Troj/Bckdr-RGU

Category: Viruses and SpywareProtection available since:13 Apr 2011 22:07:12 (GMT)
Type: TrojanLast Updated:13 Apr 2011 22:07:12 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Bckdr-RGU include:

Example 1

File Information

Size
61
SHA-1
5383ee2041d9b1be27231f681e4fc85fbd390b63
MD5
6ecef55b7ee2b240bd84c2b640e6e52f
CRC-32
21bbe2f8
File type
application/octet-stream
First seen
2011-04-11

Example 2

File Information

Size
46K
SHA-1
6f767bed459389a4c9def8a6098609eecbf3bee4
MD5
ac3bf341b2c148f20ae80349127ebfbc
CRC-32
78d3b960
File type
application/x-ms-dos-executable
First seen
2011-04-11

Other vendor detection

Avira
TR/Dropper.Gen

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\7em1.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFD709.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\MouseDriver.bat
    Size
    61
    SHA-1
    5383ee2041d9b1be27231f681e4fc85fbd390b63
    MD5
    6ecef55b7ee2b240bd84c2b640e6e52f
    CRC-32
    21bbe2f8
    File type
    application/octet-stream
    First seen
    2011-04-11
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\MouseDriver
    DisplayName
    MouseDriver
  • HKLM\SYSTEM\CurrentControlSet\Services\MouseDriver\Security
    Security
    01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    1ay9e1
    C:\DOCUME~1\support\LOCALS~1\Temp\7em1.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
Processes Created
  • c:\docume~1\support\locals~1\temp\7em1.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\grpconv.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
  • c:\windows\system32\rundll32.exe
  • c:\windows\system32\runonce.exe
  • c:\windows\system32\sc.exe
DNS Requests
  • w.perfectexe.com