Troj/WinSpy-T

Category: Viruses and Spyware Protection available since:28 Nov 2013 03:35:49 (GMT)
Type: Trojan Last Updated:28 Nov 2013 03:35:49 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/WinSpy-T include:

Example 1

File Information

Size
64K
SHA-1
459913b178d20c2228dd34dc36416676e477c0cb
MD5
8d5d5be832273f216bf7ee48bb56dd06
CRC-32
077616a9
File type
Windows executable
First seen
2013-11-05

Example 2

File Information

Size
538K
SHA-1
57a2c15bdf46b47963dce3bd89a7f49483b4ed78
MD5
d8d9815b843ecfc42619eac6fbea040e
CRC-32
07f43482
File type
Windows executable
First seen
2013-11-27

Other vendor detection

Avira
TR/Agent.81920.393

Runtime Analysis

Dropped Files
  • C:\Program Files\Accessories\Common\desktop.ini
  • C:\WINDOWS\zipinfo.txt
  • C:\Program Files\Sys64\windns.exe
    Size
    244K
    SHA-1
    78ddaa6b13086124b5c0c670f8af0f6dbe427afe
    MD5
    a24124c9ebc352d894e980463194e732
    CRC-32
    706d53e9
    File type
    Windows executable
    First seen
    2013-11-05
  • C:\Program Files\Sys64\RDS.exe
    Size
    196K
    SHA-1
    63620e68b6ca6819721a491b7c08caa38f90ad74
    MD5
    be33fdba7243cfb2eafa1d42ff511b54
    CRC-32
    f8c307f6
    File type
    Windows executable
    First seen
    2013-11-05
  • C:\Program Files\Accessories\Common\KB_log.txt
    Size
    71
    SHA-1
    d2d22fe64f57c1dd253c31aa8392c2831dd7d9e2
    MD5
    8f29be876d4a6a6ba84daa9c1ea84229
    CRC-32
    a387367c
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-27
  • C:\WINDOWS\refsdm.dll
    Size
    26
    SHA-1
    a291378ec25c9bc7fb67449822a5bd8a8b5d6853
    MD5
    dc8e171933aaf99369fe30f680cfc0ad
    CRC-32
    a9c340bb
    File type
    Unspecified binary - probably data
    First seen
    2013-11-27
  • C:\Program Files\Sys64\rdbms.exe
    Size
    128K
    SHA-1
    ec83986ae32d785c07b0d57c9b476f95eef7e22e
    MD5
    b3558b171f4c5e752a82acd86d49ba10
    CRC-32
    0426fb45
    File type
    Windows executable
    First seen
    2013-11-05
  • C:\WINDOWS\ntfsv.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF3515.tmp
    Size
    16K
    SHA-1
    3e50a13f31acb1661428a97aa21b34b3ea6fb9b6
    MD5
    ea3ac8df2afe3bc204176496c3b6418c
    CRC-32
    082a2998
    File type
    Microsoft OLE2 file format
    First seen
    2013-09-15
  • C:\Program Files\Sys64\messenger.exe
    Size
    64K
    SHA-1
    459913b178d20c2228dd34dc36416676e477c0cb
    MD5
    8d5d5be832273f216bf7ee48bb56dd06
    CRC-32
    077616a9
    File type
    Windows executable
    First seen
    2013-11-05
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF9982.tmp
    Size
    16K
    SHA-1
    3e50a13f31acb1661428a97aa21b34b3ea6fb9b6
    MD5
    ea3ac8df2afe3bc204176496c3b6418c
    CRC-32
    082a2998
    File type
    Microsoft OLE2 file format
    First seen
    2013-09-15
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFA0BB.tmp
    Size
    16K
    SHA-1
    5fbade6d5a966d973cab51a23f1518df209b86de
    MD5
    50920dc8d3dd5bc6a0a73cee5f5c4447
    CRC-32
    230fc134
    File type
    Microsoft OLE2 file format
    First seen
    2013-09-15
  • C:\Program Files\Accessories\Common\PC_Active_Time.txt
    Size
    283
    SHA-1
    90d5c7ad5f0450d7d3053e61163683d77a2d13c8
    MD5
    b0071c06a6904fc89ef067edbf4eb335
    CRC-32
    ee83a412
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-27
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFA48E.tmp
    Size
    16K
    SHA-1
    0a00cf35210cdc48f3e3b577f80282ccbf35c71c
    MD5
    f65d0ac429dffd4fd75c6b0549e83cd7
    CRC-32
    5be3e0fc
    File type
    Microsoft OLE2 file format
    First seen
    2013-09-20
  • C:\Program Files\Accessories\Common\Online_Time.txt
    Size
    190
    SHA-1
    37cb174e8ecd9b21b684b5692f605bca7bb54ca0
    MD5
    d70c7f471d2102dceefef91a59c07d31
    CRC-32
    0f69619d
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-27
  • C:\Program Files\Accessories\Common\Websites_Detail.txt
    Size
    272
    SHA-1
    d067426cf6048ae8260d63a35ee1f4444060e33a
    MD5
    ca070bbbbc54d037d3e41c328d4226ac
    CRC-32
    1baf5c8a
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-27
  • C:\WINDOWS\system32\inobject.dll
  • C:\Program Files\Accessories\Common\Websites_Summary.txt
    Size
    89
    SHA-1
    9dc41c45583649851f4403abf9d69eeff651390c
    MD5
    63a92efcb9c591825b3a12d36e88663c
    CRC-32
    d0ccb162
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-11-27
Modified Files
  • %SYSTEM%\MSWINSCK.OCX
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\PROGRA~1\Sys64\windns.exe
    C:\PROGRA~1\Sys64\windns.exe:*:Enabled:windns.exe
  • HKLM\SOFTWARE\MSI64
    RECO
    71
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    NetDDE
    C:\PROGRA~1\Sys64\windns.exe
Registry Keys Modified
  • HKCR\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0
    (Default)
    Microsoft Winsock Control 6.0 (SP5)
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    Hidden
    0x00000002
Processes Created
  • c:\docume~1\support\locals~1\temp\compress0\java.exe
  • c:\program files\sys64\messenger.exe
  • c:\program files\sys64\rdbms.exe
  • c:\program files\sys64\rds.exe
  • c:\progra~1\sys64\windns.exe
  • c:\windows\system32\cacls.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\netsh.exe
  • c:\windows\system32\sc.exe
IP Connections
  • 198.24.157.58:14001
  • 198.24.157.58:17173
  • 198.24.157.58:17175
  • 198.24.157.58:27171
  • 198.24.157.58:27181
  • 198.24.157.58:37
DNS Requests
  • www.google.net

Example 3

File Information

Size
196K
SHA-1
63620e68b6ca6819721a491b7c08caa38f90ad74
MD5
be33fdba7243cfb2eafa1d42ff511b54
CRC-32
f8c307f6
File type
Windows executable
First seen
2013-11-05

download Try Sophos products for free
Download now