Troj/DBotMem-B

Category: Viruses and Spyware Protection available since:13 Mar 2012 16:58:05 (GMT)
Type: Trojan Last Updated:18 Nov 2015 04:47:34 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/DBotMem-B include:

Example 1

File Information

Size
300K
SHA-1
04219d3e0a228b49b4f6b6aca9052c12e880bbfc
MD5
44b4f8e446c14762b95f1d2bb7b26202
CRC-32
73e40a45
File type
Windows executable
First seen
2015-06-21

Runtime Analysis

Copies Itself To
  • F:/SItSSrX.exe
  • c:\Documents and Settings\test user\Application Data\Update\Explorer.exe
  • c:\Documents and Settings\test user\Application Data\Update\Update.exe
  • c:\Documents and Settings\test user\Application Data\WindowsUpdate\Updater.exe
  • c:\Documents and Settings\test user\Application Data\c731200
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Update Installer
    c:\Documents and Settings\test user\Application Data\WindowsUpdate\Updater.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Taskman
    c:\Documents and Settings\test user\Application Data\WindowsUpdate\Updater.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
Processes Created
  • c:\windows\system32\calc.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://api.wipmania.com/
DNS Requests
  • api.wipmania.com
  • n.jntbxduhz.ru
  • n.lotys.ru

Example 2

File Information

Size
161K
SHA-1
08a6ac1488803ee7e6eb257d54fcd0aef6978f55
MD5
acf5e4494f06e12a48ea62f520e8cbb9
CRC-32
6db9531e
File type
Windows executable
First seen
2013-09-17

Runtime Analysis

Copies Itself To
  • F:/SItSSrXMSDaXfgM.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
HTTP Requests
  • http://api.wipmania.com/
  • http://app.wipmania.net/icon/n.api
DNS Requests
  • api.wipmania.com
  • app.wipmania.net
  • h.k211128.com

Example 3

File Information

Size
111K
SHA-1
090e7c693dd705c328c6797dbd5c4cd86d9d862f
MD5
3085d88529ac71899c54c58b6259dc32
CRC-32
6e328aaf
File type
Windows executable
First seen
2013-12-09

Runtime Analysis

Copies Itself To
  • F:/SItSSrXMSDaXfgM.exe
  • c:\Documents and Settings\test user\Application Data\c731200
  • c:\Documents and Settings\test user\Local Settings\Temp\Adobe\Reader_sl.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\c731200
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Adobe System Incorporated
    C:\DOCUME~1\support\LOCALS~1\Temp\Adobe\Reader_sl.exe
Processes Created
  • c:\windows\system32\calc.exe
  • c:\windows\system32\charmap.exe
  • c:\windows\system32\notepad.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://api.wipmania.com/
DNS Requests
  • a.adoyou1understandme42.com
  • a.aiphon1egalaxyblack42.com
  • a.ajjjqws1fkxx42.com
  • a.amous1epadsafa42.com
  • api.wipmania.com

download Try Sophos products for free
Download now