Troj/VB-GIL

Category: Viruses and Spyware Protection available since:23 Dec 2012 23:09:36 (GMT)
Type: Trojan Last Updated:28 Jun 2013 06:09:54 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/VB-GIL include:

Example 1

File Information

Size
684K
SHA-1
0ebaf3fdbab8da32e3f4371af281a1ff3f8a2bb0
MD5
26c15165d2704a518cf82dd89c25e63f
CRC-32
2800b7ee
File type
Windows executable
First seen
2013-04-25

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Common Files\openv.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF1B73.tmp
    Size
    64K
    SHA-1
    1215ad8894a9a2111931c4299df9eb325f57d713
    MD5
    f9404627facf97af0e461e9ca63c12a3
    CRC-32
    69cb7cc6
    File type
    Microsoft OLE2 file format
    First seen
    2013-03-04
Registry Keys Created
  • HKCU\Software\VB and VBA Program Settings\C:\Documents and Settings\All Users\Common Files\Timess
    Timess
    Y
  • HKCU\Software\VB and VBA Program Settings\C:\Documents and Settings\All Users\Common Files\Settimess
    Settimess
    `
  • HKCU\Software\VB and VBA Program Settings\C:\Documents and Settings\All Users\Common Files\textlogsss
    textlogsss
    shanghai
  • HKCU\Software\VB and VBA Program Settings\C:\Documents and Settings\All Users\Common Files\babag
    babag
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    openv
    C:\Documents and Settings\All Users\Common Files\openv.exe
  • HKCU\Software\VB and VBA Program Settings\C:\Documents and Settings\All Users\Common Files\note
    note
    NEW WEEK
  • HKCU\Software\VB and VBA Program Settings\C:\Documents and Settings\All Users\Common Files\logss
    logss
  • HKCU\Software\VB and VBA Program Settings\C:\Documents and Settings\All Users\Common Files\htt
    htt
    http://sonunigam.us/opt/mainpage.php
Processes Created
  • c:\documents and settings\all users\common files\openv.exe
HTTP Requests
  • http://assassin-rat.biz/ht2.txt
  • http://www.samair.ru/proxy/proxychecker/country.htm
DNS Requests
  • assassin-rat.biz
  • sonunigam.us
  • www.samair.ru

Example 2

File Information

Size
992K
SHA-1
1aa65e8fd216f0b6af6fc5377d2dbbb2578a1690
MD5
7af89e55cf02a08d47fa8cfb2c892a44
CRC-32
c48ed9a3
File type
Windows executable
First seen
2013-01-09

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\slip.jpg
    Size
    14K
    SHA-1
    a9af0883c5c05c6b66788d97aaca30b0ea4a014c
    MD5
    f2208d56cb18c0952219c65d05b9c947
    CRC-32
    80d5e1f4
    File type
    JPEG Interchange Format
    First seen
    2012-12-23
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    donx
    C:\Documents and Settings\All Users\Common Files\donx.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\rundll32.exe
  • c:\windows\system32\taskkill.exe

Example 3

File Information

Size
497K
SHA-1
1c9d0b5970b6bdf8ffa7b339a330937e744fc6fa
MD5
eeeb24eb7e7f6c5ea2e3a122995b17d5
CRC-32
3fdc988c
File type
Windows executable
First seen
2013-06-12

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    openv
    C:\Documents and Settings\All Users\Common Files\openv.exe

download Try Sophos products for free
Download now