Troj/VB-GNR

Category: Viruses and Spyware Protection available since:30 Apr 2013 06:23:02 (GMT)
Type: Trojan Last Updated:30 Apr 2013 06:23:02 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/VB-GNR exhibits the following characteristics:

File Information

Size
1.6M
SHA-1
ad67f531f5554cf42cccbbc4df1fa780e869bbe5
MD5
5547af503135d87f4cd2d50541abea1c
CRC-32
b8b621b4
File type
Windows executable
First seen
2012-08-03

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\Policy\svchos.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\BGR6cKP1.cfg
    Size
    2.0K
    SHA-1
    f4f1e5ab3c8f6a04466df1cfe001dffe377b93b1
    MD5
    c0d83c0facaaeceffadec188b14a05d2
    CRC-32
    6162ccfc
    File type
    Unspecified binary - probably data
    First seen
    2012-08-03
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\BGR6cKP1.dat
    Size
    2
    SHA-1
    4700b42849fb35be323774820bf1bc8019d26c80
    MD5
    84cad01fdb44ae58dbe6c3973dcd87f5
    CRC-32
    4f349987
    File type
    Windows Codepage 1252
    First seen
    2011-09-26
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    rundl32
    C:\WINDOWS\system32\Policy\svchos.exe
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{50A3D8AG-8188-RF5R-E1V6-T70Y208QJ83H}
    StubPath
    C:\WINDOWS\system32\Policy\svchos.exe restart
  • HKCU\Software\BGR6cKP1
    InstalledServer
    C:\WINDOWS\system32\Policy\svchos.exe
  • HKCU\Software\FakeMessage
    FakeMessage
    OK
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Winlogon
    C:\WINDOWS\system32\Policy\svchos.exe
Processes Created
  • c:\windows\system32\svchost.exe
DNS Requests
  • boubacs2.no-ip.biz

download Try Sophos products for free
Download now