Troj/Wimmie-A

Category: Viruses and Spyware Protection available since:27 Mar 2013 22:33:25 (GMT)
Type: Trojan Last Updated:27 Mar 2013 22:33:25 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Wimmie-A include:

Example 1

File Information

Size
60K
SHA-1
2185c201a7da86e9056028fdf59d06ee05d1a3ac
MD5
cce9c2f4f9334fbf7e3d27a656423551
CRC-32
3df41ce7
File type
Windows executable
First seen
2013-03-27

Example 2

File Information

Size
84K
SHA-1
78ccb83f2b8084519034f317e49f601914b15c11
MD5
e44ed8eadbb5a238874ee050b9e22604
CRC-32
76e372e4
File type
Windows executable
First seen
2013-03-27

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\setup.rpt
    Size
    283
    SHA-1
    5e6d1aadf20e36080c799492eb399e84a36dc21c
    MD5
    628c9c7785df6b76a68c1505474fe970
    CRC-32
    4c876650
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-03-27
  • C:\WINDOWS\NtUninstallKB\NtUninstallKB.cab
    Size
    252K
    SHA-1
    34486e1cedcd47ebdbb0ced285c930b0100effcb
    MD5
    5f96268d0fed7d81aca862bfd7150d4d
    CRC-32
    af4ef23d
    File type
    Microsoft CAB archive
    First seen
    2013-03-27
  • C:\WINDOWS\system32\setup.inf
    Size
    1.1K
    SHA-1
    33674c118a3d3af8233d1f518d04a8986dd93a8d
    MD5
    6fae0e031fa2aa7dd51296b6030a3fb1
    CRC-32
    752e10ec
    File type
    Configuration Data File (generic)
    First seen
    2013-03-27
Registry Keys Created
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□V□□□□□+□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Script\Settings
    JITDebug
    0x00000000
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Script\Settings
    JITDebug
    0x00000000
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□V□□□□□+□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\cscript.exe
  • c:\windows\system32\wbem\scrcons.exe
HTTP Requests
  • http://bailianlan.c.dwyu.com/wintt/1.php
  • http://bailianlan.c.dwyu.com/wintt/pc_000C29D6E505_2012@.c
DNS Requests
  • bailianlan.c.dwyu.com

Example 3

File Information

Size
313K
SHA-1
99d17ec08c8a60b4ce100d6f88b262731f6e4572
MD5
9e5fd52290a4e30d33918a9a7c85e99b
CRC-32
6a291837
File type
Windows executable
First seen
2013-03-27

Runtime Analysis

Dropped Files
  • C:\WINDOWS\NtUninstallKB\NtUninstallKB.cab
    Size
    252K
    SHA-1
    ad1939f53ffbb7f780e1a470afecfbe8197d4585
    MD5
    29dcdb2a96c4edfe4a7d61ca1fe0a055
    CRC-32
    cc76e18f
    File type
    Microsoft CAB archive
    First seen
    2013-03-27
  • C:\WINDOWS\system32\setup.inf
    Size
    1.1K
    SHA-1
    3903493fc7b56169a21d041d2e5208fc64a2823c
    MD5
    7d5ae1aa85f49cbdfc99c3e29abbc9d5
    CRC-32
    41334433
    File type
    Configuration Data File (generic)
    First seen
    2013-03-27
  • C:\WINDOWS\system32\setup.rpt
    Size
    283
    SHA-1
    a4cdd7c1e3d4fd2d22f5e2d3bfa99fc22a425f68
    MD5
    96d45493cbcee4876e4bf92b591a3f94
    CRC-32
    ff6c2670
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-03-27
Registry Keys Created
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□□+□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□□+□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Script\Settings
    JITDebug
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Script\Settings
    JITDebug
    0x00000000
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\cscript.exe
  • c:\windows\system32\ipconfig.exe
  • c:\windows\system32\wbem\scrcons.exe
HTTP Requests
  • http://89757.x.gg/54321/1.php
  • http://89757.x.gg/54321/pc_000C29A8F5E8_w1229@.c
DNS Requests
  • 89757.x.gg

download Try Sophos products for free
Download now