Sus/PDFJs-RE

    Kategorie: Verdächtiges Verhalten und verdächtige DateienSchutz verfügbar seit:04 Apr 2011 15:30:31 (GMT)
    Typ: Suspicious fileZuletzt aktualisiert:24 Dez 2012 10:00:15 (GMT)

    Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

    Examples of Sus/PDFJs-RE include:

    Example 1

    File Information

    Size
    73K
    SHA-1
    0ecbdda3faaae2ffd00312036232703fee6bf63f
    MD5
    01b61a7a82e8a6db894840f68bee8f0d
    CRC-32
    02ee9955
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2011-04-01

    Runtime Analysis

    Dropped Files
    • c:\Documents and Settings\test user\Local Settings\Temp\AcrA990.tmp
      Size
      358
      SHA-1
      e3cca8f39b205b327abbd62cbdd5d3a7d885bae2
      MD5
      2f41e0bf5df118d5e8f133f061217e2c
      CRC-32
      63719f1e
      File type
      Adobe Portable Document Format
      First seen
      2011-04-04
    Processes Created
    • c:\program files\adobe\reader 8.0\reader\acrord32.exe
    HTTP Requests
    • http://zkp2.cz.cc/y/l.php
    DNS Requests
    • zkp2.cz.cc

    Example 2

    File Information

    Size
    73K
    SHA-1
    220ab788e4320545dc6e3e82d731874d06d8c88c
    MD5
    a2a1168a66570ea25d194574eb31104c
    CRC-32
    c8032677
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2011-04-01

    Runtime Analysis

    Dropped Files
    • c:\Documents and Settings\test user\Application Data\Microsoft\Address Book\support.wab
      Size
      173K
      SHA-1
      634fc303fcdea758a75fb8b4eb2b8f6ef823e68f
      MD5
      b2918c2faf5fd69f905dc90c779bc7ba
      CRC-32
      7130ce53
      File type
      application/octet-stream
      First seen
      2011-04-01
    • c:\Documents and Settings\test user\Application Data\Yqiw\igumg.wuz
      Size
      1.7K
      SHA-1
      df99ce109a11c63309ddb0cbd219ec77a6659c3c
      MD5
      533eb2711b6c34f6dbd0b4902e806b6e
      CRC-32
      1b99c60e
      File type
      application/octet-stream
      First seen
      2011-04-01
    • c:\Documents and Settings\test user\Local Settings\Temp\AcrF06D.tmp
      Size
      358
      SHA-1
      7fd63653e93592c661426e073d6875006bc4afba
      MD5
      76538aa460f9440e6e0ef7e03b0ee68a
      CRC-32
      370848ee
      File type
      application/pdf
      First seen
      2011-04-01
    • c:\Documents and Settings\test user\Application Data\Hivo\myev.exe
      Size
      179K
      SHA-1
      3926e10753ecb0df00d89ea91f1d47690dc4d56e
      MD5
      0aed07d945a277d8e536daf2dab370c3
      CRC-32
      07ef8c3d
      File type
      application/x-ms-dos-executable
      First seen
      2011-04-01
    Registry Keys Created
    • HKCU\Software\Microsoft\Internet Account Manager
      Default LDAP Account
      Active Directory GC
    • HKCU\Software\Microsoft\Internet Account Manager\Accounts
      PreConfigVerNTDS
      0x00000001
    • HKCU\Software\Microsoft\WAB\WAB4
      OlkContactRefresh
      0x00000000
    • HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere
      LDAP Timeout
      0x0000003c
    • HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC
      LDAP Search Base
      NULL
    • HKCU\Software\Microsoft\Idvi
      Usewsou
      □□□□□□`□□□□□□v□pS□□□□□W□pU□0□□`□□□B□□□□□□□□3□□^□□□□□J□p/□ m□□□□□□□□□□p□□□w□□)□□□□□i□pS□□*□`□□p□□□□□□K□□□□□□□□R□□□□@□□`□□□□□□□□□□□0_□□□□0G□□C□□9□□□□0=□□/□`□□□□□□3□□□□□□□□□□@[□
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      {5DBAD8CF-32D6-B43B-5C4F-AB0CE0B626F9}
      "c:\Documents and Settings\test user\Application Data\Hivo\myev.exe"
    Registry Keys Modified
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
      1609
      0x00000000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
      1609
      0x00000000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
      1609
      0x00000000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
      1609
      0x00000000
    Processes Created
    • c:\Documents and Settings\test user\local settings\temporary internet files\content.ie5\l4kr7nrv\update[1].exe
    • c:\program files\adobe\reader 8.0\reader\acrord32.exe
    • c:\windows\system32\cmd.exe
    HTTP Requests
    • http://1ctg.cz.cc/y/l.php
    • http://lldhjgjvxmvwrok.net/news/
    • http://www.google.com/webhp
    • http://xivqedvpkssuujg.biz/news/
    • http://xnpnntknkfsnizo.biz/news/
    • http://xnpnntknkfsnizo.org/news/
    DNS Requests
    • 1ctg.cz.cc
    • lldhjgjvxmvwrok.net
    • www.google.com
    • xivqedvpkssuujg.biz
    • xnpnntknkfsnizo.biz
    • xnpnntknkfsnizo.org

    Example 3

    File Information

    Size
    73K
    SHA-1
    26deaf4a241395b893ab6129ba047feb18be3b62
    MD5
    2310df12fe03ac609c5698cdafef85fb
    CRC-32
    179c75e7
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2011-04-04

    Runtime Analysis

    Dropped Files
    • c:\Documents and Settings\test user\Local Settings\Temp\AcrA971.tmp
      Size
      358
      SHA-1
      5c888bdf8731733ba12eef09da0ab05089d5342d
      MD5
      ad3a8b53f65d3c1db5d24b81f3639058
      CRC-32
      c3c14e9d
      File type
      Adobe Portable Document Format
      First seen
      2011-04-04
    Processes Created
    • c:\program files\adobe\reader 8.0\reader\acrord32.exe

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Download Sophos Produkte kostenlos testen
    Jetzt downloaden