Troj/SpyEye-GU

Category: Viruses and Spyware Protection available since:12 Jan 2013 00:51:46 (GMT)
Type: Trojan Last Updated:12 Jan 2013 00:51:46 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/SpyEye-GU include:

Example 1

File Information

Size
156K
SHA-1
02e3ea1d10285a19ea25f292b4627ad4b9711c39
MD5
edfd27ac363bdd28b73669cb2a97a1a7
CRC-32
f8e049d3
File type
Windows executable
First seen
2012-11-21

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1409
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Recovery
    ClearBrowsingHistoryOnExit
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1409
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\PhishingFilter
    ShownServiceDownBalloon
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1409
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1409
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnPost
    00 00 00 00
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
    1406
    0x00000000
Processes Created
  • c:\recycle.bin\b6232f3a448.exe
DNS Requests
  • sholkata1.com

Example 2

File Information

Size
302K
SHA-1
1ae8b712daf30ad01c162e68c48111d457ae2b18
MD5
0b6b921e1f860197df1e0324034cb252
CRC-32
acd169be
File type
Windows executable
First seen
2012-10-23

Example 3

File Information

Size
343K
SHA-1
fba1e3fa4add776d77fe44de0d9ea79c52b24356
MD5
4ee570a9b27eb13925bddc8855d81568
CRC-32
58328cb4
File type
Windows executable
First seen
2012-12-02

download Try Sophos products for free
Download now