Mal/Vakooja-B

Category: Viruses and Spyware Protection available since:17 Mar 2011 12:15:32 (GMT)
Type: Malicious behavior Last Updated:17 Mar 2011 12:15:32 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Vakooja-B include:

Example 1

File Information

Size
40K
SHA-1
15ae9852b49e59bff9938d2cac2665df47941ff9
MD5
793362134654c15c2fafcedc307efa71
CRC-32
91b8c94c
File type
application/x-ms-dos-executable
First seen
2010-12-22

Other vendor detection

Avira
TR/VB.Downloader.Gen
Kaspersky
Trojan-Banker.Win32.Banker.aoxf

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    iexplore.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011031720110318
    CacheOptions
    0x0000000b
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    svhost
    C:\MessengerPlus\wmplayer.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x48025225
HTTP Requests
  • http://s.ytimg.com/yt/cssbin/www-feather-vflKVb8yj.css
  • http://s.ytimg.com/yt/cssbin/www-feather_ie-vflRHHOQ7.css
  • http://s.ytimg.com/yt/img/browsers-vflEIu6dD.jpg
  • http://s.ytimg.com/yt/img/feather_sprite-vflj_pgEa.png
  • http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif
  • http://s.ytimg.com/yt/imgbin/www-master-vflu518Fu.png
  • http://s.ytimg.com/yt/jsbin/www-feather-vflDAMhq0.js
  • http://s.ytimg.com/yt/swfbin/watch_as3-vflFkxRDW.swf
  • http://www.youtube.com/watch
DNS Requests
  • s.ytimg.com
  • www.youtube.com

Example 2

File Information

Size
100K
SHA-1
8f6b52d91b98fefad3e65de0484540aff8ed0884
MD5
17bd636e99bf7fa610776222da5c04c7
CRC-32
7477210d
File type
application/x-ms-dos-executable
First seen
2010-11-02

Other vendor detection

Avira
TR/VB.Downloader.Gen
Kaspersky
Trojan-Banker.Win32.Agent.ix

Runtime Analysis

Registry Keys Created
  • HKCU\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default
    (Default)
  • HKCU\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default
    (Default)
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MSMSGS
    "C:\Program Files\Messenger\msmsgs.exe" /background
Processes Created
  • c:\program files\messenger\msmsgs.exe

Example 3

Other vendor detection

Avira
TR/VB.Downloader.Gen
Kaspersky
Trojan-Banker.Win32.Banker.anql

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    svhost
    C:\MessengerPlus\wmplayer.exe
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    iexplore.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x48025225
HTTP Requests
  • http://s.ytimg.com/yt/cssbin/www-core-vfll8nFx1.css
  • http://s.ytimg.com/yt/img/meh-vflQF1ybI.png
  • http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif
  • http://s.ytimg.com/yt/imgbin/www-master-vflu518Fu.png
  • http://s.ytimg.com/yt/jsbin/www-core-vfl_1AQ5n.js
  • http://www.youtube.com/watch
DNS Requests
  • s.ytimg.com
  • www.youtube.com

download Try Sophos products for free
Download now