Troj/Matsnu-AC

Catégorie: Virus et spywares Protection disponible depuis:24 avr. 2013 16:18:02 (GMT)
Type: Trojan Dernière mise à jour :24 avr. 2013 16:18:02 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Troj/Matsnu-AC exhibits the following characteristics:

File Information

Size
1.4M
SHA-1
b131aec4cc153105aa4b2364a6ba1fc447db10b9
MD5
b8cb9e25400fe2708b2fa8cfbacafba6
CRC-32
1a4d5daa
File type
Windows executable
First seen
2013-04-24

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Ycoqe\pieh.tmp
    Size
    563
    SHA-1
    51a8fedf3cf4afb38ac217f99baf4c5fbc33527e
    MD5
    377b31988214d946f8d85d0aea9b932d
    CRC-32
    bc7b37ca
    File type
    Unspecified binary - probably data
    First seen
    2013-04-24
  • c:\Documents and Settings\test user\Local Settings\Temp\Purchaselist1.exe
    Size
    1.4M
    SHA-1
    f94c85b5bc1ddbe1e2407f5f01d9532495ed69fe
    MD5
    d6236f4e1e2af3a87639b0d2689b7f91
    CRC-32
    3de4e71d
    File type
    Windows executable
    First seen
    2013-04-24
  • c:\Documents and Settings\test user\Application Data\Ycoqe\pieh.fyt
    Size
    477
    SHA-1
    89d7bffb38c5ab25943be210cd8211bde94ea451
    MD5
    866ee614ea8011ad312a459cff05f337
    CRC-32
    34404643
    File type
    Unspecified binary - probably data
    First seen
    2013-04-24
  • c:\Documents and Settings\test user\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\stubexe\0xCF28318C611AD3E8\bot.exe
    Size
    17K
    SHA-1
    3f25b5cf50cd9b0e97cc3cbff3cfc32ce9f9334d
    MD5
    06f6f517e63cd2067ee74d4af572a410
    CRC-32
    62aae743
    File type
    Windows executable
    First seen
    2013-04-24
  • c:\Documents and Settings\test user\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\stubexe\0x5012597E1062D49C\cmd.exe
    Size
    17K
    SHA-1
    74907c4ac410ab9a37de1d02491d5a7bb6ea0517
    MD5
    9012e745bb82541fd3698d4de20c77d0
    CRC-32
    01d0e4a9
    File type
    Windows executable
    First seen
    2013-04-24
  • c:\Documents and Settings\test user\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\xsandbox.bin
    Size
    16
    SHA-1
    748532edeb86496c8efe5e2327501d89ec1f13df
    MD5
    ec3d19e8e9b05d025cb56c2a98ead8e7
    CRC-32
    52861c96
    File type
    Unspecified binary - probably data
    First seen
    2012-10-31
  • c:\Documents and Settings\test user\Local Settings\Application Data\Spoon\Sandbox\1.0.0.0\local\stubexe\0xCF28318C611AD3E8\quhu.exe
    Size
    17K
    SHA-1
    88905110a60bda07739f7a14fa0ede1dfee725f2
    MD5
    7676a1a200a26bff8fb15a3658c154b3
    CRC-32
    1a6ed639
    File type
    Windows executable
    First seen
    2013-04-24
  • c:\Documents and Settings\test user\Application Data\Onucyt\quhu.exe
    Size
    139K
    SHA-1
    a787b84bfad440b0ba563320e9c920272ff1e5fa
    MD5
    043b4c5da7d7b6e99e98771c09f145ef
    CRC-32
    1a1261b0
    File type
    Windows executable
    First seen
    2013-04-24
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {B5900658-B683-C128-79C7-9C7C8F41D583}
    "c:\Documents and Settings\test user\Application Data\Onucyt\quhu.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Avkym
    Hoamlum
    □□□□□□□□□□c□□□□□□□□R□□□□ _□□%□@.□□□□□□□□□□□□□□□□□□□□□□□f□□□□@□□□□□□G□□□□□□□□□□□□□0□□`□□□!□□o□0□□□□□□□□ □□□S□0□□P□□px□0}□p□□□□□□C□□□□p□□□9□Pv□□K□□□□□□□□□□0□□@□□□□□`8□□□□□□□□w□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    b2 cc bb 4a e2 40 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\local settings\application data\spoon\sandbox\1.0.0.0\local\stubexe\0x5012597e1062d49c\cmd.exe
  • c:\Documents and Settings\test user\local settings\application data\spoon\sandbox\1.0.0.0\local\stubexe\0xcf28318c611ad3e8\bot.exe
  • c:\Documents and Settings\test user\local settings\application data\spoon\sandbox\1.0.0.0\local\stubexe\0xcf28318c611ad3e8\quhu.exe
  • c:\docume~1\support\locals~1\temp\purchaselist1.exe
HTTP Requests
  • http://sagecreekranchliving.com/fresh/cfg.bin
DNS Requests
  • sagecreekranchliving.com
  • start.spoon.net

download Essayez les produits Sophos gratuitement
Téléchargez maintenant