Mal/HerpBot-B

Category: Viruses and Spyware Protection available since:27 Mar 2012 20:34:09 (GMT)
Type: Malicious behavior Last Updated:27 Mar 2012 20:34:09 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/HerpBot-B include:

Example 1

File Information

Size
65K
SHA-1
63e1330a33985833f3553045439f940c6ff0287a
MD5
1c47a02523c13f36ee9b27ad6e8375b3
CRC-32
c407c1dc
File type
application/x-ms-dos-executable
First seen
2012-02-21

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Invader

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\gpresultl.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\7bfdc0d1-d5a3-4650-a36b-afe9d38c22ef
    Size
    388
    SHA-1
    a1c1741fdf9245a8fd113cfb1dd1d9f6b60e55dd
    MD5
    3c6a1dad7a3a7b6708f9365372ebe001
    CRC-32
    8dc43c06
    File type
    application/octet-stream
    First seen
    2012-03-27
  • c:\Documents and Settings\test user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\3310a4fa6cb9c60504498d7eea986fc2_26c19984-2a01-45b5-a7b3-a568af60c200
    Size
    50
    SHA-1
    cf7fffa410795cc2f7703755f0acd17b51a44ad7
    MD5
    45218adff3ea5bde8a8f61987f0f458b
    CRC-32
    a87a9dbc
    File type
    Unspecified binary - probably data
    First seen
    2010-08-30
Modified Files
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
Registry Keys Created
  • HKCU\Software\HSetting
    id
    12488
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    gpresultl
    "c:\Documents and Settings\test user\Application Data\gpresultl.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\gpresultl.exe
  • c:\windows\system32\verclsid.exe
DNS Requests
  • www.zeroxcode.net

Example 2

File Information

Size
68K
SHA-1
9637b34c6df5799217cfccc597e2daf8581ab172
MD5
8623b0d69fcc3a79f8ce8f39ec3b6b29
CRC-32
8c2a4f5d
File type
application/x-ms-dos-executable
First seen
2012-02-17

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\gpresultl.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\90e5575c-a2e1-4e81-8d59-8e5244dfb8ef
    Size
    388
    SHA-1
    14aa8b1d1bb90fb4e8563b57f5238468a14d4b32
    MD5
    63de915b740a0925c48f585f20fb1ae8
    CRC-32
    b1ac13c7
    File type
    application/octet-stream
    First seen
    2012-03-27
  • c:\Documents and Settings\test user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\3310a4fa6cb9c60504498d7eea986fc2_26c19984-2a01-45b5-a7b3-a568af60c200
    Size
    50
    SHA-1
    cf7fffa410795cc2f7703755f0acd17b51a44ad7
    MD5
    45218adff3ea5bde8a8f61987f0f458b
    CRC-32
    a87a9dbc
    File type
    Unspecified binary - probably data
    First seen
    2010-08-30
Modified Files
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
Registry Keys Created
  • HKCU\Software\HSetting
    id
    12488
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    gpresultl
    "c:\Documents and Settings\test user\Application Data\gpresultl.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\gpresultl.exe
DNS Requests
  • www.zeroxcode.net

Example 3

File Information

Size
103K
SHA-1
ae8a05accdc35870f2391a56aa3295052678e1d6
MD5
7fca2d39069ecc9ccb6d2eb7e317961c
CRC-32
ff9a9e52
File type
application/x-ms-dos-executable
First seen
2012-02-27

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\gpresultl.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\3310a4fa6cb9c60504498d7eea986fc2_26c19984-2a01-45b5-a7b3-a568af60c200
    Size
    50
    SHA-1
    cf7fffa410795cc2f7703755f0acd17b51a44ad7
    MD5
    45218adff3ea5bde8a8f61987f0f458b
    CRC-32
    a87a9dbc
    File type
    Unspecified binary - probably data
    First seen
    2010-08-30
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\44b8c700-562e-41da-ba46-283c0832cf63
    Size
    388
    SHA-1
    db9b723b8e52563ec3416622deb1622f19161581
    MD5
    d14d215fe5461d5642a8988ede0e70be
    CRC-32
    da47a004
    File type
    application/octet-stream
    First seen
    2012-03-27
Modified Files
  • %SYSTEM%\d3d9caps.dat
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
Registry Keys Created
  • HKCU\Software\Microsoft\Direct3D\MostRecentApplication
    Name
    gpresultl.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    gpresultl
    "c:\Documents and Settings\test user\Application Data\gpresultl.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\gpresultl.exe
DNS Requests
  • www.zeroxcode.net

download Try Sophos products for free
Download now