W32/Luder-B

Categoria: Virus e spyware Opzioni di protezione ora disponibili:29 apr 2013 20:18:37 (GMT)
Tipo: Win32 worm Ultimo aggiornamento:30 apr 2013 09:27:14 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of W32/Luder-B include:

Example 1

File Information

Size
345K
SHA-1
5cfab88feaebf4189a546a70616fb285b58419ba
MD5
c6d8e91ba01a0e24d92875268cd46f3a
CRC-32
82546137
File type
Windows executable
First seen
2013-04-29

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Osveot\iwopl.exe
    Size
    345K
    SHA-1
    4cc9acda409f6763a3a74c99b28ea4a53fc3171a
    MD5
    d767a70cf241b87211b0eaed1610b31f
    CRC-32
    239eeb69
    File type
    Windows executable
    First seen
    2013-04-29
  • c:\Documents and Settings\test user\Application Data\Goog\dudu.uzg
    Size
    3.9K
    SHA-1
    eabe6e17ba4813a16683c81aa24821cb4cab1d5e
    MD5
    37b49a2f11aef4dcc064888ecb2cc692
    CRC-32
    f1e94e34
    File type
    Unspecified binary - probably data
    First seen
    2013-04-29
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Taquepyh
    "c:\Documents and Settings\test user\Application Data\Osveot\iwopl.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Qynihi
    Ywroud
    □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□`□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□|□□□□□s□□Q□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    26 3d 10 23 dc 44 ce 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\osveot\iwopl.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • d71b28d222eb1f01.com

Example 2

File Information

Size
345K
SHA-1
4cc9acda409f6763a3a74c99b28ea4a53fc3171a
MD5
d767a70cf241b87211b0eaed1610b31f
CRC-32
239eeb69
File type
Windows executable
First seen
2013-04-29

scarica Prova gratuita dei prodotti Sophos
Scarica subito