W32/Vobfus-DH

Categoria: Virus e spyware Opzioni di protezione ora disponibili:26 set 2013 09:24:15 (GMT)
Tipo: Win32 worm Ultimo aggiornamento:26 set 2013 09:24:15 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of W32/Vobfus-DH include:

Example 1

File Information

Size
92K
SHA-1
027d1d4b1c70796a0e2ff4c871291a6962b542c6
MD5
e27ee773ed466c1df56b1b72ba0b91f3
CRC-32
504eb0a9
File type
Windows executable
First seen
2013-09-20

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    daiox
    c:\Documents and Settings\test user\daiox.exe /q
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
DNS Requests
  • ns1.backdate1.com
  • ns1.backupdate1.com
  • ns1.backupdate1.net
  • ns1.backupdate1.org
  • ns1.backupdate2.com
  • ns1.backupdate2.net
  • ns1.backupdate3.com
  • ns1.backupdate3.net
  • ns1.backupdate3.org
  • ns1.backupdate4.net

Example 2

File Information

Size
92K
SHA-1
04afd78a35756bc7e64feff224428620fb1ca465
MD5
61298221a2d23176ee825d93aaba06a2
CRC-32
135514ea
File type
Windows executable
First seen
2013-09-19

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    yxsip
    c:\Documents and Settings\test user\yxsip.exe /w
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
DNS Requests
  • ns1.backdate1.com
  • ns1.backupdate1.com
  • ns1.backupdate1.net
  • ns1.backupdate1.org
  • ns1.backupdate2.com
  • ns1.backupdate2.net
  • ns1.backupdate3.com
  • ns1.backupdate3.net
  • ns1.backupdate3.org
  • ns1.backupdate4.net

Example 3

File Information

Size
92K
SHA-1
04f9e3a825746b1be24e470b29c458fba79dd563
MD5
62412b6fe204d66f9e3a4136dc863656
CRC-32
c59c19d4
File type
Windows executable
First seen
2013-09-19

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    hioovem
    c:\Documents and Settings\test user\hioovem.exe /s
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
DNS Requests
  • ns1.backdate1.com
  • ns1.backupdate1.com
  • ns1.backupdate1.net
  • ns1.backupdate1.org
  • ns1.backupdate2.com
  • ns1.backupdate2.net
  • ns1.backupdate3.com
  • ns1.backupdate3.net
  • ns1.backupdate3.org
  • ns1.backupdate4.net

scarica Prova gratuita dei prodotti Sophos
Scarica subito