Troj/VB-GLH exhibits the following characteristics:
File Information
- Size
- 441K
- SHA-1
- 672292e9cc16b23aa6bfbdd180e29dfd131597d5
- MD5
- 9d9610bab7b9f64f1369d6e266cd3f51
- CRC-32
- c916c984
- File type
- Windows executable
- First seen
- 2013-02-24
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Woytip\evywz.exe
- Size
- 441K
- SHA-1
- 6aef8b1a856cac00356219a9e40573b4bd32434b
- MD5
- d7f498c0e71461674d94d7ef5f9e647d
- CRC-32
- b9b8c461
- File type
- Windows executable
- First seen
- 2013-02-24
- c:\Documents and Settings\test user\Application Data\Umewy\xaax.tmp
- Size
- 563
- SHA-1
- 880845d7c0e52d480c1279ed69bebda4f4218f6a
- MD5
- d5f949d1bdb0c0ef8c28dc3881250150
- CRC-32
- 269520a0
- File type
- Unspecified binary - probably data
- First seen
- 2013-02-24
- c:\Documents and Settings\test user\Application Data\Umewy\xaax.kod
- Size
- 477
- SHA-1
- 59c9d0a67d2786b87a470b4dd6ae879a8c47762a
- MD5
- 0a328d93264ada82e7898a9e96613266
- CRC-32
- 4325df35
- File type
- application/octet-stream
- First seen
- 2013-02-24
Modified Files
- %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
- %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
- %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
- HKCU\Software\Microsoft\Internet Explorer\Privacy
- CleanCookies
- 0x00000000
- HKCU\Software\Microsoft\Aztu
- Avuhivs
- □□□03□□□□□□□□□□□]□□W□@□□□I□□{□□□□0□□□\□□>□□□□□g□P□□P□□□□□ □□0□□□□□□□□□□□□G□□□□□□□`□□□□□pj□□□□□v□□&□□\□□V□P□□□□□□□□□□□□□□]□□□□□□□ □□@Y□0□□□a□Pz□□?□□□□□□□`□□□i□□□□P□□□U□□□□@~□
- HKCU\Identities
- Identity Login
- 0x00098053
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {2394133C-7F40-D03B-117B-22003CAC3608}
- "c:\Documents and Settings\test user\Application Data\Woytip\evywz.exe"
Registry Keys Modified
- HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
- Compact Check Count
- 0x00000008
- HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
- TimeStamp
- f0 30 ca ca 5d 12 ce 01
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1609
- 0x00000000
Processes Created
- c:\Documents and Settings\test user\application data\woytip\evywz.exe
- c:\windows\system32\cmd.exe
HTTP Requests
- http://elevalascensores.com/iconia/projekt1/config.bin
DNS Requests