W32/Dorkbot-FM

Categoria: Virus e spyware Opzioni di protezione ora disponibili:30 apr 2013 09:27:14 (GMT)
Tipo: Win32 worm Ultimo aggiornamento:30 apr 2013 09:27:14 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of W32/Dorkbot-FM include:

Example 1

File Information

Size
3.6K
SHA-1
5dea0f6bdda9781ff0802317fe00f43a36f51112
MD5
ac3c0eeec14ab228efd2b70985faa1d1
CRC-32
eae2cd3f
File type
Windows Codepage 1252
First seen
2013-04-30

Example 2

File Information

Size
101K
SHA-1
e9f149cf0f25ad192227803fc3a061ced953996c
MD5
99970b815a92515436c9bc47bd846fef
CRC-32
4f7752b7
File type
Windows executable
First seen
2012-08-24

Runtime Analysis

Copies Itself To
  • F:/snkb0pt/snkb0pt.exe
  • c:\Documents and Settings\test user\Application Data\Rndtxsiljuhndpqb.exe
Dropped Files
  • F:/snkb0pt/Desktop.ini
    Size
    63
    SHA-1
    735f8b2d5f3458f8fb309da410326208b75c74c8
    MD5
    6cc375438fb76385e58c69193046dd19
    CRC-32
    7cba2fbd
    File type
    Configuration Data File (generic)
    First seen
    2012-05-30
  • F:/autorun.inf
    Size
    3.6K
    SHA-1
    5dea0f6bdda9781ff0802317fe00f43a36f51112
    MD5
    ac3c0eeec14ab228efd2b70985faa1d1
    CRC-32
    eae2cd3f
    File type
    Windows Codepage 1252
    First seen
    2013-04-30
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Rndtxsiljuhndpqb.exe
    "c:\Documents and Settings\test user\Application Data\Rndtxsiljuhndpqb.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\rndtxsiljuhndpqb.exe
DNS Requests
  • f.eastmoon.pl
  • gigasbh.org
  • gigasphere.su
  • h.opennews.su
  • o.dailyradio.su
  • photobeat.su
  • s.richlab.pl
  • uranus.kei.su
  • xixbh.com
  • xixbh.net

scarica Prova gratuita dei prodotti Sophos
Scarica subito