Troj/VB-GIR

Category: Viruses and Spyware Protection available since:05 Jan 2013 05:08:20 (GMT)
Type: Trojan Last Updated:05 Jan 2013 05:08:20 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/VB-GIR include:

Example 1

File Information

Size
104K
SHA-1
3ef7663bb31632444c20249b8a90ee7e18e93319
MD5
e2943216d89bbd9c6dca986e52498f14
CRC-32
2a251e9f
File type
application/x-ms-dos-executable
First seen
2012-01-27

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\radioferic0.exe
  • C:\WINDOWS\system32\Teleferic0.exe
Dropped Files
  • C:\WINDOWS\system32\drivers\etc\hosts
    Size
    311
    SHA-1
    4ce70562c5fafd0a775baad54b767f8b9695a022
    MD5
    a7e2abeb2c6a34de53abcf5444afdd6e
    CRC-32
    066bb48b
    First seen
    2013-01-04
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF29E.tmp
    Size
    16K
    SHA-1
    0143882d375e99fe74b8f97ec529d252d3ece123
    MD5
    1f096aa153aef01806960e4cb7300465
    CRC-32
    e9f3d87b
    File type
    Microsoft OLE2 file format
    First seen
    2012-07-18
Modified Files
  • %SYSTEM%\drivers\etc\hosts
    • Changed the file contents
Registry Keys Created
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    load
    C:\WINDOWS\radioferic0.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013010420130105
    CacheRepair
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012121720121224
    CacheRepair
    0x00000000
HTTP Requests
  • http://www.claro.com/
  • http://www.claro.com/paises
  • http://www.claro.com/paises/
  • http://www.claro.com/paises/images/bg_inicio.jpg
  • http://www.claro.com/paises/images/bg_lat_der.jpg
  • http://www.claro.com/paises/images/bg_lat_izq.jpg
  • http://www.claro.com/paises/images/bg_shadow_esq_der_sup.jpg
  • http://www.claro.com/paises/images/bg_shadow_esq_izq_sup.jpg
  • http://www.claro.com/paises/images/bg_shadow_inf.jpg
  • http://www.claro.com/paises/images/bt_entrar_ro.png
  • http://www.claro.com/paises/images/bt_gris_directorio.png
  • http://www.claro.com/paises/images/bt_gris_directorio_ro.png
  • http://www.claro.com/paises/images/bt_gris_donde.png
  • http://www.claro.com/paises/images/bt_gris_donde_ro.png
  • http://www.claro.com/paises/images/bt_gris_quienes.png
  • http://www.claro.com/paises/images/bt_gris_quienes_ro.png
  • http://www.claro.com/paises/images/bt_gris_sitios.png
  • http://www.claro.com/paises/images/bt_gris_sitios_ro.png
  • http://www.claro.com/paises/images/logo_claro.jpg
  • http://www.claro.com/paises/images/rec_01.png
  • http://www.claro.com/paises/images/rec_02.png
  • http://www.claro.com/paises/images/rec_03.png
  • http://www.claro.com/paises/images/rec_04.png
  • http://www.claro.com/paises/images/rec_bg.png
  • http://www.claro.com/paises/selectorPaises.css
  • http://www.claro.com/wps/paises.jsp
  • http://www.k4n0.info/importes/server.php
DNS Requests
  • www.claro.com
  • www.k4n0.info

Example 2

File Information

Size
100K
SHA-1
e1b2d229893b49746bcb429a6965d34c0662d807
MD5
489f25a606a7821189a31fbbc9a5ec09
CRC-32
d2797832
File type
Windows executable
First seen
2007-07-18

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system\wincal.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFCC3.tmp
  • C:\WINDOWS\system32\drivers\etc\hosts
    Size
    537
    SHA-1
    f8153b2b595fc9402db1da5df9d8d6547209e26f
    MD5
    bef26b2767c5f7bbfbc296fee9c38849
    CRC-32
    59f85254
    File type
    Hypertext Markup Language
    First seen
    2013-01-04
Modified Files
  • %SYSTEM%\drivers\etc\hosts
    • Changed the file contents
Registry Keys Created
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    load
    C:\WINDOWS\system\wincal.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013010420130105
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012121720121224
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    UACDisableNotify
    0x00000000
HTTP Requests
  • http://clients1.google.cl/generate_204
  • http://protec21.co.kr/shop/file_pds_thumb2/packboard
  • http://ssl.gstatic.com/gb/js/scm_a5ede5fdd1410d6d8e6a412b12d9fdbf.js
  • http://www.google.cl/
  • http://www.google.cl/images/srpr/logo1w.png
  • http://www.google.cl/images/srpr/nav_logo80.png
  • http://www.google.cl/xjs/_/js/hp/sb_he,pcc/rt=j/ver=2Pr7mrMaui0.en_US./d=1/sv=1/rs=AItRSTPGRgyRrtz6Oh8ITFsxshRnZQGQbw
DNS Requests
  • clients1.google.cl
  • protec21.co.kr
  • ssl.gstatic.com
  • www.google.cl

download Try Sophos products for free
Download now