Troj/VB-GLH

Category: Viruses and Spyware Protection available since:24 Feb 2013 11:59:41 (GMT)
Type: Trojan Last Updated:24 Feb 2013 11:59:41 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/VB-GLH exhibits the following characteristics:

File Information

Size
441K
SHA-1
672292e9cc16b23aa6bfbdd180e29dfd131597d5
MD5
9d9610bab7b9f64f1369d6e266cd3f51
CRC-32
c916c984
File type
Windows executable
First seen
2013-02-24

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Woytip\evywz.exe
    Size
    441K
    SHA-1
    6aef8b1a856cac00356219a9e40573b4bd32434b
    MD5
    d7f498c0e71461674d94d7ef5f9e647d
    CRC-32
    b9b8c461
    File type
    Windows executable
    First seen
    2013-02-24
  • c:\Documents and Settings\test user\Application Data\Umewy\xaax.tmp
    Size
    563
    SHA-1
    880845d7c0e52d480c1279ed69bebda4f4218f6a
    MD5
    d5f949d1bdb0c0ef8c28dc3881250150
    CRC-32
    269520a0
    File type
    Unspecified binary - probably data
    First seen
    2013-02-24
  • c:\Documents and Settings\test user\Application Data\Umewy\xaax.kod
    Size
    477
    SHA-1
    59c9d0a67d2786b87a470b4dd6ae879a8c47762a
    MD5
    0a328d93264ada82e7898a9e96613266
    CRC-32
    4325df35
    File type
    application/octet-stream
    First seen
    2013-02-24
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Aztu
    Avuhivs
    □□□03□□□□□□□□□□□]□□W□@□□□I□□{□□□□0□□□\□□>□□□□□g□P□□P□□□□□ □□0□□□□□□□□□□□□G□□□□□□□`□□□□□pj□□□□□v□□&□□\□□V□P□□□□□□□□□□□□□□]□□□□□□□ □□@Y□0□□□a□Pz□□?□□□□□□□`□□□i□□□□P□□□U□□□□@~□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {2394133C-7F40-D03B-117B-22003CAC3608}
    "c:\Documents and Settings\test user\Application Data\Woytip\evywz.exe"
Registry Keys Modified
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    f0 30 ca ca 5d 12 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\woytip\evywz.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://elevalascensores.com/iconia/projekt1/config.bin
DNS Requests
  • elevalascensores.com

download Try Sophos products for free
Download now