Examples of Mal/SpyEye-AB include:
Example 1
File Information
- Size
- 184K
- SHA-1
- 05d807e1eff72e2040c678802ee2a21f23881bf5
- MD5
- 2c901a883500ea6e22750c8125ef5fbe
- CRC-32
- cc2a8956
- File type
- application/x-ms-dos-executable
- First seen
- 2011-12-29
Runtime Analysis
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion
- UpdateWin4T
- 0x00000001
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- AutoConfigURL
- http://cutdesign.pt/imagens/contact.jsp
Registry Keys Modified
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- DefaultConnectionSettings
- 3c 00 00 00 03 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 27 00 00 00 68 74 74 70 3a 2f 2f 63 75 74 64 65 73 69 67 6e 2e 70 74 2f 69 6d 61 67 65 6e 73 2f 63 6f 6e 74 61 63 74 2e 6a 73 70 04 00 00 00 00 00 00 00 80 88 73 da f3 98 ca 01 01 00 00 00 ac 10 00 06 00 00 00 00 00 00 00 00
HTTP Requests
- http://www.amber-kh.com/js/sychro/total_visitas.php
DNS Requests
Example 2
File Information
- Size
- 116K
- SHA-1
- 0e184a7a1b1403d20897048a06b33417ad734883
- MD5
- b692b1c3fcee9980aa8d475fa565d3b2
- CRC-32
- b62a68a9
- File type
- application/x-ms-dos-executable
- First seen
- 2012-01-06
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Temp\~DF888B.tmp
Processes Created
- c:\windows\system32\svchost.exe
Example 3
File Information
- Size
- 172K
- SHA-1
- 0ee6bf493c4aa24b0003e18f4cb9d70aeb09ebd1
- MD5
- 2d4938ae4c87af5507c93b6ba551fd5a
- CRC-32
- 96ebf4fb
- File type
- application/x-ms-dos-executable
- First seen
- 2011-12-25
Runtime Analysis
HTTP Requests
- http://e.mail.ru-0372657165400983.ru/install.exe
DNS Requests
- e.mail.ru-0372657165400983.ru