Mal/EncPk-AHC

    Category: Viruses and SpywareProtection available since:08 Oct 2012 02:15:06 (GMT)
    Type: Malicious behaviorLast Updated:08 Oct 2012 02:15:06 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Examples of Mal/EncPk-AHC include:

    Example 1

    File Information

    Size
    170K
    SHA-1
    bfc58a3e414c0328ff2bcc11d9f54fad51833c5c
    MD5
    81ee8229a08a55c871b2a7ee2afbca7f
    CRC-32
    0f25e759
    File type
    Windows executable
    First seen
    2007-06-18

    Example 2

    File Information

    Size
    145K
    SHA-1
    01a8478ae41e836746f339d3560fa64c9d6ae400
    MD5
    8f906d5e784854814f426bcf79c3e214
    CRC-32
    24d425b0
    File type
    Windows executable
    First seen
    2012-09-26

    Example 3

    File Information

    Size
    144K
    SHA-1
    077069ebaca1fb107c8691764baa8feaad1e5a0a
    MD5
    27c3ada8a2b99d8e96cacb99dd523ffc
    CRC-32
    45cf9b57
    File type
    Windows executable
    First seen
    2012-09-20

    Runtime Analysis

    Dropped Files
    • c:\Documents and Settings\test user\Start Menu\Programs\Startup\ctfmon.lnk
      Size
      990
      SHA-1
      cbcbc324b22af50651fdda452b331fab70f4f7f0
      MD5
      dc782004c021082ab8cd7d105bf5d909
      CRC-32
      bdb0b610
      File type
      Windows Shortcut file (.LNK)
      First seen
      2012-09-23
    • C:\Documents and Settings\All Users\Application Data\elpmas.pad
      Size
      80M
      SHA-1
      246de89d2ed9d5dc87eba5cfd60b5bc3f17b7e75
      MD5
      a3432c18104db21e7c72208aec4fe801
      CRC-32
      42edf458
      File type
      Unspecified binary - probably data
      First seen
      2012-09-23
    • C:\Documents and Settings\All Users\Application Data\lsass.exe
    Registry Keys Created
    • HKCU\Software\Microsoft\Internet Explorer\Main
      NoProtectedModeBanner
      0x00000001
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
      2500
      0x00000003
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
      2500
      0x00000003
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
      2500
      0x00000003
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
      2500
      0x00000003
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
      2500
      0x00000003
    Registry Keys Modified
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
      1609
      0x00000000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
      1609
      0x00000000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
      1609
      0x00000000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
      1609
      0x00000000
    IP Connections
    • 146.185.255.194:443
    DNS Requests
    • whatwillber.com

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection