Troj/VB-EWI

Category: Viruses and Spyware Protection available since:05 Sep 2010 06:30:11 (GMT)
Type: Trojan Last Updated:05 Sep 2010 06:30:11 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/VB-EWI include:

Example 1

File Information

Size
736K
SHA-1
006bda4b02f70a06d1356b82d1c5a8da460abb32
MD5
6ef597f925597a431df50ee420acdb9b
CRC-32
66327c1f
File type
application/x-ms-dos-executable
First seen
2010-09-02

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\moiu.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\data.dat
    Size
    32
    SHA-1
    8beda3bebb4b7db56fcefd068ff61bc1048a9770
    MD5
    6f4772a5595f825f3a0fadc8d2006db8
    CRC-32
    b35d5643
    File type
    application/octet-stream
    First seen
    2010-09-03
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    pg
    c:\Documents and Settings\test user\Application Data\moiu.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
    4NHEGCAJN4
    September 3, 2010
  • HKCU\Software\VB and VBA Program Settings\SrvID\ID
    4NHEGCAJN4
    Blackshades
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{DFBAA539-E5DB-FFBB-ABEB-DCB354A897C4}
    StubPath
    c:\Documents and Settings\test user\Application Data\moiu.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    pg
    c:\Documents and Settings\test user\Application Data\moiu.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\\test_item.exe
    c:\\test_item.exe:*:Enabled:Windows Messanger
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
HTTP Requests
  • http://bss-crypt.no-ip.info/MSWINSCK.OCX
DNS Requests
  • bss-crypt.no-ip.info
  • moi147.no-ip.biz

Example 2

File Information

Size
919K
SHA-1
07efd560c0251b9afb50e6679750a009381b8872
MD5
357113632b81b78f012f03bfe3e85306
CRC-32
42f5c906
File type
application/x-ms-dos-executable
First seen
2010-09-02

Example 3

File Information

Size
921K
SHA-1
08e45f4d00f1d5cb55e8319ebc34d6372145aee9
MD5
404ac3827b45eb4b23d29517f374a555
CRC-32
c5e53c3b
File type
application/x-ms-dos-executable
First seen
2010-09-01

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy