Troj/DotNet-F

Category: Viruses and Spyware Protection available since:17 Jan 2013 03:09:40 (GMT)
Type: Trojan Last Updated:19 Feb 2016 11:16:41 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/DotNet-F include:

Example 1

File Information

Size
399K
SHA-1
000c47fd91a04354e8c337b3cc7bae3fc4dc98dd
MD5
46c2f5369d7c7fae5d468e113efbe39f
CRC-32
f1b2d2d7
File type
Windows executable
First seen
2007-04-11

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\kamiz-tu-soule.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\supportlog.dat
  • c:\Documents and Settings\test user\Application Data\svchost.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\support7
  • c:\Documents and Settings\test user\Local Settings\Temp\support8
  • C:\WINDOWS\system32\Windows\svchost.exe
Registry Keys Created
  • HKCU\Software\kamiz
    NewGroup
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    Policies
    C:\WINDOWS\system32\Windows\svchost.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    explorer.exe
    c:\Documents and Settings\test user\Application Data\kamiz-tu-soule.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Policies
    C:\WINDOWS\system32\Windows\svchost.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    HKCU
    C:\WINDOWS\system32\Windows\svchost.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKLM
    C:\WINDOWS\system32\Windows\svchost.exe
Processes Created
  • c:\Documents and Settings\test user\application data\svchost.exe
  • c:\windows\system32\windows\svchost.exe
DNS Requests
  • kamize.no-ip.org

Example 2

File Information

Size
227K
SHA-1
0136cd05a7afcb498e844fb0abc24e923b18193b
MD5
5715dcbe5e7ebc54c3c95c74e24220e4
CRC-32
e953c3e4
File type
Windows executable
First seen
2012-02-18

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Java.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Logs
Registry Keys Created
  • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
    P9V7SS2L4E
    February 18, 2012
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Java
    c:\Documents and Settings\test user\Application Data\Java.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • 1adamlaw.zapto.org
  • 2adamlaw.zapto.org
  • adamlaw.zapto.org

Example 3

File Information

Size
931K
SHA-1
068bb8f62f2c4942adca8202d008d18999d57fcc
MD5
15ab323fbab59a291999a3eec8729034
CRC-32
f8585432
File type
Windows executable
First seen
2012-07-20

Runtime Analysis

Dropped Files
  • C:\MSDCSC\msdcsc.exe
Modified Files
  • %WINDOWS%\Microsoft.NET\Framework\v2.0.50727
    • Set the hidden and system flags
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MicroUpdate
    C:\MSDCSC\msdcsc.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\MSDCSC\msdcsc.exe
Processes Created
  • c:\msdcsc\msdcsc.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe

download Try Sophos products for free
Download now