Sus/GUnkPack-A

Categoria: File e comportamenti sospetti Opzioni di protezione ora disponibili:15 set 2010 08.48.34 (GMT)
Tipo: Suspicious file Ultimo aggiornamento:30 set 2010 13.25.40 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Summary

Files detected as Sus/GUnkPack-A exhibit suspicious behavior.

Detailed analysis

Example behaviors of Sus/GUnkPack-A follow:

Example 1

Other vendor detection

Avira
TR/Dropper.Gen
Kaspersky
Packed.Win32.Tdss.f
Trend
TROJ_FAKEAV.XB

Example 2

Other vendor detection

Avira
TR/Autorun.409637
Kaspersky
Worm.Win32.AutoRun.fvc
Trend
TROJ_VB.HZZ

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\explorer.exe
  • F:/RECYCLER/S-1-6-21-2434476521-1645641927-702000330-1542/redmond.exe
Dropped Files
  • C:\WINDOWS\system32\schost.exe
  • F:/RECYCLER/S-1-6-21-2434476521-1645641927-702000330-1542/Desktop.ini
  • F:/autorun.inf
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\WINDOWS\system32\explorer.exe
    C:\WINDOWS\system32\explorer.exe:*:Enabled:Explorer
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    QnX
    C:\WINDOWS\system32\schost.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service
    FailureActions
    0a 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 b8 0b 00 00
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion
    (Default)
    H1UYEEMA[QRspr{gm8;Rhaa}%ktn
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    FailureActions
    0a 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 b8 0b 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\ERSvc
    FailureActions
    0a 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 b8 0b 00 00
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{77520Q86-864L-N81R-0R2W-7U2G0P22436U}
    StubPath
    "C:\WINDOWS\system32\schost.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Internet Explorer Updater
    C:\WINDOWS\system32\explorer.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
    internet
    09
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\ERSvc
    Start
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
HTTP Requests
  • http://whatismyip.com/automation/n09230945.asp
DNS Requests
  • bogus.com
  • test.com
  • wibble.com
  • www.whatismyip.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito