GreyGray

Catégorie: Adwares et PUA Protection disponible depuis:28 janv. 2014 04:39:47 (GMT)
Type: Adware Dernière mise à jour :28 janv. 2014 04:39:47 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of GreyGray include:

Example 1

File Information

Size
100K
SHA-1
08428249bcb22f08ba5285048a4a9e5afb24f8f7
MD5
48cdb8d668b13360a7aea01e10258c4d
CRC-32
fbb22d27
File type
Windows executable
First seen
2014-01-25

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
    Size
    533
    SHA-1
    5203a6bd57fbbea66d3bbbdf084d6f4d1f02a652
    MD5
    19d1e72a816f8ca238e1673660b7d962
    CRC-32
    fb667a05
    File type
    Encoded certificate
    First seen
    2013-12-21
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    53K
    SHA-1
    509a4695add9e9709c2e673529ed53c7d0d0abd8
    MD5
    37c3ac7e8dc94373c9687e748ae3578e
    CRC-32
    624046e4
    File type
    Microsoft CAB archive
    First seen
    2013-10-19
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    124
    SHA-1
    d7691fa1d61d1ba6bed0ca4fbc4680e3f23b177a
    MD5
    578463aa37613dd18c134bbaaded2759
    CRC-32
    a41b9851
    File type
    Unspecified binary - probably data
    First seen
    2014-01-25
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Size
    216
    SHA-1
    fa0749417633ca4c792e524e800b9a8e11037503
    MD5
    aa26ba66d874f6180d15ee4148c452c5
    CRC-32
    be12726e
    File type
    Unspecified binary - probably data
    First seen
    2014-01-25
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    117K
    SHA-1
    e2ca2355a05acade3768b40f2ed054cb11ffe418
    MD5
    c5fc80c6241675658558a3e920028d41
    CRC-32
    687ae3c9
    File type
    Encoded certificate
    First seen
    2014-01-24
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
    Size
    100
    SHA-1
    3c040bd07708cf3ebe72beeae087367ddfcead74
    MD5
    2cbe9ad4c8678ae82e0d791f2d4badb5
    CRC-32
    64e5e4a9
    File type
    Unspecified binary - probably data
    First seen
    2014-01-25
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
    Blob
    □□□□□□□□□□□□□□□□□□□□□@1□p>□ □□□E□p□□0□□□□□0□□□□□□□□□□□@□□□□□□□□Px□□□□□□□□X□□□□`□□□□□pD□P□□□□□□□□□□□□□□□□□□□□`□□□□□p□□□L□□A□□□□`T□0a□□□□□□□□□□□□□ □□□□□`□□P□□ □□□□□0□□□□□p□□□□□□□□@□□□□□□□□□□□@□□□□□□□□P□□ □□□□□□0□□□□09□□□□□3□□3□ □□□□□□□□□□□□□□□□□□□□□~□0□□□□□□k□`*□@□□□□□@e□□□□0□□□□□□□□@□□@□□p□□0□□□□□□□□□□□P□□□□□□#□□!□`□□□□□□□□`□□P□□p□□`0□ 0□□□□□+□`□□@□□ 7□□□□□□□ □□□□□□□□□□□□□□□*□□□□□0□□□□□+□`□□P□□p□□□□□□+□`□□P□□p□□ □□□+□`□□P□□p□□@□□□+□`□□P□□p□□0□□□□□□□□□□□□□□□□□□□□P□□`□□□b□ u□□B□□□□□□□p □□□□□□□□□□□□□@□□□0□ □□00□ □□□□□0□□□□□ □□□□□□□□`}□□□□□!□□□□□k□□J□□□□`□□□□□□□□p□□□□□P□□□0□□□□□□□□□□`□□P□□`□□ U□01□p0□P□□0U□@□□0□□`e□ i□0i□pn□□ □□n□0.□□□□□□□`□□P□□□□□`V□Pr□□S□□g□□ □@r□Ps□@ □□e□@w□□r□□1□□0□□□□0U□@□□01□□c□□ □ 0□□6□□V□Pr□□S□□g□□,□□I□□c□□ □□ □`o□ □□u□@h□□r□□z□Pd□□u□0e□ [... 1404 intervening characters ...] □□□□%□p9□P□□□□□@e□□□□□□□`□□□□□`□□□□□□□□□□□ *□□(□□□□□□□P□□□&□□□□@□□□□□P□□□□□ □□ □□□□□□^□□□□□□□0[□□□□□E□□r□□□□□k□□□□□3□PH□□□□□'□□□□P_□□□□`□□@z□`□□□□□□2□□3□@T□`□□□h□□□□ J□P8□@□□□□□□,□ □□□□□□□□0j□
  • HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    (Default)
    d2c1e060-e4a4-4e39-b473-7fefa9741614
HTTP Requests
  • http://crl.verisign.com/pca3-g5.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • api.greygray.biz
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • www.download.windowsupdate.com

Example 2

File Information

File type
Windows executable

Example 3

File Information

File type
Windows executable

download Essayez les produits Sophos gratuitement
Téléchargez maintenant