Troj/PDFEx-GX

Categoría: Virus y programas espía Protección disponible desde:12 sep 2012 14:00:20 (GMT)
Tipo: Trojan Última actualización:05 dic 2013 09:42:48 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Examples of Troj/PDFEx-GX include:

Example 1

File Information

Size
20K
SHA-1
03c9dca8f9c6cd308623cbbd040f229cc25a836c
MD5
40c72c665b8798bab49509f950abe5ad
CRC-32
9908a196
File type
Adobe Portable Document Format (PDF)
First seen
2012-07-23

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrABCC.tmp
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://fortnox.jkub.com/w.php
DNS Requests
  • fortnox.jkub.com

Example 2

File Information

Size
15K
SHA-1
15394831d623a7c61dc03446404a7ddbfa72aa0e
MD5
9a6ade2d6f5969795df9d3c53a1b5ecc
CRC-32
69d9ed1b
File type
Adobe Portable Document Format (PDF)
First seen
2012-11-15

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrCF04.tmp
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
HTTP Requests
  • http://www.unigis.uni-osnabrueck.de/plugins/content/jwsig.exe
DNS Requests
  • www.unigis.uni-osnabrueck.de

Example 3

File Information

Size
15K
SHA-1
5c827dce02369fc5ba8a97d2233e79129f27c364
MD5
379a80694f252b82e6e5b49dbda44512
CRC-32
3914650c
File type
Adobe Portable Document Format (PDF)
First seen
2012-09-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrAF28.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\wpbt1.dll
    Size
    192K
    SHA-1
    b66554096d5931707cf7ef3553dfffbcb467622a
    MD5
    5a3d99150bd9a4702a507d1ce6b1ef68
    CRC-32
    fbed6e17
    File type
    Windows executable
    First seen
    2012-09-26
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe
    Debugger
    defi.exe
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\5C9ED9D1
    1819
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□_□□□□P□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□_□□□□P□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 20 5f 6b c5 d5 9b cd 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 20 5f 6b c5 d5 9b cd 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
Processes Created
  • c:\docume~1\support\locals~1\temp\wpbt0.dll
  • c:\docume~1\support\locals~1\temp\wpbt1.dll
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://google.com/
  • http://sgdoe.de/includes/classes/subcats.exe
  • http://vivro.de/plugins/simplepie/simplepie.exe
DNS Requests
  • google.com
  • sgdoe.de
  • taskwire.net
  • vivro.de

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita