Troj/Dorkbot-KP

Category: Viruses and SpywareProtection available since:14 Jan 2016 07:19:36 (GMT)
Type: TrojanLast Updated:15 Jan 2016 02:29:42 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Dorkbot-KP include:

Example 1

File Information

Size
253K
SHA-1
048b050a388f50ca4fad095487a0cf64a3e86e3b
MD5
655b5fde457b46bf6d11a0f041e3199f
CRC-32
08515b05
File type
Windows executable
First seen
2015-11-26

Runtime Analysis

Copies Itself To
  • C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186117711\djSaS011arbaaaa1za13a1.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    djSaS011arbaaa1za13a1
    c:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186117711\djSaS011arbaaaa1za13a1.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    djSaS011arbaaa1za13a1
    c:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186117711\djSaS011arbaaaa1za13a1.exe
IP Connections
  • 109.236.88.13:6600

Example 2

File Information

Size
290K
SHA-1
09788022cfa4482967853f52a5deefd60be0dafb
MD5
c33f12690dbf018dd2a9d30cdd7847bd
CRC-32
8310d477
File type
Windows executable
First seen
2015-11-18

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\WindowsUpdate\Live.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\temp41.tmp
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Live Installer
    c:\Documents and Settings\test user\Application Data\WindowsUpdate\Live.exe

Example 3

File Information

Size
252K
SHA-1
35d6398f3e3d61cc6e3cd81b7ca6dbbdf6b45508
MD5
69a2fe45dc213e76d203720264835119
CRC-32
61be347e
File type
Windows executable
First seen
2015-11-27

Runtime Analysis

Copies Itself To
  • C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arhaaaa.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    KdjSaS011arhaaa
    c:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arhaaaa.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    KdjSaS011arhaaa
    c:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-18611771\KdjSaS011arhaaaa.exe
IP Connections
  • 178.19.109.197:6600