Troj/MSIL-IR

Categoria: Virus e spyware Opzioni di protezione ora disponibili:07 gen 2014 11:13:07 (GMT)
Tipo: Trojan Ultimo aggiornamento:12 feb 2014 07:22:32 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Troj/MSIL-IR include:

Example 1

File Information

Size
451K
SHA-1
01a3be2e25fd88192544aeca93671827d8410a95
MD5
3b96063ad28ffa2d115d017001d5b7f4
CRC-32
18330735
File type
Windows executable
First seen
2014-02-03

Runtime Analysis

Copies Itself To
  • C:\{$1284-9213-2940-1289$}\comhost.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\msconfig.ini
Registry Keys Created
  • HKCU\Software\VB and VBA Program Settings\Microsoft\Sysinternals
    PROCID
    8797
Processes Created
  • c:\{$1284-9213-2940-1289$}\comhost.exe
IP Connections
  • 95.160.90.52:4416

Example 2

File Information

Size
414K
SHA-1
04128de220f691a3a90f097b9ee812f3b694e4b5
MD5
c1b5482977fd2cb720e3533450682318
CRC-32
a946ba3a
File type
Windows executable
First seen
2014-02-05

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\windowsupdate.exe
  • c:\Documents and Settings\test user\Application Data\JdkftxOe\YKHAVSj.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\JdkftxOe\YKHAVSj.exe.lnk
    Size
    897
    SHA-1
    581779c5546daca84fba6d65fe0877bfe0511ee8
    MD5
    52c716d532c658722585e594274ba7a2
    CRC-32
    0eaeb983
    File type
    Windows Shortcut file (.LNK)
    First seen
    2014-02-05
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    EnableLUA
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    WinUpdate
    C:\WINDOWS\system32\windowsupdate.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\windowsupdate.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    c:\Documents and Settings\test user\Application Data\JdkftxOe\YKHAVSj.exe,explorer.exe
  • HKLM\SOFTWARE\Microsoft\Security Center
    AntiVirusDisableNotify
    1
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\notepad.exe
  • c:\windows\system32\reg.exe
  • c:\windows\system32\windowsupdate.exe
IP Connections
  • 62.141.44.219:300

Example 3

File Information

Size
264K
SHA-1
0962dfc89ed43ff0bc6bd41652b8b8c0334436f1
MD5
40e88ba1051be51f66086ed6bb87f1ae
CRC-32
e542472b
File type
Windows executable
First seen
2011-06-27

scarica Prova gratuita dei prodotti Sophos
Scarica subito