Troj/Upatre-FM

Kategorie: Viren und Spyware Schutz verfügbar seit:26 Okt 2014 20:26:04 (GMT)
Typ: Trojan Zuletzt aktualisiert:26 Okt 2014 20:26:04 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Examples of Troj/Upatre-FM include:

Example 1

File Information

Size
20K
SHA-1
bac41464e858b1310969f51fcca4d89a76984678
MD5
3be39371138aa6c1ca87611defda96fd
CRC-32
8f84e9e3
File type
Windows executable
First seen
2014-09-25

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\paaph.exe
    Size
    88K
    SHA-1
    fa9376762402bc945c3bc2cedd7599184777da13
    MD5
    188445f0a1233c8bea8a209785412128
    CRC-32
    0cb63140
    File type
    Windows executable
    First seen
    2014-09-25
  • c:\Documents and Settings\test user\Local Settings\Temp\spzya.exe
    Size
    20K
    SHA-1
    6bcd555fb22a0c548fce46169157785386ce9267
    MD5
    26c8ed734327e01660c85946b778703b
    CRC-32
    a1700ab1
    File type
    Windows executable
    First seen
    2014-09-25
Registry Keys Created
  • HKCU\Software\AppDataLow
    {d42d0afb-3638-4326-b67b-b0cb954fba94}
    C:\DOCUME~1\support\LOCALS~1\Temp\paaph.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\paaph.exe
  • c:\docume~1\support\locals~1\temp\spzya.exe
  • c:\windows\system32\powercfg.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://-\x80L\x01\x03
  • http://helico.com/sites/att_418_add31.doc
IP Connections
  • 188.165.198.52:31809
DNS Requests
  • helico.com
  • shipfollow.org

Example 2

File Information

Size
20K
SHA-1
0151aa11d10d3a98bb6cec6f905ecef177538cc0
MD5
5980dd660690e221062a30fe3fac2583
CRC-32
cfcbe694
File type
Windows executable
First seen
2014-10-13

Example 3

File Information

Size
20K
SHA-1
0154940a37249b2a4593bd8144583ca8db78cf3c
MD5
668ba5e270ab679c925b85f54eb5ad67
CRC-32
344fb7b0
File type
Windows executable
First seen
2007-10-01