Troj/Badur-S

Category: Viruses and SpywareProtection available since:29 Jan 2016 21:54:26 (GMT)
Type: TrojanLast Updated:29 Jan 2016 21:54:26 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Badur-S exhibits the following characteristics:

File Information

Size
192K
SHA-1
626907bbd0417fa4b5be037d8d063332a498c001
MD5
8c3c3db06b85db77ac684547f9e6704c
CRC-32
19b9c111
File type
Windows executable
First seen
2015-08-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\nuocebipcotn.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\c5d8393293ce2ba62f117b2c2d55bc3e_26c19984-2a01-45b5-a7b3-a568af60c200
    Size
    1.3K
    SHA-1
    f520e2b8c42da9b231859b37d8e3cad1f6108967
    MD5
    35b35e99b1aa11be35e64588f2810173
    CRC-32
    f1b5accf
    File type
    Unspecified binary - probably data
    First seen
    2016-01-29
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\3eb6fc90-f7e7-45f0-af76-0580d956e9ca
    Size
    388
    SHA-1
    ac78a88f5c7f5990d91e644c32fdaa1360a1618a
    MD5
    b63f22185c4a75347c61d292f6ffde41
    CRC-32
    eeafd1c1
    File type
    Unspecified binary - probably data
    First seen
    2016-01-29
Modified Files
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
Registry Keys Created
  • HKCU\Software\Yscaonwuyesng
    nuocebipcotnLunfazkuje
    □!□ v□p□□□□□P□□□□□0□□□]□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    nuocebipcotn
    c:\Documents and Settings\test user\nuocebipcotn.exe
DNS Requests
  • www.2print.com
  • www.abdg.com
  • www.cel-cpa.com
  • www.com-sit.com
  • www.dayvo.com
  • www.dgmna.com
  • www.ex-olive.com
  • www.findbc.com
  • www.fink.com
  • www.ftchat.com
  • www.holleman.us
  • www.item-pr.com
  • www.jacomfg.com
  • www.jroy.net
  • www.medius.si
  • www.mqs.com.br
  • www.naoi-a.com
  • www.nelipak.nl
  • www.nunomira.com
  • www.olras.com
  • www.ora.ecnet.jp
  • www.owsports.ca
  • www.pb-games.com
  • www.petsfan.com
  • www.quadlock.com
  • www.stnic.co.uk
  • www.udesign.biz
  • www.usadig.com
  • www.valdal.com
  • www.waldi.pl
  • www.xaicom.es
  • www.yocinc.org
  • www.yoruksut.com