Sus/EncPk-LT

Catégorie: Comportements et fichiers suspects Protection disponible depuis:02 déc. 2009 16:15:38 (GMT)
Type: Suspicious file Dernière mise à jour :08 juil. 2011 17:49:42 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Summary

Files detected as Sus/EncPk-LT exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/EncPk-LT follow:

Example 1

Other vendor detection

Avira
TR/Vilsel.iot
Kaspersky
Trojan-Downloader.Win32.FraudLoad.wuis

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\support\Application Data\seres.exe
  • C:\Documents and Settings\support\Application Data\svcst.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    SaveZoneInformation
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    mserv
    C:\Documents and Settings\support\Application Data\seres.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
Processes Created
  • c:\documents and settings\support\application data\seres.exe
  • c:\documents and settings\support\application data\svcst.exe
HTTP Requests
  • http://lersolamga5derg.com/fx1Id0MZ5EmE8Co0WBl4SP7p/6IJ
  • http://rtugamer5tbobes.com/Rn1xQv0Tqm5h8sCB0SRV4ss7y6qB
  • http://utorgtan9edoskaw.com/A1PWV0KW5biy8umM0WCA4gj7eW6U
DNS Requests
  • lersolamga5derg.com
  • orav4abdustorabe.com
  • rtugamer5tbobes.com
  • utorgtan9edoskaw.com

Example 2

Other vendor detection

Avira
TR/Agent.AH.489
Kaspersky
Packed.Win32.Krap.ah

Example 3

Other vendor detection

Avira
TR/Crypt.ZPACK.Gen
Kaspersky
Packed.Win32.Krap.ah

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\support\Application Data\seres.exe
  • C:\Documents and Settings\support\Application Data\svcst.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    mserv
    C:\Documents and Settings\support\Application Data\seres.exe
  • HKCU\Software\Microsoft\Internet Explorer\Download
    RunInvalidSignatures
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    SaveZoneInformation
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Download
    CheckExeSignatures
    no
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
    LowRiskFileTypes
    zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav
Processes Created
  • c:\documents and settings\support\application data\seres.exe
  • c:\documents and settings\support\application data\svcst.exe
HTTP Requests
  • http://nebrarfsofertu.com/D1n/0Rv5Ly8JXe0G4Ex7OqU5rd
  • http://obu7leskinrodab.com/vw1App0g5GFt8Ib0kgl4Clb7AIO5i
  • http://orav4abdustorabe.com/XEw1CIn0CHr5dOB8I0l4zR7kdJ5a
DNS Requests
  • ertanue5skayert.com
  • nebrarfsofertu.com
  • obu7leskinrodab.com
  • orav4abdustorabe.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant