Troj/dnsauce-C

Category: Viruses and Spyware Protection available since:17 May 2014 01:29:52 (GMT)
Type: Trojan Last Updated:17 May 2014 01:29:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/dnsauce-C exhibits the following characteristics:

File Information

Size
780K
SHA-1
016ccb7d63d2f16b92b6d33efc376cda3aa56ab1
MD5
f3b949b4b45d5c7c65dbe6da0cc7968f
CRC-32
d465504c
File type
application/x-ms-dos-executable
First seen
2014-05-13

Other vendor detection

Avira
TR/Injector.dpj.13

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Windows Update.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\SysInfo.txt
  • c:\Documents and Settings\test user\Application Data\Sample.lnk
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Size
    216
    SHA-1
    f203f45638fefef8c24cd49e1342801255eb8725
    MD5
    278e06b18acb01a48bbcc533624ed420
    CRC-32
    f7082e51
    File type
    Unspecified binary - probably data
    First seen
    2014-05-14
  • c:\Documents and Settings\test user\Application Data\010112.txt
    Size
    9
    SHA-1
    fd9faeb1cda95745961e6a35919807f2a4b3ffd9
    MD5
    e6620e0d5e51b0b5c2d9e0fdd54e5294
    CRC-32
    5f2b563f
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-05-14
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    53K
    SHA-1
    db88a832074cf222b498eef018e2b4a056456f93
    MD5
    f44363d23cd082c1a99eb91d33e1c927
    CRC-32
    1b37c2c8
    File type
    Microsoft CAB archive
    First seen
    2014-03-12
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    sidebar
    c:\Documents and Settings\test user\Application Data\Sample.lnk
Processes Created
  • c:\Documents and Settings\test user\application data\windows update.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • www.download.windowsupdate.com

download Try Sophos products for free
Download now