Troj/VBInj-CH

Category: Viruses and Spyware Protection available since:20 Jul 2012 07:42:48 (GMT)
Type: Trojan Last Updated:20 Jul 2012 07:42:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/VBInj-CH include:

Example 1

File Information

Size
312K
SHA-1
7325d3927d85c9d57bb861be637a46be0ab4cd06
MD5
bc26c70c631448731d9cc0fc5a09c1f0
CRC-32
91462457
File type
Windows executable
First seen
2012-07-14

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    1PService
    c:\test_item.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    1PService
    c:\test_item.exe
DNS Requests
  • paljacinke.aquarium-stakany.org

Example 2

File Information

Size
88K
SHA-1
e5f3cc9b22b142c672037e7d7d07a7f538fccd50
MD5
54cc588a6a4fb5a7d23be4c950a7675d
CRC-32
a8d2374d
File type
Windows executable
First seen
2012-07-14

Runtime Analysis

Dropped Files
  • C:\Program Files\Adult Website Filter\Adult Website Filter.ico
    Size
    9.5K
    SHA-1
    9db4c9eaa5d7c07e78caf2539dc3f985921fe069
    MD5
    e98d84149494bc0f6beffdcf68773374
    CRC-32
    22a12ac2
    File type
    Unspecified binary - probably data
    First seen
    2012-06-21
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db
    Size
    7.0K
    SHA-1
    f930b9ec39a8a32057a2b21de1fc1c65f2a055ae
    MD5
    b12227fbfbecffd979684e328711d1d1
    CRC-32
    b6ffa357
    File type
    SQLite Database File
    First seen
    2012-06-23
  • c:\Documents and Settings\test user\Local Settings\Temp\Adult Website FilterInstaller_1342758959.log
    Size
    8.5K
    SHA-1
    a0759b0b4f0bf243a38a05391dc834d126d02c86
    MD5
    1d2bcd3e97bef6813a87f58f89ac518a
    CRC-32
    3d5e37a5
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-07-20
  • C:\Program Files\Adult Website Filter\Adult Website Filter.exe
    Size
    428K
    SHA-1
    9a0e37135ceab77ba5a2f6db40e895da1675d1c6
    MD5
    ba7cdd906a776edb52e8131c6af7acca
    CRC-32
    2648c54a
    File type
    Windows executable
    First seen
    2012-07-12
  • C:\Program Files\Adult Website Filter\Adult Website FilterGui.exe
    Size
    2.0M
    SHA-1
    612df16aeac00d9043e769cabf13fb88cc010f94
    MD5
    21a50ed8d0d1284a8c581ff07e4a3599
    CRC-32
    8467658b
    File type
    Windows executable
    First seen
    2012-07-12
  • c:\Documents and Settings\test user\Local Settings\Application Data\Adult Website Filter\Chrome\Adult Website Filter.crx
    Size
    109K
    SHA-1
    aa1f8b2ddbfa8271ab000ba174ab157c44ef8909
    MD5
    1d8854efc8647aac9c656da81ec47abe
    CRC-32
    c55e208c
    File type
    Unspecified binary - probably data
    First seen
    2012-07-15
  • c:\Documents and Settings\test user\Local Settings\Temp\TD2.tmp.exe
    Size
    1.9M
    SHA-1
    5d54c318eaff844cda836d6d7e9b743da60ffd30
    MD5
    690c9ed1f08d8fba0625ee4db1156fb6
    CRC-32
    418acd8d
    File type
    Windows executable
    First seen
    2012-07-11
  • C:\Program Files\Adult Website Filter\Adult Website Filter.dll
    Size
    474K
    SHA-1
    baaae457939d6b4ccadbc09948066ddf274d287c
    MD5
    640d5eb884b6236401ce23c6911a1b49
    CRC-32
    7a6e7af3
    File type
    Windows executable
    First seen
    2012-07-12
  • C:\Program Files\Adult Website Filter\Adult Website FilterInstaller.log
    Size
    8.5K
    SHA-1
    a0759b0b4f0bf243a38a05391dc834d126d02c86
    MD5
    1d2bcd3e97bef6813a87f58f89ac518a
    CRC-32
    3d5e37a5
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-07-20
  • c:\Documents and Settings\test user\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_ghlopnjfknhaiijkhcoaimonblmiobld_0\3
    Size
    7.0K
    SHA-1
    ff26e17b10d72a52bcc2ad0b4aa7232f9092b8a0
    MD5
