Examples of Troj/VB-EWW include:
Example 1
File Information
- Size
- 44K
- SHA-1
- 20471a5f8e5fd6c827ffd943969ee000594e6d9b
- MD5
- 63cd38c6377ae2121bb185e1b36e7acb
- CRC-32
- e1ec348e
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-29
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\~DF743A.tmp
HTTP Requests
- http://cdn.tynt.com/tc.js
- http://p.ic.tynt.com/b/p
- http://whos.amung.us/twidget/elzti8fx6bdw/left/Documento%20sin%20t%C3%ADtulo
- http://widgets.amung.us/classictab/00/1-left.png
- http://widgets.amung.us/tab.js
- http://www.ganedirecto.com/
- http://www.ganedirecto.com/up.php
DNS Requests
- cdn.tynt.com
- p.ic.tynt.com
- whos.amung.us
- widgets.amung.us
- www.ganedirecto.com
Example 2
File Information
- Size
- 44K
- SHA-1
- 593f1294ec1d10487f93e3d5e019c280f4dc9679
- MD5
- de2ea2e5d3b86e4c2ff56dd431341fbf
- CRC-32
- f58e33a0
- File type
- application/x-ms-dos-executable
- First seen
- 2010-08-25
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\~DF6A4D.tmp
HTTP Requests
- http://cdn.tynt.com/tc.js
- http://whos.amung.us/widget/w4lcl0hkd3ia/
- http://widgets.amung.us/classic.js
- http://widgets.amung.us/classic/00/31.png
- http://www.ademails.com/cgi-bin/contador.cgi
- http://www.megaredanuncios.com/
- http://www.mensajesperu.com/lista.html
DNS Requests
- cdn.tynt.com
- whos.amung.us
- widgets.amung.us
- www.ademails.com
- www.megaredanuncios.com
- www.mensajesperu.com
Example 3
File Information
- Size
- 44K
- SHA-1
- 9870f397f538885916333c4b4fdcc7060c483c08
- MD5
- eef48512e7f645c1de5d7264e5fda5ce
- CRC-32
- 865bee07
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-06
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\~DF6D13.tmp
HTTP Requests
- http://widgets.amung.us/tab.js
- http://www.ganedirecto.com/up.php
- http://www.megaredanuncios.com/
DNS Requests
- widgets.amung.us
- www.ganedirecto.com
- www.megaredanuncios.com