Mal/Behav-130

Categoría: Virus y programas espía Protección disponible desde:03 jul 2007 11:53:26 (GMT)
Tipo: Malicious behavior Última actualización:08 jul 2014 22:04:42 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Examples of Mal/Behav-130 include:

Example 1

File Information

Size
878K
SHA-1
002d2d3426a75b0a2bf69f94c3cc9e5c67e48a13
MD5
51e588fc12e94aec394999e509312c63
CRC-32
ed9b9756
File type
Windows executable
First seen
2011-08-05

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\test_item.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    test_item.exe
    C:\Documents and Settings\All Users\Application Data\test_item.exe
DNS Requests
  • smtp.premiata.com.br

Example 2

File Information

Size
209K
SHA-1
00d0013ba45e57e7cc17c4a11c5ae3a6310cbc19
MD5
cb24db3aa6b90b3de51895920b21253d
CRC-32
2f402f67
File type
Windows executable
First seen
2010-12-03

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\config.txt
  • c:\Documents and Settings\test user\Application Data\md_58.dll
    Size
    451K
    SHA-1
    0d423017b3fbb7120dafbb1640194ea2fbbe9bc2
    MD5
    357793ca695d032db0d51865a3ae21cd
    CRC-32
    cfc83c99
    File type
    Windows executable
    First seen
    2010-12-07
  • c:\Documents and Settings\test user\Application Data\loader.exe
    Size
    414K
    SHA-1
    fc9761aaec7773344609ecd65612d72104f4b1b8
    MD5
    adbf3ab78c07f8d6aa6acb0142098e06
    CRC-32
    794a6526
    File type
    Windows executable
    First seen
    2010-12-07
Registry Keys Created
  • HKCU\Software\Alx\Config
    INSTALADO
    S
  • HKCR\CLSID\{0DBB4430-2805-4FF2-AC7D-43985BC678B8}
    (Default)
    Alx2000
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Play_Background_Sounds
    no
  • HKCR\CLSID\{0DBB4430-2805-4FF2-AC7D-43985BC678B8}\InprocServer32
    ThreadingModel
    Apartment
  • HKCR\md_58.MsShutt_58
    (Default)
    Alx2000
  • HKCR\CLSID\{0DBB4430-2805-4FF2-AC7D-43985BC678B8}\ProgID
    (Default)
    md_58.MsShutt_58
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    loader
    c:\test_item.exe
  • HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow
    *.bradesco.com.br
Processes Created
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://mcmpessa.sites.uol.com.br/config.txt
  • http://mcmpessa.sites.uol.com.br/loader.html
  • http://mcmpessa.sites.uol.com.br/modulo.html
  • http://xvidanova.hut2.ru/avisa.php
DNS Requests
  • mcmpessa.sites.uol.com.br
  • xvidanova.hut2.ru

Example 3

File Information

Size
155K
SHA-1
01365ba4b6829a5549ec9b25af59bbb7f330c1e9
MD5
87216554f067d8631a87935de3a6bde5
CRC-32
c984f669
File type
Windows executable
First seen
2012-11-09

Runtime Analysis

DNS Requests
  • s3-sa-east-1.amazonaws.com

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita