Troj/Tinba-D

Category: Viruses and Spyware Protection available since:13 Dec 2013 17:56:31 (GMT)
Type: Trojan Last Updated:13 Dec 2013 23:28:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Tinba-D include:

Example 1

File Information

Size
69K
SHA-1
94999eb19b5e6794bfec4ff7d5f47cbf4bf62ae3
MD5
b960af2726026897cbf4b82bf3f17f3d
CRC-32
2c09a5f9
File type
Windows executable
First seen
2013-11-14

Other vendor detection

Avira
TR/Crypt.ZPACK.22645

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\ENMil\queen.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Main
    TabProcGrowth
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ENMil
    c:\Documents and Settings\test user\Application Data\ENMil\queen.exe
Processes Created
  • c:\windows\system32\winver.exe

Example 2

File Information

Size
70K
SHA-1
089c9bfcfb866620759211741e38bc1e6ca701b4
MD5
48ee2faac63f4e4f890bf7970a556e44
CRC-32
eebbe53f
File type
Windows executable
First seen
2013-12-13

Example 3

File Information

Size
64K
SHA-1
1c70a0f3e6a6c25b4af9fcac6259bdc44105c06b
MD5
7b3f8a9ec67fe47ad78f8fe30aa82d23
CRC-32
bc8d9a05
File type
Windows executable
First seen
2013-12-13

Other vendor detection

Avira
TR/Tinba.A.164

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\WRTSigTool\wrtsigtool.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Main
    TabProcGrowth
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    WRTSigTool
    c:\Documents and Settings\test user\Application Data\WRTSigTool\wrtsigtool.exe
Processes Created
  • c:\windows\system32\winver.exe

download Try Sophos products for free
Download now