Sus/PDFJs-RE

Categoria: File e comportamenti sospetti Opzioni di protezione ora disponibili:04 apr 2011 15.30.31 (GMT)
Tipo: Suspicious file Ultimo aggiornamento:24 dic 2012 10.00.15 (GMT)

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Sus/PDFJs-RE include:

Example 1

File Information

Size
73K
SHA-1
0ecbdda3faaae2ffd00312036232703fee6bf63f
MD5
01b61a7a82e8a6db894840f68bee8f0d
CRC-32
02ee9955
File type
Adobe Portable Document Format (PDF)
First seen
2011-04-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrA990.tmp
    Size
    358
    SHA-1
    e3cca8f39b205b327abbd62cbdd5d3a7d885bae2
    MD5
    2f41e0bf5df118d5e8f133f061217e2c
    CRC-32
    63719f1e
    File type
    Adobe Portable Document Format
    First seen
    2011-04-04
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
HTTP Requests
  • http://zkp2.cz.cc/y/l.php
DNS Requests
  • zkp2.cz.cc

Example 2

File Information

Size
73K
SHA-1
220ab788e4320545dc6e3e82d731874d06d8c88c
MD5
a2a1168a66570ea25d194574eb31104c
CRC-32
c8032677
File type
Adobe Portable Document Format (PDF)
First seen
2011-04-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Address Book\support.wab
    Size
    173K
    SHA-1
    634fc303fcdea758a75fb8b4eb2b8f6ef823e68f
    MD5
    b2918c2faf5fd69f905dc90c779bc7ba
    CRC-32
    7130ce53
    File type
    application/octet-stream
    First seen
    2011-04-01
  • c:\Documents and Settings\test user\Application Data\Yqiw\igumg.wuz
    Size
    1.7K
    SHA-1
    df99ce109a11c63309ddb0cbd219ec77a6659c3c
    MD5
    533eb2711b6c34f6dbd0b4902e806b6e
    CRC-32
    1b99c60e
    File type
    application/octet-stream
    First seen
    2011-04-01
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrF06D.tmp
    Size
    358
    SHA-1
    7fd63653e93592c661426e073d6875006bc4afba
    MD5
    76538aa460f9440e6e0ef7e03b0ee68a
    CRC-32
    370848ee
    File type
    application/pdf
    First seen
    2011-04-01
  • c:\Documents and Settings\test user\Application Data\Hivo\myev.exe
    Size
    179K
    SHA-1
    3926e10753ecb0df00d89ea91f1d47690dc4d56e
    MD5
    0aed07d945a277d8e536daf2dab370c3
    CRC-32
    07ef8c3d
    File type
    application/x-ms-dos-executable
    First seen
    2011-04-01
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Account Manager
    Default LDAP Account
    Active Directory GC
  • HKCU\Software\Microsoft\Internet Account Manager\Accounts
    PreConfigVerNTDS
    0x00000001
  • HKCU\Software\Microsoft\WAB\WAB4
    OlkContactRefresh
    0x00000000
  • HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere
    LDAP Timeout
    0x0000003c
  • HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC
    LDAP Search Base
    NULL
  • HKCU\Software\Microsoft\Idvi
    Usewsou
    □□□□□□`□□□□□□v□pS□□□□□W□pU□0□□`□□□B□□□□□□□□3□□^□□□□□J□p/□ m□□□□□□□□□□p□□□w□□)□□□□□i□pS□□*□`□□p□□□□□□K□□□□□□□□R□□□□@□□`□□□□□□□□□□□0_□□□□0G□□C□□9□□□□0=□□/□`□□□□□□3□□□□□□□□□□@[□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DBAD8CF-32D6-B43B-5C4F-AB0CE0B626F9}
    "c:\Documents and Settings\test user\Application Data\Hivo\myev.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\local settings\temporary internet files\content.ie5\l4kr7nrv\update[1].exe
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://1ctg.cz.cc/y/l.php
  • http://lldhjgjvxmvwrok.net/news/
  • http://www.google.com/webhp
  • http://xivqedvpkssuujg.biz/news/
  • http://xnpnntknkfsnizo.biz/news/
  • http://xnpnntknkfsnizo.org/news/
DNS Requests
  • 1ctg.cz.cc
  • lldhjgjvxmvwrok.net
  • www.google.com
  • xivqedvpkssuujg.biz
  • xnpnntknkfsnizo.biz
  • xnpnntknkfsnizo.org

Example 3

File Information

Size
73K
SHA-1
26deaf4a241395b893ab6129ba047feb18be3b62
MD5
2310df12fe03ac609c5698cdafef85fb
CRC-32
179c75e7
File type
Adobe Portable Document Format (PDF)
First seen
2011-04-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrA971.tmp
    Size
    358
    SHA-1
    5c888bdf8731733ba12eef09da0ab05089d5342d
    MD5
    ad3a8b53f65d3c1db5d24b81f3639058
    CRC-32
    c3c14e9d
    File type
    Adobe Portable Document Format
    First seen
    2011-04-04
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe

scarica Prova gratuita dei prodotti Sophos
Scarica subito