Sus/Behav-168

Categoria: File e comportamenti sospetti Opzioni di protezione ora disponibili:20 ago 2008 17.16.52 (GMT)
Tipo: Suspicious file Ultimo aggiornamento:08 lug 2011 17.49.42 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Summary

Files detected as Sus/Behav-168 exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/Behav-168 follow:

Example 1

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\mdm.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Control\Lsa
    restrictanonymous
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Ole
    EnableDCOM
    N
Processes Created
  • c:\windows\system32\mdm.exe
DNS Requests
  • wow.aktash123.com

Example 2

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\mdm.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Ole
    EnableDCOM
    N
  • HKLM\SYSTEM\CurrentControlSet\Control\Lsa
    restrictanonymous
    0x00000001
Processes Created
  • c:\windows\system32\mdm.exe
DNS Requests
  • tap.aktash123.com

Example 3

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\mdm.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Office
    C:\WINDOWS\system32\mdm.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Control\Lsa
    restrictanonymous
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Ole
    EnableDCOM
    N
Processes Created
  • c:\windows\system32\mdm.exe
DNS Requests
  • tap.aktash123.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito