W32/Gamarue-BA

Category: Viruses and Spyware Protection available since:25 Apr 2013 23:00:42 (GMT)
Type: Win32 worm Last Updated:25 Apr 2013 23:00:42 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Gamarue-BA exhibits the following characteristics:

File Information

Size
81K
SHA-1
fe1611852166c30a4d907c097b5c3012ac11e1cb
MD5
7ed265b1caa48a7eeb2246bb365778d8
CRC-32
87b3f75c
File type
Windows executable
First seen
2011-07-14

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Local Settings\Temp\ccqvfacw.com
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    30367
    C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\ccqvfacw.com
Processes Created
  • c:\windows\system32\wuauclt.exe
IP Connections
  • 8.8.4.4:53
  • 8.8.8.8:80
DNS Requests
  • hzmksreiuojy.biz
  • hzmksreiuojy.com
  • hzmksreiuojy.in
  • hzmksreiuojy.nl
  • hzmksreiuojy.ru
  • www.update.microsoft.com

download Try Sophos products for free
Download now