Sus/Dropper-R

Categoria: File e comportamenti sospetti Opzioni di protezione ora disponibili:21 set 2007 11.33.21 (GMT)
Tipo: Suspicious file Ultimo aggiornamento:08 lug 2011 17.49.42 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Summary

Files detected as Sus/Dropper-R exhibit suspicious behaviour.

Detailed analysis

Example behaviours of Sus/Dropper-R follow:

Example 1

Runtime Analysis

Dropped Files
  • C:\microsoft.dll
  • C:\microsoft.exe
Processes Created
  • c:\program files\internet explorer\iexplore.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://www.greekembassy.nl/press/modules/PostCalendar/pntemplates/metaglo/complaint.html
DNS Requests
  • www.greekembassy.nl

Example 2

Runtime Analysis

Dropped Files
  • C:\microsoft.exe
  • C:\microsoft.dll
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010090620100913
    CacheOptions
    0x0000000b
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012010092120100922
    CacheOptions
    0x0000000b
Processes Created
  • c:\program files\internet explorer\iexplore.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://empoweredyouthchurch.net/b2evolution/media/complaint.html
DNS Requests
  • empoweredyouthchurch.net

Example 3

File Information

Size
5.7M
SHA-1
48a6509ae8744ba84cf70537f8aae7af761649f9
MD5
9bb8011de752d68870b7fe4a0798137c
CRC-32
a604425a
File type
application/x-ms-dos-executable
First seen
2010-09-06

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\Crying Damson.exe
  • C:\Documents and Settings\support\Local Settings\Temp\CRYING DAMSON.EXE
    Size
    5.0M
    SHA-1
    f592c6780ce3c14511695395f5f10084dc1344ca
    MD5
    e7602971885ce987f90ea4f6d195fff3
    CRC-32
    f310cf8b
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-07
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\iconv.dll
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\zlib1.dll
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\libxml2-2.dll
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\sqlite3.dll
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\libiconv-2.dll
  • C:\Documents and Settings\support\Local Settings\Temp\SERWER.EXE
    Size
    700K
    SHA-1
    bb1fd4750a7c12dc00a499880df94b128b9b275b
    MD5
    90803ea3feeda6c03d842b5513e87d4f
    CRC-32
    b86076d1
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-07
  • C:\Documents and Settings\support\Start Menu\Programs\Startup\nssvc32.exe
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\mysql.dll
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\libxml2.dll
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\lua5.1.dll
  • C:\Documents and Settings\support\Local Settings\Temp\WINDOWS\libmysql.dll
Processes Created
  • c:\docume~1\support\locals~1\temp\crying damson.exe
  • c:\docume~1\support\locals~1\temp\serwer.exe
  • c:\windows\system32\dwwin.exe

scarica Prova gratuita dei prodotti Sophos
Scarica subito