    e9cb693ef70460173a973467db60eccb
    CRC-32
    c8526157
    File type
    SQLite Database File
    First seen
    2012-07-20
  • C:\Program Files\Adult Website Filter\Adult Website Filter.ini
    Size
    170
    SHA-1
    49c751f19984dc553da2015eaa81f20643ff2ee7
    MD5
    02e7cc84f2f4623a90941e3d19d058d3
    CRC-32
    ab81983f
    File type
    Configuration Data File (generic)
    First seen
    2012-06-21
  • C:\Program Files\Adult Website Filter\Uninstall.exe
    Size
    473K
    SHA-1
    ba8fa6e83b4a71202e07c2a05bb5a1ffe4b6d23c
    MD5
    78c4831574357c232009026c6e831cb5
    CRC-32
    10b45f64
    File type
    Windows executable
    First seen
    2012-07-15
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adult Website Filter
    UninstallString
    C:\Program Files\Adult Website Filter\Uninstall.exe
  • HKCU\Software\Adult Website Filter\Log
    WriteHelperLogFile
    0x00000000
  • HKCR\CrossriderApp0004982.FBApi.1\CLSID
    (Default)
    {33333333-3333-3333-3333-330033493382}
  • HKCR\Interface\{66666666-6666-6666-6666-660066496682}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{55555555-5555-5555-5555-550055495582}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{44444444-4444-4444-4444-440044494482}\1.0\FLAGS
    (Default)
  • HKCR\CrossriderApp0004982.BHO.1\CLSID
    (Default)
    {11111111-1111-1111-1111-110011491182}
  • HKCU\Software\Crossrider\Testing
    IsTesting
    0x00000000
  • HKCR\CLSID\{22222222-2222-2222-2222-220022492282}
    (Default)
    CrossriderApp0004982.Sandbox
  • HKCU\Software\Cr_Installer\4982
    InstallerIdentifiers
    {"installer_bic" : "99E9A8AC0D8447D1A16794C9AC5D8800IE", "installer_verifier" : "b8169d230543de098a158c43ad257f6e"}
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011491182}
    Policy
    0x00000003
  • HKCR\CrossriderApp0004982.BHO
    (Default)
    CrossriderApp0004982
  • HKCR\CrossriderApp0004982.FBApi\CLSID
    (Default)
    {33333333-3333-3333-3333-330033493382}
  • HKCR\Interface\{66666666-6666-6666-6666-660066496682}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CrossriderApp0004982.FBApi
    (Default)
    CrossriderApp0004982.FBApi
  • HKCR\CrossriderApp0004982.Sandbox.1
    (Default)
    CrossriderApp0004982.Sandbox
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011491182}
    NoExplorer
    0x00000001
  • HKCR\Interface\{55555555-5555-5555-5555-550055495582}
    (Default)
    ICrossriderBHO
  • HKCR\Interface\{77777777-7777-7777-7777-770077497782}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011491182}
    (Default)
  • HKCR\CLSID\{11111111-1111-1111-1111-110011491182}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\CLSID\{22222222-2222-2222-2222-220022492282}\VersionIndependentProgID
    (Default)
    CrossriderApp0004982.Sandbox
  • HKCR\CrossriderApp0004982.Sandbox\CurVer
    (Default)
    CrossriderApp0004982.Sandbox
  • HKCR\TypeLib\{44444444-4444-4444-4444-440044494482}\1.0\HELPDIR
    (Default)
    C:\Program Files\Adult Website Filter
  • HKCR\CrossriderApp0004982.FBApi.1
    (Default)
    CrossriderApp0004982.FBApi
  • HKCR\CLSID\{22222222-2222-2222-2222-220022492282}\ProgID
    (Default)
    CrossriderApp0004982.Sandbox.1
  • HKCR\Interface\{55555555-5555-5555-5555-550055495582}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CrossriderApp0004982.Sandbox\CLSID
    (Default)
    {22222222-2222-2222-2222-220022492282}
  • HKCR\CrossriderApp0004982.BHO.1
    (Default)
    CrossriderApp0004982
  • HKCR\CLSID\{22222222-2222-2222-2222-220022492282}\InprocServer32
    ThreadingModel
    Apartment
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011491182}
    (Default)
