Examples of Troj/VB-GGA include:
Example 1
File Information
- Size
- 309K
- SHA-1
- 4e3d813d1e6b2a2ea8c0a596662baed0ba50ab8e
- MD5
- 5145ce41b46e034e686d6419782d15a0
- CRC-32
- 95ee18b9
- File type
- Windows executable
- First seen
- 2012-12-08
Other vendor detection
- Avira
- TR/Dropper.Gen
Example 2
File Information
- Size
- 309K
- SHA-1
- 6f0f339743f6ebd835607b6cd15e9b11df08452b
- MD5
- e5801ec98c098c1b081f977f7c60ec22
- CRC-32
- 8661b9fe
- File type
- Windows executable
- First seen
- 2012-12-08
Other vendor detection
- Avira
- TR/Dropper.Gen
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Roguaf\yrtiu.kog
- Size
- 477
- SHA-1
- c03e92ea97171773099a3f00e50f5500740cda79
- MD5
- d47321889cff344e28ce0d91a355123a
- CRC-32
- dadde4c4
- File type
- OpenPGP/GPG encrypted file
- First seen
- 2012-12-08
- c:\Documents and Settings\test user\Application Data\Howaq\nedi.exe
- Size
- 309K
- SHA-1
- 4e3d813d1e6b2a2ea8c0a596662baed0ba50ab8e
- MD5
- 5145ce41b46e034e686d6419782d15a0
- CRC-32
- 95ee18b9
- File type
- Windows executable
- First seen
- 2012-12-08
- C:\debug.txt
Modified Files
- %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
- %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
- %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
- HKCU\Software\Microsoft\Cyhyve
- Toox
- #M□@7□□A□□$□p□□0{□□□□□□□ □□□□□ □□□□□□\□□;□□K□□□□□□□□S□0□□`+□□□□□[□P□□□□□□X□ □□□□□□□□□□□□□□I□□V□□n□□8□0L□`□□□□□□k□□F□□□□□□□□□□p□□□□□□□□0b□□\□□□□pK□□□□p□□`□□@a□□~□□;□0□□0□□□□□
- HKCU\Identities
- Identity Login
- 0x00098053
- HKCU\Software\Microsoft\Internet Explorer\Privacy
- CleanCookies
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {B8212D5A-1FAB-E895-82CF-4166EF570FE5}
- "c:\Documents and Settings\test user\Application Data\Howaq\nedi.exe"
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
- HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
- Compact Check Count
- 0x00000007
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
- TimeStamp
- 40 b4 95 2d 53 d5 cd 01
Processes Created
- c:\Documents and Settings\test user\application data\howaq\nedi.exe
- c:\windows\system32\cmd.exe
HTTP Requests
- http://satoribeauty.co.uk/img/sato.bin
- http://www.google.bg/webhp
- http://www.google.com/webhp
DNS Requests
- satoribeauty.co.uk
- www.google.bg
- www.google.com