Sus/MoleUltr-A

Categoría: Archivos y comportamiento sospechosos Protección disponible desde:08 jun 2010 12:37:32 (GMT)
Tipo: Suspicious file Última actualización:08 jul 2011 17:49:42 (GMT)

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Summary

Files detected as Sus/MoleUltr-A exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/MoleUltr-A follow:

Example 1

File Information

Size
660K
SHA-1
971e188891d51a72a57a91656094b9ce6bc65300
MD5
9e7b589142da30437189ea9ee2677ae9
CRC-32
fe419efe
File type
application/x-ms-dos-executable
First seen
2010-06-21

Other vendor detection

Avira
TR/VB.Inject.675616.BP
Kaspersky
Trojan.Win32.VBKrypt.ckw

Runtime Analysis

Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SampleVB6Service\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\SampleVB6Service
    ImagePath
    c:\\sample.exe

Example 2

File Information

Size
159K
SHA-1
2c53dc646dab2e80e372930cf7769ab94d704c35
MD5
8da740610c0af88f182cb1649c012202
CRC-32
3d23e742
File type
application/x-ms-dos-executable
First seen
2010-06-26

Runtime Analysis

DNS Requests
  • bad-hackers.no-ip.biz

Example 3

File Information

Size
501K
SHA-1
6cc374be3e8b5caae7cb70c141dbb79c1c92ea94
MD5
14558e1d78ba9e3cbb4cf413e478cff5
CRC-32
8fc7427b
File type
application/x-ms-dos-executable
First seen
2010-06-21

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\justic\dll
Dropped Files
  • C:\Documents and Settings\support\Local Settings\Temp\XxX.xXx
    Size
    8
    SHA-1
    4b7ea89847a8bf34cd84ece468a93e6cc613a20d
    MD5
    4ac108f7707cc0400ad3c07085159f71
    CRC-32
    eb046083
    File type
    application/octet-stream
    First seen
    2010-08-05
  • C:\Documents and Settings\support\Application Data\logs.dat
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    police
    C:\WINDOWS\system32\justic\dll
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    hkey
    C:\WINDOWS\system32\justic\dll
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7QR7VPR0-0ON3-4L35-73A5-L427Y1GY72AG}
    StubPath
    C:\WINDOWS\system32\justic\dll Restart
  • HKCU\Software\victima
    NewIdentification
    victima
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    hkey
    C:\WINDOWS\system32\justic\dll
Processes Created
  • c:\program files\internet explorer\iexplore.exe
HTTP Requests
  • http://-32|
DNS Requests
  • toma2.no-ip.info

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita