Examples of Troj/VB-EWT include:
Example 1
File Information
- Size
- 92K
- SHA-1
- 27d7a64647e97850f1e69fadfa1fa60b5f569ad3
- MD5
- 23de0602653aa805bad773f89a026c24
- CRC-32
- 87d3574d
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-31
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe
- Size
- 152K
- SHA-1
- fdcc58c6c9e9097cbacd035012dbdaa7cdf2ed45
- MD5
- bb1fb3d263d0d2767e693ec7a0e04370
- CRC-32
- 98d2561d
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-06
- c:\Documents and Settings\test user\Local Settings\Temp\mzn.exe
- Size
- 152K
- SHA-1
- fdcc58c6c9e9097cbacd035012dbdaa7cdf2ed45
- MD5
- bb1fb3d263d0d2767e693ec7a0e04370
- CRC-32
- 98d2561d
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-06
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe:*:Enabled:Java Update Manager
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010090620100907
- CachePath
- %USERPROFILE%\Local Settings\History\History.IE5\MSHist012010090620100907\
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Java Update Manager
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe
Processes Created
- c:\documents and settings\support\application data\hex-5823-6893-6818\jutched.exe
- c:\docume~1\support\locals~1\temp\mzn.exe
HTTP Requests
- http://93.174.94.92/~denirulz/oc/fud.exe
- http://www.myspace.com/browse/browse.aspx
IP Connections
DNS Requests
- msnsolution.nicaze.net
- www.myspace.com
Example 2
File Information
- Size
- 148K
- SHA-1
- 3172f12015f9160a05107398f098cdc12c04210d
- MD5
- a3a3ebc328635253386bfb4e2b4f55ff
- CRC-32
- 6d6377dd
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-28
Other vendor detection
- Avira
- TR/Dldr.Genome.azcr.1
- Kaspersky
- Trojan-Downloader.Win32.Genome.azcr
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Java Update Manager
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe
- HKCU\Software\Octopus
- LastDeliver
- 08/09/2010
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe:*:Enabled:Java Update Manager
Processes Created
- c:\documents and settings\support\application data\hex-5823-6893-6818\jutched.exe
DNS Requests
Example 3
File Information
- Size
- 148K
- SHA-1
- d69db52b28992581b1c45b7ca96fc1c2b987c42f
- MD5
- 054947df354b2adb15a9c945ffdef349
- CRC-32
- d6754497
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-06
Other vendor detection
- Avira
- TR/Dldr.Genome.azcr.2
- Kaspersky
- Trojan-Downloader.Win32.Genome.azcr
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Java Update Manager
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe
- c:\Documents and Settings\test user\Application Data\HEX-5823-6893-6818\jutched.exe:*:Enabled:Java Update Manager