Summary
Troj/Pushdo-Gen is a Trojan.
Detailed analysis
Example behaviors of Troj/Pushdo-Gen follow:
Example 1
Runtime Analysis
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\Enum
- Count
- 0x00000000
- HKLM\SYSTEM\CurrentControlSet\Services\runtime
- ImagePath
- \??\C:\WINDOWS\System32\drivers\runtime.sys
Processes Created
- c:\program files\internet explorer\iexplore.exe
HTTP Requests
- http://-/40e8001430303030303030303030303030303030303031306c0000015166000000007600000002
IP Connections
Example 2
Runtime Analysis
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\runtime
- ImagePath
- \??\C:\WINDOWS\System32\drivers\runtime.sys
- HKLM\SYSTEM\CurrentControlSet\Services\Secdrv\Enum
- Count
- 0x00000000
Processes Created
- c:\program files\internet explorer\iexplore.exe
HTTP Requests
- http://-/40e8001430303030303030303030303030303030303031306c0000003c66000000007600000002
IP Connections
Example 3
Runtime Analysis
Dropped Files
- C:\WINDOWS\system32\drivers\Rbh06.sys
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rbh06.sys
- (Default)
- Driver
- HKLM\SYSTEM\CurrentControlSet\Services\Rbh06\Security
- Security
- 01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\SYSTEM\CurrentControlSet\Services\Rbh06
- Group
- SCSI Class
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rbh06.sys
- (Default)
- Driver
Processes Created
- c:\windows\system32\cmd.exe