Examples of Troj/Spyeye-G include:
Example 1
File Information
- Size
- 261K
- SHA-1
- 51de5c15dbafb16141365034ae057e6c4407fe35
- MD5
- d35e1ea984c0302d8aa39f7acec04d33
- CRC-32
- e5cea8f3
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-05
Runtime Analysis
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- ProxyHttp1.1
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1409
- 0x00000003
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- WarnOnPost
- 00 00 00 00
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
- 1406
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
- 1406
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
- 1406
- 0x00000000
Processes Created
- c:\mssetupers.exe\mssetupers.exe
HTTP Requests
- http://clickxfinder.com/warrior/gate.php
IP Connections
DNS Requests
Example 2
File Information
- Size
- 263K
- SHA-1
- c8b7391277cb4c2088c7dd4cc85d01074342ce95
- MD5
- 0819a300098eea834ee5e1248c8ddee1
- CRC-32
- 4bc3dc1d
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-05
Example 3
File Information
- Size
- 148K
- SHA-1
- d86d0f3024737a093a9abdb00d087f2422b43e00
- MD5
- 18cf94f310b21c4fde0acd6295d53698
- CRC-32
- 9591f9f7
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-05
Other vendor detection
- Kaspersky
- Trojan-Spy.Win32.SpyEyes.abx
Runtime Analysis
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- ProxyHttp1.1
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1409
- 0x00000003
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1409
- 0x00000003
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
- 1406
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
- 1406
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
- 1406
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- WarnOnPost
- 00 00 00 00
Processes Created
- c:\mssetupers.exe\mssetupers.exe
HTTP Requests
- http://clickxfinder.com/warrior/gate.php
IP Connections
DNS Requests