W32/VBobfus-L

Category: Viruses and Spyware Protection available since:21 Nov 2012 15:31:44 (GMT)
Type: Win32 worm Last Updated:21 Nov 2012 15:31:44 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/VBobfus-L include:

Example 1

File Information

Size
152K
SHA-1
9763eef2cb92a72cda9dc0ca30b1bcb134762750
MD5
072aad3862c8b61a7c049508503b0eae
CRC-32
784c97a1
File type
Windows executable
First seen
2012-11-13

Runtime Analysis

Dropped Files
  • F:/Passwords.exe
    Size
    152K
    SHA-1
    7dcf69840accbc7580be4c77df4dd5361f08c006
    MD5
    44456084830df4edb103b1dce1aeab6c
    CRC-32
    cb0c3906
    File type
    Windows executable
    First seen
    2012-11-13
  • F:/Porn.exe
    Size
    152K
    SHA-1
    f0e050c4593a663f1d4551f6aeb9e9643309a9f6
    MD5
    9cdc37ee508489271e36ed420b19e1eb
    CRC-32
    8b188e9b
    File type
    Windows executable
    First seen
    2012-11-13
  • F:/hkraoc.exe
    Size
    152K
    SHA-1
    a2800035509c2ca773f8968ad6ad8dffe1f8e73e
    MD5
    461c09f8a6a997c6aaaf137c48c6b510
    CRC-32
    3d1a5c41
    File type
    Windows executable
    First seen
    2012-11-13
  • c:\Documents and Settings\test user\hkraoc.exe
    Size
    152K
    SHA-1
    0b43a0654212dcc61747e4d341e408db902dbd45
    MD5
    838fbdf176255ed1080b80c84d45e6f1
    CRC-32
    76de10a4
    File type
    Windows executable
    First seen
    2012-11-13
  • F:/Secret.exe
    Size
    152K
    SHA-1
    a2800035509c2ca773f8968ad6ad8dffe1f8e73e
    MD5
    461c09f8a6a997c6aaaf137c48c6b510
    CRC-32
    3d1a5c41
    File type
    Windows executable
    First seen
    2012-11-13
  • F:/Sexy.exe
    Size
    152K
    SHA-1
    b53f59d03798c7358885e355373cb43850b91fd9
    MD5
    502059f24c0f08218d0edd03aa656d99
    CRC-32
    30b91b04
    File type
    Windows executable
    First seen
    2012-11-13
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    hkraoc
    c:\Documents and Settings\test user\hkraoc.exe /m
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\hkraoc.exe
DNS Requests
  • ns1.helpupdated.com
  • ns1.helpupdated.net
  • ns1.helpupdated.org
  • ns1.helpupdater.net

Example 2

File Information

Size
152K
SHA-1
fac0a15fd66d6506b4aae4972ca1085a956bbe16
MD5
7dbaca6c6569791ea119fb2f9c4e3f87
CRC-32
89c809f3
File type
Windows executable
First seen
2012-11-15

Runtime Analysis

Dropped Files
  • F:/Porn.exe
    Size
    152K
    SHA-1
    3256ed610bfe561a9deb3331129a561602f35612
    MD5
    9a12b57e108dc356074d98f52791fe7f
    CRC-32
    4e8faa99
    File type
    Windows executable
    First seen
    2012-11-15
  • F:/Secret.exe
    Size
    152K
    SHA-1
    b707aea476f3928447412dc5a51ae60cca7ed83e
    MD5
    6ec3f9b61b9401a28b2650c3c9b7c88d
    CRC-32
    7596faa0
    File type
    Windows executable
    First seen
    2012-11-15
  • c:\Documents and Settings\test user\zoqip.exe
    Size
    152K
    SHA-1
    7924efb7c44d00c925357cd20e9ef10653bff571
    MD5
    7e4228ab80b5e9fd3fad2070843e3254
    CRC-32
    0595c267
    File type
    Windows executable
    First seen
    2012-11-15
  • F:/zoqip.exe
    Size
    152K
    SHA-1
    b707aea476f3928447412dc5a51ae60cca7ed83e
    MD5
    6ec3f9b61b9401a28b2650c3c9b7c88d
    CRC-32
    7596faa0
    File type
    Windows executable
    First seen
    2012-11-15
  • F:/Sexy.exe
    Size
    152K
    SHA-1
    39cfe7d98a1310c3301aa7b4a1d0ecd4adaed24b
    MD5
    8a137ceffe1a0d3f62ab7f132fcddb14
    CRC-32
    e8149f74
    File type
    Windows executable
    First seen
    2012-11-15
  • F:/Passwords.exe
    Size
    152K
    SHA-1
    b591134bb782b935f639fb4eb83598307e5de3e8
    MD5
    83e5d4a5ddc99ed0c64ea69e22f75ef7
    CRC-32
    777a2088
    File type
    Windows executable
    First seen
    2012-11-15
Registry Keys Created
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    zoqip
    c:\Documents and Settings\test user\zoqip.exe /z
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\zoqip.exe
DNS Requests
  • ns1.helpupdated.com
  • ns1.helpupdated.net
  • ns1.helpupdated.org
  • ns1.helpupdater.net

Example 3

File Information

Size
152K
SHA-1
0253a334306f7a4a030782d090591c239d7f0fa6
MD5
be11a7ac422730fc21df515c1dacb755
CRC-32
378c3699
File type
Windows executable
First seen
2012-11-15

download Try Sophos products for free
Download now