□□p□□□e□□□□□□□p□□□□□`Y□p□□□w□□□□□□□□w□□□□0□□□C□□3□□^□0□□□□□□Q□□k□□#□0□□□□□□□□□□□s□□□□□□□□□□□□□□□□0□□0□□p□□`□□□□□P#□`a□0a□□□□0□□0□□`V□0>□□g□□□□p□□□□□□□□□□□□7□`y□□)□□□□0s□0□□P□□Pv□pW□`e□□□□□□□p{□□□□□□□0□□0□□0□□□N□□□□□□□□;□0□□□□□p□□□#□□1□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    userinit
    C:\WINDOWS\apppatch\cniwldy.exe
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\apppatch\cniwldy.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\apppatch\cniwldy.exe,
DNS Requests
  • cicaratupig.eu
  • cihunemyror.eu
  • ciliqikytec.eu
  • cinepycusaw.eu
  • ciqydofudyx.eu
  • digivehusyd.eu
  • dikoniwudim.eu
  • dimutobihom.eu
  • divywysigud.eu
  • dixemazufel.eu
  • fobonobaxog.eu
  • fodakyhijyv.eu
  • fogeliwokih.eu
  • fokyxazolar.eu
  • foxivusozuc.eu
  • gadufiwabim.eu
  • gahihezenal.eu
  • galokusemus.eu
  • gatedyhavyd.eu
  • jefapexytar.eu
  • jejedudupuc.eu
  • jepororyrih.eu
  • jewuqyjywyv.eu
  • kefuwidijyp.eu
  • kemocujufys.eu
  • kepymexihak.eu
  • keraborigin.eu
  • lymylorozig.eu
  • lyruxyxaxaw.eu
  • lysovidacyx.eu
  • lyvejujolec.eu
  • magofetequb.eu
  • makagucyraj.eu
  • marytymenok.eu
  • masisokemep.eu
  • nofyjikoxex.eu
  • nojuletacuf.eu
  • nopegymozow.eu
  • nozoxucavaq.eu
  • pumadypyruv.eu
  • puregivytoh.eu
  • puvopalywet.eu
  • puzutuqeqij.eu
  • qederepuduf.eu
  • qegytuvufoq.eu
  • qeqinuqypoq.eu
  • qetoqolusex.eu
  • rydinivoloh.eu
  • rynazuqihoj.eu
  • ryqecolijet.eu
  • rytuvepokuv.eu
  • tucyguqaciq.eu
  • tunujolavez.eu
  • tupazivenom.eu
  • tuwikypabud.eu
  • vocumucokaj.eu
  • vofozymufok.eu
  • vojacikigep.eu
  • volebatijub.eu
  • voniqofolyt.eu
  • www.bing.com
  • xubifaremin.eu
  • xuqohyxeqak.eu
  • xutekidywyp.eu
  • xuxusujenes.eu

Example 3

File Information

Size
293K
SHA-1
0cc767a42fe274cc8238fe4dc812042cd8602546
MD5
cde1ecd7d2ace45a3e986ee6724ac756
CRC-32
bc5b49b0
File type
Windows executable
First seen
2012-07-28

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Dropped Files
  • C:\WINDOWS\AppPatch\ivypavj.exe
    Size
    293K
    SHA-1
    8b2fffc6ab3c8707cc3c3f30870f5a07195d1935
    MD5
    16a77c44e97977a9aeec7f6a9af980f3
    CRC-32
    0cfd0eb7
    File type
    Windows executable
    First seen
    2013-09-18
Registry Keys Created
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    run
    C:\WINDOWS\apppatch\ivypavj.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    601f769f
    @□□□□□ □□□□□□□□□□□□□□0□□□P□□□□□-□ □□□□□□□□□□□□□□p□□`C□□□□0□□□□□`y□□□□p□□□_□□7□p□□0m□0=□p7□0□□0}□□V□□K□□□□□□□□□□`f□□□□□□□□k□p□□0□□0'□□□□□C□□□□□□□□□□□□□p□□□e□□□□□□□p□□□□□`Y□p□□□w□□□□□□□□w□□□□0□□□C□□3□□^□0□□□□□□Q□□k□□#□0□□□□□□□□□□□s□□□□□□□□□□□□□□□□0□□0□□p□□`□□□□□P#□`a□0a□□□□0□□0□□`V□0>□□g□□□□p□□□□□□□□□□□□7□`y□□)□□□□0s□0□□P□□Pv□pW□`e□□□□□□□p{□□□□□□□0□□0□□0□□□N□□□□□□□□;□0□□□□□p□□□#□□1□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    run
    C:\WINDOWS\apppatch\ivypavj.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    userinit
    C:\WINDOWS\apppatch\ivypavj.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\apppatch\ivypavj.exe,
DNS Requests
  • cicaratupig.eu
  • cihunemyror.eu
  • ciliqikytec.eu
  • cinepycusaw.eu
  • ciqydofudyx.eu
  • digivehusyd.eu
  • dikoniwudim.eu
  • dimutobihom.eu
  • divywysigud.eu
  • dixemazufel.eu
  • fobonobaxog.eu
  • fodakyhijyv.eu
  • fogeliwokih.eu
  • fokyxazolar.eu
  • foxivusozuc.eu
  • gadufiwabim.eu
  • gahihezenal.eu
  • galokusemus.eu
  • gatedyhavyd.eu
  • jefapexytar.eu
  • jejedudupuc.eu
  • jepororyrih.eu
  • jewuqyjywyv.eu
  • kefuwidijyp.eu
  • kemocujufys.eu
  • kepymexihak.eu
  • keraborigin.eu
  • lymylorozig.eu
  • lyruxyxaxaw.eu
  • lysovidacyx.eu
  • lyvejujolec.eu
  • magofetequb.eu
  • makagucyraj.eu
  • marytymenok.eu
  • masisokemep.eu
  • nofyjikoxex.eu
  • nojuletacuf.eu
  • nopegymozow.eu
  • nozoxucavaq.eu
  • pumadypyruv.eu
  • puregivytoh.eu
  • puvopalywet.eu
  • puzutuqeqij.eu
  • qederepuduf.eu
  • qegytuvufoq.eu
  • qeqinuqypoq.eu
  • qetoqolusex.eu
  • rydinivoloh.eu
  • rynazuqihoj.eu
  • ryqecolijet.eu
  • rytuvepokuv.eu
  • tucyguqaciq.eu
  • tunujolavez.eu
  • tupazivenom.eu
  • tuwikypabud.eu
  • vocumucokaj.eu
  • vofozymufok.eu
  • vojacikigep.eu
  • volebatijub.eu
  • voniqofolyt.eu
  • www.bing.com
  • xubifaremin.eu
  • xuqohyxeqak.eu
  • xutekidywyp.eu
  • xuxusujenes.eu

download Try Sophos products for free
Download now