W32/VBNA-AG

Category: Viruses and Spyware Protection available since:14 Dec 2012 00:46:40 (GMT)
Type: Win32 worm Last Updated:14 Dec 2012 00:46:40 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/VBNA-AG include:

Example 1

File Information

Size
244K
SHA-1
81bd13c411029027435f1bbe2ade156aaae80f37
MD5
706597e50b724f7cfaabe297d7b2df26
CRC-32
d3982bf5
File type
Windows executable
First seen
2012-12-04

Example 2

File Information

Size
244K
SHA-1
ac361e4b55b61f28a165b7a5b53a831913c400d2
MD5
5f7566996ec55aa950254f49d1e0b0cf
CRC-32
516ee89e
File type
Windows executable
First seen
2012-11-18

Runtime Analysis

Dropped Files
  • F:/Porn.exe
    Size
    244K
    SHA-1
    c055a53982fb8af4abfa8041cc361f3f041d384b
    MD5
    c7d8e4fc26c460713648ce7d3607264c
    CRC-32
    18d160a1
    File type
    Windows executable
    First seen
    2012-11-20
  • F:/Passwords.exe
    Size
    244K
    SHA-1
    47c940bf47a0b68c349b0da9fe1d275f26a5610f
    MD5
    ced9305cd6abe5312baeb7201309731c
    CRC-32
    b744b066
    File type
    Windows executable
    First seen
    2012-11-20
  • F:/xialeud.exe
    Size
    244K
    SHA-1
    9225ddafdddfe09a745ba815bf5187379ad5e212
    MD5
    0da1fb8468b55eeb296355c2ef982ee6
    CRC-32
    5487c1ff
    File type
    Windows executable
    First seen
    2012-11-20
  • F:/Secret.exe
    Size
    244K
    SHA-1
    9225ddafdddfe09a745ba815bf5187379ad5e212
    MD5
    0da1fb8468b55eeb296355c2ef982ee6
    CRC-32
    5487c1ff
    File type
    Windows executable
    First seen
    2012-11-20
  • F:/Sexy.exe
    Size
    244K
    SHA-1
    7634a873939a5c2f18f52c86e0eff7fcab93dc6a
    MD5
    31e509136cd835cb3b693a3d7b65f946
    CRC-32
    5856b912
    File type
    Windows executable
    First seen
    2012-11-20
  • c:\Documents and Settings\test user\xialeud.exe
    Size
    244K
    SHA-1
    1670ae0f53cff9e9434a15f4d4413e6f909d3cf6
    MD5
    ef661ed72e3f215c7cb561fbd11a24a4
    CRC-32
    57d7ff63
    File type
    Windows executable
    First seen
    2012-11-20
Registry Keys Created
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    xialeud
    c:\Documents and Settings\test user\xialeud.exe /a
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    xialeud
    c:\Documents and Settings\test user\xialeud.exe /a
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Run
    c:\Documents and Settings\test user\xialeud.exe /x
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\xialeud.exe

Example 3

File Information

Size
244K
SHA-1
e959e32a36c3ebe2916dd7048b652ef5ce52afbf
MD5
929b0725b8c1882aea5c80bc7be10ab9
CRC-32
db68e0e5
File type
Windows executable
First seen
2012-11-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\jiatu.exe
    Size
    244K
    SHA-1
    24375026e6996e2cf84d21e0b48e8d2260dff41c
    MD5
    181b0f342f010d6930c42e588bcf528a
    CRC-32
    4835c7ac
    File type
    Windows executable
    First seen
    2012-11-01
  • F:/Secret.exe
    Size
    244K
    SHA-1
    18a86afa6594ebea301e880556070ef5b684510b
    MD5
    91b463837b7870e16180482aec54191e
    CRC-32
    3f472738
    File type
    Windows executable
    First seen
    2012-11-01
  • F:/Passwords.exe
    Size
    244K
    SHA-1
    57f1a99533f756757f373624e222785a3b6c3dac
    MD5
    437846e4b6b101d710f8fcc3c06a683b
    CRC-32
    dc8456a1
    File type
    Windows executable
    First seen
    2012-11-01
  • F:/Porn.exe
    Size
    244K
    SHA-1
    9fb3c86a1e40bd5d6c4d56605a7d650ebd57292f
    MD5
    eb3543860a5397144771ef5793ecedd3
    CRC-32
    73118666
    File type
    Windows executable
    First seen
    2012-11-01
  • F:/jiatu.exe
    Size
    244K
    SHA-1
    18a86afa6594ebea301e880556070ef5b684510b
    MD5
    91b463837b7870e16180482aec54191e
    CRC-32
    3f472738
    File type
    Windows executable
    First seen
    2012-11-01
  • F:/Sexy.exe
    Size
    244K
    SHA-1
    7b8e9091a105b4b8f167359c09cf2dbd1669e2e0
    MD5
    abbad81e3a7d13441c3b03f118d20923
    CRC-32
    33965fd5
    File type
    Windows executable
    First seen
    2012-11-01
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    jiatu
    c:\Documents and Settings\test user\jiatu.exe /f
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Run
    c:\Documents and Settings\test user\jiatu.exe /w
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    jiatu
    c:\Documents and Settings\test user\jiatu.exe /k
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\jiatu.exe
DNS Requests
  • ns1.helpupdater.net
  • ns1.helpupdates.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information