Mal/EncPk-ADE

Category: Viruses and SpywareProtection available since:02 Mar 2012 20:25:24 (GMT)
Type: Malicious behaviorLast Updated:25 Apr 2012 02:50:28 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/EncPk-ADE include:

Example 1

File Information

Size
177K
SHA-1
00155bcfd2fdad75d6527638af9c72ddb2bf2ff3
MD5
abb53953cb8b943917f89528c85cee32
CRC-32
2d49a974
File type
application/x-ms-dos-executable
First seen
2011-02-22

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\mgking.exe
Dropped Files
  • C:\WINDOWS\system32\mgking0.dll
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    king_mg
    C:\WINDOWS\system32\mgking.exe
Processes Created
  • c:\windows\explorer.exe

Example 2

File Information

Size
177K
SHA-1
002217bae43780a6feecc9abe8fc455e9b972495
MD5
c126319b7622bfe43c73ce0f1bb7308b
CRC-32
5e388c92
File type
application/x-ms-dos-executable
First seen
2012-01-09

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\mgking.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\mgking0.dll
    Size
    101K
    SHA-1
    b3a7de465a1c8dbb80dc618180b4f32cffc404d2
    MD5
    6f381fa31562116f09d5e28f88e9659f
    CRC-32
    f9744c13
    File type
    Windows executable
    First seen
    2010-11-02
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    king_mg
    C:\DOCUME~1\support\LOCALS~1\Temp\mgking.exe
Processes Created
  • c:\windows\explorer.exe

Example 3

File Information

Size
200K
SHA-1
006494ff3827423f3434b94d8285bf79b9668313
MD5
e75367e480b6f3f56523d88651285dde
CRC-32
5902f256
File type
Windows executable
First seen
2011-01-19

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\LO0Cvkl.exe
Dropped Files
  • C:\WINDOWS\system32\LO0Cvkl20.dll
    Size
    87K
    SHA-1
    4402886ddeb8366436232732d9b95be3cfee841a
    MD5
    5ab9fa06ea87e20ffe90ae30b664fb52
    CRC-32
    c12bde42
    File type
    Windows executable
    First seen
    2011-01-17
  • C:\WINDOWS\system32\LO0Cvkl10.dll
    Size
    81K
    SHA-1
    395f4bdd1820782adf92efcb9a8973e9d029682d
    MD5
    696c437f23769cb979ded6cefe3ebe60
    CRC-32
    2b453dba
    File type
    Windows executable
    First seen
    2011-01-17
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    LO0Cvkl
    C:\WINDOWS\system32\LO0Cvkl.exe
Processes Created
  • c:\windows\explorer.exe
  • c:\windows\system32\regsvr32.exe