W32/Cridex-BM

Category: Viruses and Spyware Protection available since:05 Apr 2013 15:56:52 (GMT)
Type: Win32 worm Last Updated:05 Apr 2013 15:56:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Cridex-BM exhibits the following characteristics:

File Information

Size
131K
SHA-1
39095cd787ea3815df6e0cf00ef89ce4dc8478ae
MD5
2b04bea28ebaf806f20582ecc9b54af0
CRC-32
ae0116b3
File type
Windows executable
First seen
2013-04-03

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\KB00954719.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    KB00954719.exe
    "c:\Documents and Settings\test user\Application Data\KB00954719.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\kb00954719.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 130.79.80.40:8080
  • 161.53.184.3:8080
  • 174.121.242.8:8080
  • 199.66.224.130:8080
  • 202.29.5.195:8080
  • 203.157.3.246:8080
  • 203.171.234.53:8080
  • 213.199.201.180:8080
  • 213.214.74.5:8080
  • 217.113.246.151:8080
  • 219.94.190.170:8080
  • 37.59.36.93:8080
  • 46.51.189.229:8080
  • 64.186.148.92:8080
  • 81.17.22.14:8080
  • 83.161.138.172:8080
  • 85.214.143.90:8080
  • 88.119.156.20:8080
  • 88.191.130.98:8080
  • 89.110.148.213:8080
  • 91.121.167.124:8080
  • 91.121.30.185:8080
  • 91.121.90.92:8080
  • 94.23.6.95:8080

download Try Sophos products for free
Download now