Troj/Popclik-A

Categoría: Virus y programas espía Protección disponible desde:28 ene 2012 22:34:58 (GMT)
Tipo: Trojan Última actualización:28 ene 2012 22:34:58 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

Examples of Troj/Popclik-A include:

Example 1

File Information

Size
30K
SHA-1
4bcecfc3105fd7d5e1bbe20a3885bc52fa98ab1e
MD5
ef89091163dacbe5d13bbe030446dcd4
CRC-32
5a42f4ee
File type
application/x-ms-dos-executable
First seen
2012-01-22

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012012820120129
    CacheOptions
    0x0000000b
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012010920120116
    CacheOptions
    0x0000000b
HTTP Requests
  • http://clkpop.com/
  • http://clkpop.com/tmp.exe
DNS Requests
  • clkpop.com

Example 2

File Information

Size
98K
SHA-1
d457181a814a13cf7e0304ae0e9e2a7c253b5a06
MD5
893b2ec744f5eadbd5bb50a85e5832c1
CRC-32
0a53f990
File type
application/x-ms-dos-executable
First seen
2012-01-26

Runtime Analysis

Dropped Files
  • C:\Program Files\System\Driver\app.exe
    Size
    30K
    SHA-1
    4bcecfc3105fd7d5e1bbe20a3885bc52fa98ab1e
    MD5
    ef89091163dacbe5d13bbe030446dcd4
    CRC-32
    5a42f4ee
    File type
    application/x-ms-dos-executable
    First seen
    2012-01-22
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw3.tmp\UserInfo.dll
  • C:\Program Files\System\Driver\uninstall.exe
    Size
    50K
    SHA-1
    f93bb8dd6bb7c426fceec04a2017659d8d577f7a
    MD5
    65c02719cdcf8686b55ae8b1ef9b2e41
    CRC-32
    fb5d419a
    File type
    application/x-ms-dos-executable
    First seen
    2012-01-28
  • C:\Documents and Settings\All Users\Start Menu\Programs\System\Driver.lnk
    Size
    740
    SHA-1
    87480b079ad79447d978950a823b4dbc54d6634e
    MD5
    d35b06e4e7f7f4a3a1ac94534d049082
    CRC-32
    9de04be1
    File type
    application/octet-stream
    First seen
    2012-01-28
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw3.tmp\InstallOptions.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw3.tmp\ioSpecial.ini
    Size
    668
    SHA-1
    62dc4bb4c5085f6b49afe1be39474997c8d24dff
    MD5
    6eb286f860b39124ca3c24f53ba17661
    CRC-32
    c81ed621
    File type
    application/octet-stream
    First seen
    2012-01-28
  • c:\Documents and Settings\test user\Local Settings\Temp\nsw3.tmp\modern-wizard.bmp
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Svc32
    C:\Program Files\System\Driver\app.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Driver
    InstallLocation
    "C:\Program Files\System\Driver"

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita