Troj/VB-GIR

Category:	Viruses and Spyware	Protection available since:	05 Jan 2013 05:08:20 (GMT)
Type:	Trojan	Last Updated:	05 Jan 2013 05:08:20 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/VB-GIR include:

Example 1

File Information

Size: 104K
SHA-1: 3ef7663bb31632444c20249b8a90ee7e18e93319
MD5: e2943216d89bbd9c6dca986e52498f14
CRC-32: 2a251e9f
File type: application/x-ms-dos-executable
First seen: 2012-01-27

Runtime Analysis

Copies Itself To

C:\WINDOWS\radioferic0.exe
C:\WINDOWS\system32\Teleferic0.exe

Dropped Files

C:\WINDOWS\system32\drivers\etc\hosts
Size
311
SHA-1
4ce70562c5fafd0a775baad54b767f8b9695a022
MD5
a7e2abeb2c6a34de53abcf5444afdd6e
CRC-32
066bb48b
First seen
2013-01-04
c:\Documents and Settings\test user\Local Settings\Temp\~DF29E.tmp
Size
16K
SHA-1
0143882d375e99fe74b8f97ec529d252d3ece123
MD5
1f096aa153aef01806960e4cb7300465
CRC-32
e9f3d87b
File type
Microsoft OLE2 file format
First seen
2012-07-18

Modified Files

%SYSTEM%\drivers\etc\hosts
- Changed the file contents

Registry Keys Created

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
C:\WINDOWS\radioferic0.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013010420130105
CacheRepair
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012121720121224
CacheRepair
0x00000000

HTTP Requests

http://www.claro.com/
http://www.claro.com/paises
http://www.claro.com/paises/
http://www.claro.com/paises/images/bg_inicio.jpg
http://www.claro.com/paises/images/bg_lat_der.jpg
http://www.claro.com/paises/images/bg_lat_izq.jpg
http://www.claro.com/paises/images/bg_shadow_esq_der_sup.jpg
http://www.claro.com/paises/images/bg_shadow_esq_izq_sup.jpg
http://www.claro.com/paises/images/bg_shadow_inf.jpg
http://www.claro.com/paises/images/bt_entrar_ro.png
http://www.claro.com/paises/images/bt_gris_directorio.png
http://www.claro.com/paises/images/bt_gris_directorio_ro.png
http://www.claro.com/paises/images/bt_gris_donde.png
http://www.claro.com/paises/images/bt_gris_donde_ro.png
http://www.claro.com/paises/images/bt_gris_quienes.png
http://www.claro.com/paises/images/bt_gris_quienes_ro.png
http://www.claro.com/paises/images/bt_gris_sitios.png
http://www.claro.com/paises/images/bt_gris_sitios_ro.png
http://www.claro.com/paises/images/logo_claro.jpg
http://www.claro.com/paises/images/rec_01.png
http://www.claro.com/paises/images/rec_02.png
http://www.claro.com/paises/images/rec_03.png
http://www.claro.com/paises/images/rec_04.png
http://www.claro.com/paises/images/rec_bg.png
http://www.claro.com/paises/selectorPaises.css
http://www.claro.com/wps/paises.jsp
http://www.k4n0.info/importes/server.php

DNS Requests

www.claro.com
www.k4n0.info

Example 2

File Information

Size: 100K
SHA-1: e1b2d229893b49746bcb429a6965d34c0662d807
MD5: 489f25a606a7821189a31fbbc9a5ec09
CRC-32: d2797832
File type: Windows executable
First seen: 2007-07-18

Runtime Analysis

Copies Itself To

C:\WINDOWS\system\wincal.exe

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\~DFCC3.tmp
C:\WINDOWS\system32\drivers\etc\hosts
Size
537
SHA-1
f8153b2b595fc9402db1da5df9d8d6547209e26f
MD5
bef26b2767c5f7bbfbc296fee9c38849
CRC-32
59f85254
File type
Hypertext Markup Language
First seen
2013-01-04

Modified Files

%SYSTEM%\drivers\etc\hosts
- Changed the file contents

Registry Keys Created

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
C:\WINDOWS\system\wincal.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013010420130105
CacheRepair
0x00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
EnableLUA
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012121720121224
CacheRepair
0x00000000
HKLM\SOFTWARE\Microsoft\Security Center
UACDisableNotify
0x00000000

HTTP Requests

http://clients1.google.cl/generate_204
http://protec21.co.kr/shop/file_pds_thumb2/packboard
http://ssl.gstatic.com/gb/js/scm_a5ede5fdd1410d6d8e6a412b12d9fdbf.js
http://www.google.cl/
http://www.google.cl/images/srpr/logo1w.png
http://www.google.cl/images/srpr/nav_logo80.png
http://www.google.cl/xjs/_/js/hp/sb_he,pcc/rt=j/ver=2Pr7mrMaui0.en_US./d=1/sv=1/rs=AItRSTPGRgyRrtz6Oh8ITFsxshRnZQGQbw

DNS Requests

clients1.google.cl
protec21.co.kr
ssl.gstatic.com
www.google.cl

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/VB-GIR

Example 1

File Information

Runtime Analysis

Copies Itself To

Dropped Files

Modified Files

Registry Keys Created

HTTP Requests

DNS Requests

Example 2

File Information

Runtime Analysis

Copies Itself To

Dropped Files

Modified Files

Registry Keys Created

HTTP Requests

DNS Requests

Free Mac Anti-Virus

Popular topics