Troj/Sirefef-CW

Category: Viruses and Spyware Protection available since:09 Oct 2013 17:45:00 (GMT)
Type: Trojan Last Updated:09 Oct 2013 17:45:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Sirefef-CW exhibits the following characteristics:

File Information

Size
236K
SHA-1
b187c1c105e7daa57cfd46dd197baadeaedeb3bf
MD5
4968df57440a2c8fb97580ec934e4dcb
CRC-32
e4690154
File type
Windows executable
First seen
2013-10-09

Other vendor detection

Avira
TR/Crypt.ZPACK.23196

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    "c:\Documents and Settings\test user\Local Settings\Application Data\Google\Desktop\Install\{8b2e7cc0-3175-028b-9a2b-805595885191}\???\???\???\{8b2e7cc0-3175-028b-9a2b-805595885191}\GoogleUpdate.exe" >
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    DeleteFlag
    0x00000001
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    ErrorControl
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum
    NextInstance
    0x00000000
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 1.169.136.217:16464
  • 105.133.83.62:16464
  • 105.227.32.54:16464
  • 109.125.30.139:16464
  • 109.83.100.248:16464
  • 111.58.186.103:16464
  • 116.70.168.2:16464
  • 117.231.10.25:16464
  • 119.234.152.52:16464
  • 119.235.83.23:16464
  • 122.99.102.162:16464
  • 124.180.85.169:16464
  • 130.204.146.135:16464
  • 141.170.198.76:16464
  • 158.108.82.158:16464
  • 158.193.110.147:16464
  • 161.53.202.134:16464
  • 176.123.249.171:16464
  • 178.125.137.99:16464
  • 178.165.25.222:16464
  • 178.24.169.144:16464
  • 178.90.147.47:16464
  • 179.253.173.9:16464
  • 180.251.234.197:16464
  • 180.75.253.127:16464
  • 180.94.163.230:16464
  • 181.135.173.51:16464
  • 183.97.151.59:16464
  • 184.167.204.44:16464
  • 186.51.140.93:16464
  • 187.247.164.208:16464
  • 188.26.34.162:16464
  • 190.56.108.107:16464
  • 190.83.145.25:16464
  • 194.165.17.4:53
  • 194.225.198.205:16464
  • 197.204.128.121:16464
  • 2.192.68.107:16464
  • 200.93.52.205:16464
  • 201.186.166.20:16464
  • 203.218.209.7:16464
  • 206.248.150.119:16464
  • 213.161.6.241:16464
  • 217.211.125.220:16464
  • 24.135.9.234:16464
  • 24.244.173.37:16464
  • 27.3.71.29:16464
  • 41.213.176.175:16464
  • 46.120.136.202:16464
  • 46.250.78.203:16464
  • 60.234.54.162:16464
  • 78.157.66.153:16464
  • 8.8.8.8:53
  • 80.3.182.173:16464
  • 80.72.49.48:16464
  • 84.107.143.181:16464
  • 84.194.58.41:16464
  • 84.236.79.230:16464
  • 84.50.131.115:16464
  • 86.61.194.37:16464
  • 87.102.237.132:16464
  • 87.110.25.178:16464
  • 87.237.237.210:16464
  • 88.163.39.243:16464
  • 88.247.23.216:16464
  • 90.162.70.104:16464
  • 95.104.47.170:16464
DNS Requests
  • j.maxmind.com

download Try Sophos products for free
Download now