Troj/VB-GJB

Category:	Viruses and Spyware	Protection available since:	22 Jan 2013 04:47:49 (GMT)
Type:	Trojan	Last Updated:	22 Jan 2013 04:47:49 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/VB-GJB exhibits the following characteristics:

File Information

Size: 317K
SHA-1: b9176c81394e80066995e81ee9384793d463ab06
MD5: d94900532f8d60a195c287ae13fa3349
CRC-32: f6ec21a2
File type: Windows executable
First seen: 2012-05-24

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Application Data\Udnuw\civua.qum
c:\Documents and Settings\test user\Application Data\Udnuw\civua.tmp
c:\Documents and Settings\test user\Application Data\Wyinu\hoewy.exe

Modified Files

%PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
%PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
%PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx

Registry Keys Created

HKCU\Software\Microsoft\Ziynm
Nuhiu
□-□0□□□4□P□□ □□`:□□4□□□□0□□□□□□L□□□□□Y□□□□0[□□□□p□□p□□P□□□□□□[□□□□p□□P□□0e□□□□□□□0b□`□□□□□□B□□□□0o□0□□□□□ □□□□□p□□□{□P1□□□□□□□□□□□□□□□□@□□ □□□u□p□□□□□□□□P□□□□□□□□0□□□w□ □□□□□
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{92228FA9-4936-93A3-50E9-0C292876A1F1}
"c:\Documents and Settings\test user\Application Data\Wyinu\hoewy.exe"
HKCU\Identities
Identity Login
0x00098053
HKCU\Software\Microsoft\Internet Explorer\Privacy
CleanCookies
0x00000000

Registry Keys Modified

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
1609
0x00000000
HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
Compact Check Count
0x00000008
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
1609
0x00000000
HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
TimeStamp
8e 2a 05 54 3a f8 cd 01

Processes Created

c:\Documents and Settings\test user\application data\wyinu\hoewy.exe
c:\windows\system32\cmd.exe

HTTP Requests

http://208.98.60.241/design.php_files/phpcodes/zips/mushrm.bin

IP Connections

208.98.60.241:80

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/VB-GJB

File Information

Runtime Analysis

Dropped Files

Modified Files

Registry Keys Created

Registry Keys Modified

Processes Created

HTTP Requests

IP Connections

Free Mac Anti-Virus

Popular topics