Mal/Emotet-C

Kategorie: Viren und SpywareSchutz verfügbar seit:12 Okt 2018 21:44:42 (GMT)
Typ: Malicious behaviorZuletzt aktualisiert:12 Okt 2018 21:44:42 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Mal/Emotet-C include:

Example 1

File Information

Size
270K
SHA-1
2fe722919fa0ad13111e4a750a825467df6317ba
MD5
b1bc02c83131cfb51fa74ebf99292f2d
CRC-32
6d2da927
File type
Windows executable
First seen
2017-07-26

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    YipNingc
    c:\Documents and Settings\test user\Local Settings\Application Data\qcxbukal\yipningc.exe
  • HKLM\SOFTWARE\Microsoft\Security Center
    UacDisableNotify
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    jfghdug_ooetvtgk
    TRUE
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,,c:\Documents and Settings\test user\Local Settings\Application Data\qcxbukal\yipningc.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallOverride
    0x00000001
Processes Created
  • c:\docume~1\support\locals~1\temp\iehspwpi.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • atw82ye63ymdp.com
  • bekvfkxfh.com
  • caosusubld.com
  • google.com
  • grbjgfprk.com
  • mdofetubarhorbvauf.com
  • warylmiwgo.com
  • wwyreaohjbdyrajxif.com
  • xomeommdilsq.com
  • xxsmtenwak.com
  • ydchosmhwljjrq.com
  • ygqqaluei.com

Example 2

File Information

Size
212K
SHA-1
6e3eb60dd5eddd292b19128861a12df8d7e9fa91
MD5
3eb3576ebc6f4325a31a23ad69185c78
CRC-32
083bd72e
File type
Windows executable
First seen
2017-07-26

Runtime Analysis

Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ping.exe

Example 3

File Information

Size
450K
SHA-1
71283c3653a92cb3ee5ac7e1e7f92c115b7ac166
MD5
d3d93d9e5ee299c4f111f70fe5e1b0f0
CRC-32
836077f6
File type
Windows executable
First seen
2017-07-26