W32/VBNA-BH

Category: Viruses and Spyware Protection available since:09 May 2013 01:52:55 (GMT)
Type: Win32 worm Last Updated:09 May 2013 01:52:55 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/VBNA-BH include:

Example 1

File Information

Size
252K
SHA-1
020ec1a397de4e96877866f882223e79c28ea480
MD5
4b3d448e337cb18ca70247db5c9cdb64
CRC-32
c47bc84b
File type
Windows executable
First seen
2013-05-07

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    pouahih
    c:\Documents and Settings\test user\pouahih.exe /r
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
DNS Requests
  • ns1.datetoday1.com
  • ns1.datetoday1.org
  • ns1.datetoday2.com
  • ns1.datetoday2.net
  • ns1.datetoday2.org

Example 2

File Information

Size
252K
SHA-1
71b2226e1129976d7659d2772201e7720ce7a6b6
MD5
8ee31a5263c3c2a8941fdaaa172d8d19
CRC-32
e2934974
File type
Windows executable
First seen
2013-05-07

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ceosor
    c:\Documents and Settings\test user\ceosor.exe /c
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
DNS Requests
  • ns1.datetoday1.com
  • ns1.datetoday1.org
  • ns1.datetoday2.com
  • ns1.datetoday2.net
  • ns1.datetoday2.org
  • ns1.datetoday3.com

Example 3

File Information

Size
252K
SHA-1
ceb4132360b446fcc5556792f83d507f21c0f900
MD5
513a9e9916c921d00d286c59c4700bdd
CRC-32
5bdaf1da
File type
Windows executable
First seen
2013-05-05

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    zawin
    c:\Documents and Settings\test user\zawin.exe /c
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
DNS Requests
  • ns1.datetoday1.com
  • ns1.datetoday1.org
  • ns1.datetoday2.com
  • ns1.datetoday2.net

download Try Sophos products for free
Download now