Troj/StartP-DX

Category: Viruses and Spyware Protection available since:03 Sep 2010 00:50:42 (GMT)
Type: Trojan Last Updated:03 Sep 2010 00:50:42 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/StartP-DX include:

Example 1

File Information

Size
1.1M
SHA-1
5b385fabc577ce9589f769b38cb974eb038afcfe
MD5
b3a7515c4c5f92d792d2cbe09aac8035
CRC-32
3b70fc98
File type
application/x-ms-dos-executable
First seen
2010-09-02

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\pyversion.ini
  • C:\SeFastInstall3_3248.exe
    Size
    228K
    SHA-1
    01d032e89ef65b445971731fa9fa4525f0692a3d
    MD5
    1c6391373afeb3c84d5b646de8b91e33
    CRC-32
    d5b60fa0
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-01
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\office.exe
    Size
    376K
    SHA-1
    f29c6eaaf620da829875f22589bb76bf4a3b0fbf
    MD5
    cc19f86208ae6903df5225812cfaf761
    CRC-32
    de5f56e4
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-02
  • C:\game.exe
    Size
    376K
    SHA-1
    f29c6eaaf620da829875f22589bb76bf4a3b0fbf
    MD5
    cc19f86208ae6903df5225812cfaf761
    CRC-32
    de5f56e4
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-02
  • C:\WINDOWS\caluecc.exe
    Size
    376K
    SHA-1
    f29c6eaaf620da829875f22589bb76bf4a3b0fbf
    MD5
    cc19f86208ae6903df5225812cfaf761
    CRC-32
    de5f56e4
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-02
Processes Created
  • c:\game.exe
  • c:\sefastinstall3_3248.exe
  • c:\windows\caluecc.exe
HTTP Requests
  • http://config.ie.sogou.com/seversion.txt
  • http://down.xingkongjisu.com/flashplayer.htm
  • http://dt.tongji.linezing.com/tongji.do
  • http://ime.sogou.com/fastversion.txt
  • http://js.tongji.linezing.com/1239554/tongji.js
  • http://ping.ie.sogou.com/sepush.gif
  • http://www.2548.cn/css/css.css
  • http://www.2548.cn/index7.html
  • http://www.58lala.com/
  • http://www.on86.com/
DNS Requests
  • config.ie.sogou.com
  • down.xingkongjisu.com
  • download.ie.sogou.com
  • dt.tongji.linezing.com
  • ime.sogou.com
  • js.tongji.linezing.com
  • pagead2.googlesyndication.com
  • ping.ie.sogou.com
  • www.2548.cn
  • www.58lala.com
  • www.on86.com

Example 2

File Information

Size
376K
SHA-1
f29c6eaaf620da829875f22589bb76bf4a3b0fbf
MD5
cc19f86208ae6903df5225812cfaf761
CRC-32
de5f56e4
File type
application/x-ms-dos-executable
First seen
2010-09-02

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\caluecc.exe
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\office.exe
Processes Created
  • c:\windows\caluecc.exe

Example 3

File Information

Size
1.1M
SHA-1
0137a4f78854fb1cb5c78f723a46d6cc4f0c2c52
MD5
66b31608a11f229417ff2dcaca9dadbd
CRC-32
222d224f
File type
application/x-ms-dos-executable
First seen
2010-10-15

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy