Troj/Dloadr-DGJ

    Category: Viruses and SpywareProtection available since:22 Mar 2011 16:04:02 (GMT)
    Type: TrojanLast Updated:22 Mar 2011 16:04:02 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Troj/Dloadr-DGJ exhibits the following characteristics:

    File Information

    Size
    345K
    SHA-1
    a04a3846fb99beba76689e08b409cc3f812e3a89
    MD5
    5bc91ff6308160e1c5389ebf59d6f996
    CRC-32
    e0ed7854
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-22

    Runtime Analysis

    Copies Itself To
    • c:\Documents and Settings\test user\Local Settings\Application Data\comprovativo782900000092220137.exe
    Dropped Files
    • c:\Documents and Settings\test user\Local Settings\Application Data\aa1.exe
      Size
      1.2M
      SHA-1
      00f18d31657972b3805c5a5e80009fd8b9dae64e
      MD5
      b809c066c69af7fdf1c9cdbd22e40100
      CRC-32
      efe133c3
      File type
      application/x-ms-dos-executable
      First seen
      2011-03-22
    • c:\Documents and Settings\test user\Local Settings\Application Data\22.exe
      Size
      3.3M
      SHA-1
      2b811a3405bfdd3cd06041c8202a1215e24b516a
      MD5
      b937e373f5115e0a1be657ebfdd9015b
      CRC-32
      e62f2ce8
      File type
      application/x-ms-dos-executable
      First seen
      2011-03-22
    • c:\Documents and Settings\test user\Local Settings\Application Data\v.txt
      Size
      74
      SHA-1
      779e4e8f1cdb4b76fe9034a31bc29859a55fbf08
      MD5
      506d65062203d2e565728e07bc23c838
      CRC-32
      1e00377b
      File type
      application/octet-stream
      First seen
      2011-03-22
    Registry Keys Created
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011032220110323
      CacheLimit
      0x00002000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011031420110321
      CacheLimit
      0x00002000
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      msnlive
      c:\Documents and Settings\test user\Local Settings\Application Data\22.exe
    Processes Created
    • c:\documents and settings\support\local settings\application data\comprovativo782900000092220137.exe
    HTTP Requests
    • http://200.13.244.245/cw-assenda/bin/ru/contador.asp
    • http://70.43.40.116/PRISM/CSS/a.gif
    • http://70.43.40.116/PRISM/CSS/b.gif
    • http://70.43.40.116/PRISM/CSS/c.gif
    • http://71.41.50.46/images/comprovativo.html
    • http://www.bpi.pt/BPILOGO.GIF
    • http://www.colegiometas.com.br/hwid.ini
    IP Connections
    • 200.13.244.245:80
    • 70.43.40.116:80
    • 71.41.50.46:80
    DNS Requests
    • naturesunshinegt.com
    • www.bpi.pt
    • www.colegiometas.com.br

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection