Troj/Malit-J

Categoria: Virus e spyware Opzioni di protezione ora disponibili:21 gen 2014 13:00:57 (GMT)
Tipo: Trojan Ultimo aggiornamento:21 gen 2014 13:00:57 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Troj/Malit-J include:

Example 1

File Information

Size
60
SHA-1
3c49c24bf47465cacf41154f5bb6039dd232a7fc
MD5
4395325b5f7aed1a6d12d68adabc17e7
CRC-32
02376086
File type
ASCII text / 8-bit Unicode Transformation Format
First seen
2014-01-21

Example 2

File Information

Size
996K
SHA-1
59997a2a77212f3b5d3c9d7df39d4aa745541597
MD5
ccf0ed38d97fd5e6198c377cecbd8305
CRC-32
7146e3a6
File type
Windows executable
First seen
2014-01-19

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\mLt0A\mLt0A.dat
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\start.lnk
    Size
    717
    SHA-1
    8d4aa039693d7160b755276344ec5a18836bd5ce
    MD5
    528384dd7eeb05d51b78eb7684ca6f37
    CRC-32
    a4b52ae4
    File type
    Windows Shortcut file (.LNK)
    First seen
    2014-01-21
  • c:\Documents and Settings\test user\mgmuj\81180.cmd
    Size
    60
    SHA-1
    3c49c24bf47465cacf41154f5bb6039dd232a7fc
    MD5
    4395325b5f7aed1a6d12d68adabc17e7
    CRC-32
    02376086
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-01-21
  • c:\Documents and Settings\test user\mgmuj\beBUvVCNFgpo.ISP
    Size
    404K
    SHA-1
    ff7cf0b20af8b7206a397cd59d5cfc44649bff9c
    MD5
    4f73fe315afcc9d10f9959127c5d3dba
    CRC-32
    ef946520
    File type
    application/octet-stream
    First seen
    2014-01-21
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\mLt0A\mLt0A.svr
    Size
    357K
    SHA-1
    f462788d8dc2c5727373941d3dc1028b5742b0e6
    MD5
    a38735a6b9bd6863267636af51c3afa7
    CRC-32
    fd2d25ee
    File type
    Unspecified binary - probably data
    First seen
    2014-01-10
  • c:\Documents and Settings\test user\mgmuj\k
    Size
    25M
    SHA-1
    b0d8eb81349b107cfff31c3223d395478e3d98e2
    MD5
    4d98d67970874dc5b33439521cf73dbb
    CRC-32
    b715f361
    File type
    application/octet-stream
    First seen
    2014-01-21
  • c:\Documents and Settings\test user\Application Data\Microsoft\Windows\mLt0A\mLt0A.nfo
    Size
    3.6K
    SHA-1
    07ac165ebcb03ee978ac681228d43ff04528dc73
    MD5
    5d57f522c54fe80493ffd71b3dcf2e08
    CRC-32
    ec9e2feb
    File type
    application/octet-stream
    First seen
    2014-01-21
  • c:\Documents and Settings\test user\mgmuj\90447.vbs
    Size
    189
    SHA-1
    a119781d73c3acf33091b2a427f781fd545e71ae
    MD5
    9de0ad424f699e1af32d3e3e784a5099
    CRC-32
    f1d7abbc
    File type
    Visual Basic Script
    First seen
    2014-01-21
  • c:\Documents and Settings\test user\mgmuj\rBRGkxryoMI.EUO
    Size
    110
    SHA-1
    16a32a3d8a93b949105a922a92177ee547eb6686
    MD5
    b74d33acd95b51a8f32ec73c7401ec52
    CRC-32
    4c7ec5b7
    File type
    Configuration Data File (generic)
    First seen
    2014-01-21
  • c:\Documents and Settings\test user\mgmuj\WindowUpdate.exe
    Size
    733K
    SHA-1
    cae4e8c730de5a01d30aabeb3e5cb2136090ed8d
    MD5
    71d8f6d5dc35517275bc38ebcc815f9f
    CRC-32
    4aca8fdb
    File type
    Windows executable
    First seen
    2012-01-31
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    mgmuj
    C:\DOCUME~1\support\mgmuj\90447.vbs
  • HKCU\Software\mLt0A
    InstalledServer
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\mgmuj\windowupdate.exe
  • c:\windows\microsoft.net\framework\v4.0.30319\regsvcs.exe
HTTP Requests
  • http://cyber-sec.org/email/asp/email.php
DNS Requests
  • cyber-sec.org
  • slowburn.no-ip.biz

Example 3

File Information

Size
717
SHA-1
8d4aa039693d7160b755276344ec5a18836bd5ce
MD5
528384dd7eeb05d51b78eb7684ca6f37
CRC-32
a4b52ae4
File type
Windows Shortcut file (.LNK)
First seen
2014-01-21

scarica Prova gratuita dei prodotti Sophos
Scarica subito