Troj/VB-GXC

Category: Viruses and Spyware Protection available since:18 Nov 2013 07:07:28 (GMT)
Type: Trojan Last Updated:18 Nov 2013 07:07:28 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/VB-GXC include:

Example 1

File Information

Size
196K
SHA-1
473deb70fe68fae1cd72141cc73b2f00b80b230f
MD5
28e7dc6c99169b4fe7d6d6fd3a920a46
CRC-32
4ac60746
File type
Windows executable
First seen
2013-11-18

Example 2

File Information

Size
64K
SHA-1
6c60f8c3d6ee9b59d004aa73e0d7e9c9be2b06e7
MD5
1d476164b7dec67566a3a415f582fce9
CRC-32
76015118
File type
Windows executable
First seen
2013-11-18

Example 3

File Information

Size
538K
SHA-1
a530749f223f592ffe1cb737ae271c40cc7f2b95
MD5
fa830efb15c40b6644322b7c830e4ce3
CRC-32
e4280180
File type
Windows executable
First seen
2013-11-18

Runtime Analysis

Dropped Files
  • C:\WINDOWS\zipinfo.txt
  • C:\Program Files\Accessories\Common\Online_Time.txt
  • C:\Program Files\Accessories\Common\KB_log.txt
    Size
    71
    SHA-1
    b64d9a5d4c11aa33b435f12d544e46a216513f58
    MD5
    5a070f6cba6237015db4fadf6f9ed61f
    CRC-32
    ee25ed5f
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-18
  • C:\Program Files\Accessories\Common\PC_Active_Time.txt
    Size
    283
    SHA-1
    3a8620b494c85f5a7c21fbb753a7105f1813cd74
    MD5
    43b9171fdeceb4eea5700193f00c0043
    CRC-32
    76c32e55
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-18
  • C:\Program Files\Sys64\rdbms.exe
    Size
    128K
    SHA-1
    d58757ce6769690477a07228ba0f451e702e7e94
    MD5
    1bdc79aaf4001a400ad2759ec875e55f
    CRC-32
    583a54f5
    File type
    Windows executable
    First seen
    2013-11-18
  • C:\WINDOWS\ntfsv.dll
  • C:\Program Files\Sys64\windns.exe
    Size
    244K
    SHA-1
    b1f6ffb170c1f91f559b7b890327babdd472d13c
    MD5
    f029c5e84d1246a9a8d93aaee23b1f11
    CRC-32
    cfe787b2
    File type
    Windows executable
    First seen
    2013-11-18
  • C:\Program Files\Accessories\Common\18 Nov 13 01_31_07 support .rca
    Size
    118K
    SHA-1
    6ed72d92d1e886e5fa9d399dd76a0f044546dfd0
    MD5
    576f968e9749552fd14cc41cfb50bb51
    CRC-32
    c46a08c9
    File type
    JPEG Interchange Format
    First seen
    2013-11-18
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF9FC5.tmp
    Size
    16K
    SHA-1
    3e50a13f31acb1661428a97aa21b34b3ea6fb9b6
    MD5
    ea3ac8df2afe3bc204176496c3b6418c
    CRC-32
    082a2998
    File type
    Microsoft OLE2 file format
    First seen
    2013-09-15
  • C:\Program Files\Accessories\Common\Websites_Detail.txt
    Size
    272
    SHA-1
    9797a0d00332f53f3df3b567be281f042c4f82a4
    MD5
    782bf562755ec735c6cd119294664b11
    CRC-32
    fb8c3f9e
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-18
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFA842.tmp
    Size
    16K
    SHA-1
    5fbade6d5a966d973cab51a23f1518df209b86de
    MD5
    50920dc8d3dd5bc6a0a73cee5f5c4447
    CRC-32
    230fc134
    File type
    Microsoft OLE2 file format
    First seen
    2013-09-15
  • C:\Program Files\Accessories\Common\desktop.ini
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFDE00.tmp
    Size
    16K
    SHA-1
    3e50a13f31acb1661428a97aa21b34b3ea6fb9b6
    MD5
    ea3ac8df2afe3bc204176496c3b6418c
    CRC-32
    082a2998
    File type
    Microsoft OLE2 file format
    First seen
    2013-09-15
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFAB30.tmp
    Size
    16K
    SHA-1
    0a00cf35210cdc48f3e3b577f80282ccbf35c71c
    MD5
    f65d0ac429dffd4fd75c6b0549e83cd7
    CRC-32
    5be3e0fc
    File type
    Microsoft OLE2 file format
    First seen
    2013-09-20
  • C:\WINDOWS\system32\inobject.dll
  • C:\Program Files\Sys64\RDS.exe
    Size
    196K
    SHA-1
    473deb70fe68fae1cd72141cc73b2f00b80b230f
    MD5
    28e7dc6c99169b4fe7d6d6fd3a920a46
    CRC-32
    4ac60746
    File type
    Windows executable
    First seen
    2013-11-18
  • C:\Program Files\Sys64\messenger.exe
    Size
    64K
    SHA-1
    6c60f8c3d6ee9b59d004aa73e0d7e9c9be2b06e7
    MD5
    1d476164b7dec67566a3a415f582fce9
    CRC-32
    76015118
    File type
    Windows executable
    First seen
    2013-11-18
  • C:\Program Files\Accessories\Common\Websites_Summary.txt
    Size
    89
    SHA-1
    9babec4e690008c921bb4c2f3c1170a013d0b807
    MD5
    dcafe105f45fd09965f604c2a30f502b
    CRC-32
    a5dfcd31
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-18
  • C:\WINDOWS\refsdm.dll
    Size
    26
    SHA-1
    1ebc6f816b0efd6e8ab814e13bd46e88697bf7a4
    MD5
    1cbe8b7295f178a93b83a2ef4cc380e5
    CRC-32
    20783a18
    File type
    Unspecified binary - probably data
    First seen
    2013-11-18
Modified Files
  • %SYSTEM%\MSWINSCK.OCX
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\PROGRA~1\Sys64\windns.exe
    C:\PROGRA~1\Sys64\windns.exe:*:Enabled:windns.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NetDDE
    C:\PROGRA~1\Sys64\windns.exe
  • HKLM\SOFTWARE\MSI64
    RECO
    71
Registry Keys Modified
  • HKCR\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0
    (Default)
    Microsoft Winsock Control 6.0 (SP5)
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    Hidden
    0x00000002
Processes Created
  • c:\docume~1\support\locals~1\temp\compress0\java.exe
  • c:\program files\sys64\messenger.exe
  • c:\program files\sys64\rdbms.exe
  • c:\program files\sys64\rds.exe
  • c:\progra~1\sys64\windns.exe
  • c:\windows\system32\cacls.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\netsh.exe
  • c:\windows\system32\sc.exe
IP Connections
  • 198.24.157.58:14001
  • 198.24.157.58:17173
  • 198.24.157.58:17175
  • 198.24.157.58:27171
  • 198.24.157.58:27181
  • 198.24.157.58:37
DNS Requests
  • www.google.net

download Try Sophos products for free
Download now