Troj/Bredo-AHP

Catégorie: Virus et spywares Protection disponible depuis:20 mai 2013 02:25:19 (GMT)
Type: Trojan Dernière mise à jour :20 mai 2013 02:25:19 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Troj/Bredo-AHP exhibits the following characteristics:

File Information

Size
100K
SHA-1
3d20d5f1f69e99d37f07394fdb1ff78a66e155e5
MD5
856f0cb900ef5b825044de1f56d40dbf
CRC-32
1e7309e3
File type
Windows executable
First seen
2013-05-19

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\svchost.exe
    Size
    31K
    SHA-1
    2c4366173e46ba18ae431596cd70cae4192556bc
    MD5
    bddc21429a85280b0759db30a94b79b5
    CRC-32
    7a39510f
    File type
    Windows executable
    First seen
    2013-05-19
  • c:\Documents and Settings\test user\Recent\ME.jpg.lnk
    Size
    811
    SHA-1
    07d1ea8ca242a21e5e291d9cdfdfe821654d1577
    MD5
    1f36de6b82f957c2ac06754cdb84b53a
    CRC-32
    a96f26fa
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-05-19
  • c:\Documents and Settings\test user\Application Data\dgtftthn.exe
    Size
    31K
    SHA-1
    2c4366173e46ba18ae431596cd70cae4192556bc
    MD5
    bddc21429a85280b0759db30a94b79b5
    CRC-32
    7a39510f
    File type
    Windows executable
    First seen
    2013-05-19
  • c:\Documents and Settings\test user\Application Data\ME.jpg
    Size
    33K
    SHA-1
    aa30c1f56c723a2ada31bec2cd6eba8a784c3c31
    MD5
    136a8d4c225fa5c8384f25df782fbe0b
    CRC-32
    612e7f26
    File type
    JPEG Interchange Format
    First seen
    2013-05-02
  • c:\Documents and Settings\test user\Recent\Application Data.lnk
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    7
    A□□□□□□□□□□□□□□0□□□□□@□□□□□□□□□□□□□□@□□□□□@□□□□□□□□@□□ □□□□□□□□□□□□□□□□□□p□□l□□c□□t□□o□□ □@a□@a□□l□□k□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□□□□0□□□□□@□□□□□□□□□□□□□□@□□□□□@□□□□□□□□□□□□□□□□□□□□@□□□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    SunJavaUpdateSched
    C:\Documents and Settings\All Users\svchost.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013051920130520
    CacheRepair
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    3
    A□□□□□□□□□□□□□□0□□□□□@□□□□□□□□□□□□□□@□□□□□@□□□□□□□□@□□ □□□□□□□□□□□□□□□□□□p□□l□□c□□t□□o□□ □@a□@a□□l□□k□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□□□□0□□□□□@□□□□□□□□□□□□□□@□□□□□@□□□□□□□□□□□□□□□□□□□□@□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg
    MRUListEx
    □□□□□□□□□□□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    MRUListEx
    03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    MRUListEx
    07 00 00 00 06 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
Processes Created
  • c:\Documents and Settings\test user\application data\dgtftthn.exe
  • c:\windows\system32\rundll32.exe

download Essayez les produits Sophos gratuitement
Téléchargez maintenant