Troj/Destover-C

Category: Viruses and Spyware Protection available since:03 Dec 2014 21:39:48 (GMT)
Type: Trojan Last Updated:20 Dec 2014 21:07:36 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Destover-C include:

Example 1

File Information

Size
263K
SHA-1
7e2561eb67a6ead09f727d98b71c01f18985bbb9
MD5
d1c27ee7ce18675974edf42d4eea25c6
CRC-32
808e39c0
File type
Windows executable
First seen
2014-12-03

Other vendor detection

Avira
TR/Agent.268579

Runtime Analysis

Dropped Files
  • C:\igfxtrayex.exe
    Size
    244K
    SHA-1
    1c66e67a8531e3ff1c64ae57e6edfde7bef2352d
    MD5
    760c35a80d758f032d02cf4db12d3e55
    CRC-32
    60ef4dd1
    File type
    Windows executable
    First seen
    2014-12-03
  • C:\WINDOWS\system32\net_ver.dat
    Size
    1.9K
    SHA-1
    aad89e25cf63bbbb87f5488349e37a57c9ee8539
    MD5
    7be38c8d7de88ec342b483efa8804810
    CRC-32
    bf957280
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-12-03
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\WinsSchMgmt\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\WinsSchMgmt\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\WinsSchMgmt
    FailureActions
    □Q□□□□□□□□□□□□□□□□0□□□□□□□□0□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\brmgmtsvc\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\brmgmtsvc\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\brmgmtsvc
    FailureActions
    □Q□□□□□□□□□□□□□□□□0□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Processes Created
  • c:\igfxtrayex.exe
IP Connections
  • 172.21.40.161:139
  • 172.21.40.161:445
  • 43.130.141.100:139
  • 43.130.141.100:445
  • 43.130.141.101:139
  • 43.130.141.101:445
  • 43.130.141.102:139
  • 43.130.141.102:445
  • 43.130.141.103:139
  • 43.130.141.103:445
  • 43.130.141.105:139
  • 43.130.141.105:445
  • 43.130.141.107:139
  • 43.130.141.107:445
  • 43.130.141.108:139
  • 43.130.141.108:445
  • 43.130.141.109:139
  • 43.130.141.109:445
  • 43.130.141.115:139
  • 43.130.141.115:445
  • 43.130.141.11:139
  • 43.130.141.11:445
  • 43.130.141.124:139
  • 43.130.141.124:445
  • 43.130.141.125:139
  • 43.130.141.125:445
  • 43.130.141.13:139
  • 43.130.141.13:445
  • 43.130.141.14:445
  • 43.130.141.20:139
  • 43.130.141.20:445
  • 43.130.141.21:139
  • 43.130.141.21:445
  • 43.130.141.22:139
  • 43.130.141.22:445
  • 43.130.141.23:139
  • 43.130.141.23:445
  • 43.130.141.24:139
  • 43.130.141.24:445
  • 43.130.141.28:139
  • 43.130.141.28:445
  • 43.130.141.30:445
  • 43.130.141.42:139
  • 43.130.141.42:445
  • 43.130.141.71:139
  • 43.130.141.71:445
  • 43.130.141.72:139
  • 43.130.141.72:445
  • 43.130.141.74:139
  • 43.130.141.74:445
  • 43.130.141.75:139
  • 43.130.141.75:445
  • 43.130.141.76:139
  • 43.130.141.76:445
  • 43.130.141.77:139
  • 43.130.141.77:445
  • 43.130.141.78:139
  • 43.130.141.78:445
  • 43.130.141.79:139
  • 43.130.141.79:445
  • 43.130.141.80:139
  • 43.130.141.80:445
  • 43.130.141.83:139
  • 43.130.141.83:445
  • 43.130.141.84:139
  • 43.130.141.84:445
  • 43.130.141.85:139
  • 43.130.141.85:445
  • 43.130.141.86:139
  • 43.130.141.86:445
  • 43.130.141.87:139
  • 43.130.141.87:445
  • 43.130.141.88:139
  • 43.130.141.88:445
  • 43.130.141.90:139
  • 43.130.141.90:445
  • 43.130.141.92:139
  • 43.130.141.92:445
  • 43.130.141.93:139
  • 43.130.141.93:445
  • 43.130.141.94:139
  • 43.130.141.94:445
  • 43.130.141.98:139
  • 43.130.141.98:445
  • 43.130.141.99:445

Example 2

File Information

Size
64K
SHA-1
144db769798eda8c0aed79a700e756a60890e2a6
MD5
4f8c6a83d2bee4b0f41a74085dce1d5d
CRC-32
5a73a090
File type
Windows executable
First seen
2014-12-10