Troj/Dloadr-DGJ

Category: Viruses and SpywareProtection available since:22 Mar 2011 16:04:02 (GMT)
Type: TrojanLast Updated:22 Mar 2011 16:04:02 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Dloadr-DGJ exhibits the following characteristics:

File Information

Size
345K
SHA-1
a04a3846fb99beba76689e08b409cc3f812e3a89
MD5
5bc91ff6308160e1c5389ebf59d6f996
CRC-32
e0ed7854
File type
application/x-ms-dos-executable
First seen
2011-03-22

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\comprovativo782900000092220137.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\aa1.exe
    Size
    1.2M
    SHA-1
    00f18d31657972b3805c5a5e80009fd8b9dae64e
    MD5
    b809c066c69af7fdf1c9cdbd22e40100
    CRC-32
    efe133c3
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-22
  • c:\Documents and Settings\test user\Local Settings\Application Data\22.exe
    Size
    3.3M
    SHA-1
    2b811a3405bfdd3cd06041c8202a1215e24b516a
    MD5
    b937e373f5115e0a1be657ebfdd9015b
    CRC-32
    e62f2ce8
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-22
  • c:\Documents and Settings\test user\Local Settings\Application Data\v.txt
    Size
    74
    SHA-1
    779e4e8f1cdb4b76fe9034a31bc29859a55fbf08
    MD5
    506d65062203d2e565728e07bc23c838
    CRC-32
    1e00377b
    File type
    application/octet-stream
    First seen
    2011-03-22
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011032220110323
    CacheLimit
    0x00002000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011031420110321
    CacheLimit
    0x00002000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnlive
    c:\Documents and Settings\test user\Local Settings\Application Data\22.exe
Processes Created
  • c:\documents and settings\support\local settings\application data\comprovativo782900000092220137.exe
HTTP Requests
  • http://200.13.244.245/cw-assenda/bin/ru/contador.asp
  • http://70.43.40.116/PRISM/CSS/a.gif
  • http://70.43.40.116/PRISM/CSS/b.gif
  • http://70.43.40.116/PRISM/CSS/c.gif
  • http://71.41.50.46/images/comprovativo.html
  • http://www.bpi.pt/BPILOGO.GIF
  • http://www.colegiometas.com.br/hwid.ini
IP Connections
  • 200.13.244.245:80
  • 70.43.40.116:80
  • 71.41.50.46:80
DNS Requests
  • naturesunshinegt.com
  • www.bpi.pt
  • www.colegiometas.com.br