Examples of Troj/VB-EWF include:
Example 1
File Information
- Size
- 512K
- SHA-1
- 01225cef399a5f355d8c0915be01cd522a42a5de
- MD5
- b13bca0ae5e64e5093abdacdf80fe28d
- CRC-32
- cf91211e
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-14
Runtime Analysis
Dropped Files
- C:\WINDOWS\trojans3).exe
- Size
- 488K
- SHA-1
- 01ea49afd51f5a6056b62c8773c7081d94d47606
- MD5
- 46cd8334225b5d726e9418b7520ae5b1
- CRC-32
- af3c0e6a
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-14
Processes Created
Example 2
File Information
- Size
- 991K
- SHA-1
- 1c60ee8ba0f40970f386ec9b8e0668ae7fbac03e
- MD5
- 1ead8838b2d21e287ba3e0313cba660d
- CRC-32
- b7210f86
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-19
Runtime Analysis
Dropped Files
- C:\WINDOWS\sa.exe
- Size
- 249K
- SHA-1
- 719dd8fb05681371a6751c2264d2fb0e5a2bba1f
- MD5
- 1b23817dbeb36a65b5f117761ee4d4b9
- CRC-32
- 40b629ef
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-21
- C:\WINDOWS\FaceBook Freezer.exe
Modified Files
- %PROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
- Changed the file contents
Processes Created
- c:\windows\facebook freezer.exe
DNS Requests
Example 3
File Information
- Size
- 527K
- SHA-1
- 26e4a96cd962939300edc8f901e0001982bab3f0
- MD5
- e3164c7aaedf3457d9ece3a2d9e886a3
- CRC-32
- cd56d075
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-19
Runtime Analysis
Dropped Files
- C:\WINDOWS\de.exe
- Size
- 266K
- SHA-1
- 264baeb01bc5ab980f25f90d8e8169227b360347
- MD5
- e1553ad9c41a5d3d01e81d110ea39c2a
- CRC-32
- 7b0e1e55
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-20
- C:\WINDOWS\X Bomber.exe
- Size
- 237K
- SHA-1
- b27c58acd75fad6a1fd836c6e843e71a29491edb
- MD5
- c025316bf5af320ce24c78b4837f76d0
- CRC-32
- 5b5618b3
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-20
Modified Files
- %PROFILE%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
- Changed the file contents
Processes Created