Troj/MSIL-PJ

Categoria: Virus e spyware Opzioni di protezione ora disponibili:09 apr 2014 16:10:27 (GMT)
Tipo: Trojan Ultimo aggiornamento:09 apr 2014 16:10:27 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Troj/MSIL-PJ exhibits the following characteristics:

File Information

Size
1.3M
SHA-1
19000292b7dbcad8f113e939634dbe8d7ff69adc
MD5
bde5c19cfef565e3a3212f815f23f66f
CRC-32
011e7b02
File type
Windows executable
First seen
2014-04-09

Other vendor detection

Avira
TR/Dropper.MSIL.Gen

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\XXAS.EXE
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\Defender.url
  • c:\Documents and Settings\test user\Local Settings\Temp\ANDRO.EXE
  • C:\Program Files\Common Files\lsmass.exe
  • c:\Documents and Settings\test user\Application Data\FlashPlayer\svchost.exe
  • C:\Documents and Settings\All Users\Application Data\wscntfy.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    EnableBalloonTips
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows-Audio Driver
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe:*:Enabled:Windows-Audio Driver
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Windows-Network Component
    C:\Program Files\Common Files\lsmass.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe
    C:\Documents and Settings\All Users\Application Data\wscntfy.exe:*:Enabled:Windows-Audio Driver
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD37E3C0-3D7C-0122-D759-4A18123B2C87}
    IsInstalled
    0x00000001
Processes Created
  • c:\documents and settings\all users\application data\wscntfy.exe
  • c:\docume~1\support\locals~1\temp\andro.exe
  • c:\docume~1\support\locals~1\temp\xxas.exe
  • c:\program files\common files\lsmass.exe
  • c:\windows\system32\netsh.exe
DNS Requests
  • google.com
  • movie-blog.ml

scarica Prova gratuita dei prodotti Sophos
Scarica subito