  • HKLM\SOFTWARE\Google\Chrome\Extensions\ghlopnjfknhaiijkhcoaimonblmiobld
    version
    1.18.118
  • HKCU\Software\Adult Website Filter\Installer
    BundledChrome
    0x00000001
  • HKCR\CLSID\{22222222-2222-2222-2222-220022492282}\TypeLib
    (Default)
    {44444444-4444-4444-4444-440044494482}
  • HKCR\CLSID\{33333333-3333-3333-3333-330033493382}
    (Default)
    CrossriderApp0004982.FBApi
  • HKCU\Software\Crossrider
    Verifier
    b8169d230543de098a158c43ad257f6e
  • HKCU\Software\Adult Website Filter\Manifest
    Version
  • HKCR\CrossriderApp0004982.Sandbox
    (Default)
    CrossriderApp0004982.Sandbox
  • HKCR\CLSID\{33333333-3333-3333-3333-330033493382}\VersionIndependentProgID
    (Default)
    CrossriderApp0004982.FBApi
  • HKCR\Interface\{77777777-7777-7777-7777-770077497782}
    (Default)
    IFBApi
  • HKCR\Interface\{66666666-6666-6666-6666-660066496682}
    (Default)
    ISandBox
  • HKCR\TypeLib\{44444444-4444-4444-4444-440044494482}\1.0\0\win32
    (Default)
    C:\Program Files\Adult Website Filter\Adult Website Filter.dll
  • HKCR\Interface\{55555555-5555-5555-5555-550055495582}\TypeLib
    Version
    1.0
  • HKCR\CrossriderApp0004982.Sandbox.1\CLSID
    (Default)
    {22222222-2222-2222-2222-220022492282}
  • HKCR\CLSID\{11111111-1111-1111-1111-110011491182}\TypeLib
    (Default)
    {44444444-4444-4444-4444-440044494482}
  • HKCU\Software\Adult Website Filter
    ActiveAppId
    4982
  • HKCR\CrossriderApp0004982.BHO\CLSID
    (Default)
    {11111111-1111-1111-1111-110011491182}
  • HKCR\CLSID\{33333333-3333-3333-3333-330033493382}\TypeLib
    (Default)
    {44444444-4444-4444-4444-440044494482}
  • HKCR\TypeLib\{44444444-4444-4444-4444-440044494482}\1.0
    (Default)
    CrossriderApp0004982 Type Library
  • HKCU\Software\InstalledBrowserExtensions\Albert Sumac
    4982
    Adult Website Filter
  • HKCR\Interface\{66666666-6666-6666-6666-660066496682}\TypeLib
    Version
    1.0
  • HKCR\Interface\{77777777-7777-7777-7777-770077497782}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\CLSID\{11111111-1111-1111-1111-110011491182}\ProgID
    (Default)
    CrossriderApp0004982.BHO.1
  • HKCR\CrossriderApp0004982.BHO\CurVer
    (Default)
    CrossriderApp0004982
  • HKCR\CLSID\{33333333-3333-3333-3333-330033493382}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\CLSID\{11111111-1111-1111-1111-110011491182}
    (Default)
    Adult Website Filter
  • HKCR\Interface\{77777777-7777-7777-7777-770077497782}\TypeLib
    Version
    1.0
  • HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ghlopnjfknhaiijkhcoaimonblmiobld
    version
    1.18.118
  • HKCR\CLSID\{11111111-1111-1111-1111-110011491182}\VersionIndependentProgID
    (Default)
    CrossriderApp0004982
  • HKCR\CLSID\{33333333-3333-3333-3333-330033493382}\ProgID
    (Default)
    CrossriderApp0004982.FBApi.1
  • HKCR\CrossriderApp0004982.FBApi\CurVer
    (Default)
    CrossriderApp0004982.FBApi.1
Processes Created
  • c:\docume~1\support\locals~1\temp\nsy5.tmp\closebrowsers.exe
  • c:\docume~1\support\locals~1\temp\nsy5.tmp\scs.exe
  • c:\docume~1\support\locals~1\temp\td2.tmp.exe
  • c:\program files\adult website filter\adult website filter.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\cscript.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://79.170.44.95/94738274723484328.in/bitka/ptica.gif
  • http://crossrider.com/plugin/apps/4982/manifest/1_18_149_149/ie6/manifest.xml
  • http://stats.crossrider.com/ie-error.gif
  • http://stats.crossrider.com/installer.gif
IP Connections
  • 79.170.44.95:80
DNS Requests
  • crossrider.com
  • crossrider.cotssl.net
  • stats.crossrider.com

download Try Sophos products for free
Download now