Examples of Troj/DwnLdr-KIB include:
Example 1
File Information
- Size
- 19K
- SHA-1
- 355dbeaec49eab2e208e9d14095e3dabc1845b93
- MD5
- 4da3d848f044d8313130f94ac5aefcb4
- CRC-32
- 67577518
- File type
- Windows executable
- First seen
- 2012-10-18
Runtime Analysis
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- winlogon
- c:\Documents and Settings\test user\Application Data\srvsms\wgastart.exe
HTTP Requests
- http://www.limperonline.com.br/RWLD/cc/exe1.exe
DNS Requests
Example 2
File Information
- Size
- 81K
- SHA-1
- ae4fc5ddbde10de746fc5829068abeef7c5fefad
- MD5
- 9f63c83a9fad2d8ff845424eb079d3f9
- CRC-32
- cfdb5c31
- File type
- Windows executable
- First seen
- 2012-10-26
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\driver\ns3.exe
- Size
- 18K
- SHA-1
- 435788641234b9f82858480341dcf1778f8d9d6c
- MD5
- 3e8d60745ac4d5e0d81ed0a384aaf44e
- CRC-32
- 3a42dee2
- File type
- Windows executable
- First seen
- 2012-10-26
- c:\Documents and Settings\test user\Application Data\srvsms\klsanta.cpl
- Size
- 135K
- SHA-1
- 04a036aa7c9ea34901fd629c729376e29d6fac3c
- MD5
- 4dfdd7a337ff76f901e5baa3476eff71
- CRC-32
- 8c1774f3
- File type
- Windows executable
- First seen
- 2012-10-26
- c:\Documents and Settings\test user\Application Data\nsbit\bitcoinminercuda_10.cubin
- Size
- 49K
- SHA-1
- 913ad27e4855480626666e9823fdd2c9a6735c23
- MD5
- c368aaaf1dc69a1c5f1f4603355c941e
- CRC-32
- dc10e5a7
- File type
- Executable and Linkable Format (ELF)
- First seen
- 2011-05-26
- c:\Documents and Settings\test user\Application Data\nsbit\bitcoinminercuda_11.cubin
- Size
- 49K
- SHA-1
- 97a3bf87b57e4c52af9369cb9fd5c2039331db75
- MD5
- 60c2de14c26e28911d3d0e44d8c180c1
- CRC-32
- 955ab7ec
- File type
- Executable and Linkable Format (ELF)
- First seen
- 2011-05-26
- c:\Documents and Settings\test user\Application Data\nsbit\bitcoinminercuda_20.cubin
- Size
- 43K
- SHA-1
- 170b8be2a492886ba7ae553cca9bb1fb142cd14b
- MD5
- 200fb758f88ad092801b77d688a81007
- CRC-32
- b99f4ef7
- File type
- Executable and Linkable Format (ELF)
- First seen
- 2011-05-26
- c:\Documents and Settings\test user\Application Data\srvsms\winuac.exe
- Size
- 1.9M
- SHA-1
- 45fd38507549c403db3abe87a74235607f94661d
- MD5
- 580b5ac1deb965d3c643f508ee7b9d47
- CRC-32
- 486e0d07
- File type
- Windows executable
- First seen
- 2012-10-18
- c:\Documents and Settings\test user\Application Data\nsbit\bitcoinmineropencl.cl
- Size
- 9.8K
- SHA-1
- cf132bb2c6ae3abd439cad46aa025d95f166b372
- MD5
- e413816918d912fa44ccbe21673108e0
- CRC-32
- 4efbd8a8
- File type
- ASCII text / 8-bit Unicode Transformation Format
- First seen
- 2011-05-26
- c:\Documents and Settings\test user\Application Data\nsbit\curllib.dll
- c:\Documents and Settings\test user\Application Data\nsbit\cudart32_32_16.dll
- Size
- 376K
- SHA-1
- 28942b81b7517d1ce14d855ee7a1a52397bcad8a
- MD5
- fc2e03aa5442624ad53665aaf8960c8c
- CRC-32
- 3b0df08b
- File type
- Windows executable
- First seen
- 2011-02-24
- c:\Documents and Settings\test user\Application Data\srvsms\wgastart.exe
- Size
- 19K
- SHA-1
- 355dbeaec49eab2e208e9d14095e3dabc1845b93
- MD5
- 4da3d848f044d8313130f94ac5aefcb4
- CRC-32
- 67577518
- File type
- Windows executable
- First seen
- 2012-10-18
- c:\Documents and Settings\test user\Application Data\srvsms\klx.exe
- Size
- 21K
- SHA-1
- d53aa700fa392250736a368dab60e058da9a16ef
- MD5
- 48a861fbcd1bba0117df26cb0f0d20b0
- CRC-32
- 7c900ceb
- File type
- Windows executable
- First seen
- 2012-10-26
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- winlogon
- c:\Documents and Settings\test user\Application Data\srvsms\wgastart.exe
Processes Created
- c:\Documents and Settings\test user\application data\driver\ns3.exe
- c:\Documents and Settings\test user\application data\srvsms\klx.exe
- c:\Documents and Settings\test user\application data\srvsms\wgastart.exe
- c:\windows\system32\rundll32.exe
HTTP Requests
- http://ada95.de//modules/mod_acepolls/yessss.pics.cpl
- http://restauraciaberehovo.sk/images/Alertantv.jpg
- http://restauraciaberehovo.sk/images/loadns.jpg
- http://www.kai-schlebusch.de//modules/mod_acepolls/yesss.pics.exe
- http://www.limperonline.com.br/RWLD/cc/exe2.exe
- http://www.limperonline.com.br/RWLD/cc/klx.exe
- http://www.limperonline.com.br/RWLD/cc/start1.exe
- http://www.limperonline.com.br/RWLD/exe/minner/bitcoinminercuda_10.cubin
- http://www.limperonline.com.br/RWLD/exe/minner/bitcoinminercuda_11.cubin
- http://www.limperonline.com.br/RWLD/exe/minner/bitcoinminercuda_20.cubin
- http://www.limperonline.com.br/RWLD/exe/minner/bitcoinmineropencl.cl
- http://www.limperonline.com.br/RWLD/exe/minner/cudart32_32_16.dll
- http://www.limperonline.com.br/RWLD/exe/minner/curllib.dll
- http://www.limperonline.com.br/RWLD/exe/minner/libeay32.dll
- http://www.limperonline.com.br/RWLD/exe/minner/libsasl.dll
- http://www.limperonline.com.br/RWLD/exe/minner/minerador.exe
- http://www.limperonline.com.br/RWLD/exe/minner/openldap.dll
- http://www.limperonline.com.br/RWLD/exe/minner/rpcminer-4way.exe
- http://www.limperonline.com.br/RWLD/exe/minner/rpcminer-cpu.exe
- http://www.limperonline.com.br/RWLD/exe/minner/rpcminer-cuda.exe
- http://www.limperonline.com.br/RWLD/exe/minner/rpcminer-opencl.exe
- http://www.limperonline.com.br/RWLD/exe/minner/ssleay32.dll
DNS Requests
- ada95.de
- restauraciaberehovo.sk
- www.kai-schlebusch.de
- www.limperonline.com.br
Example 3
File Information
- Size
- 21K
- SHA-1
- d53aa700fa392250736a368dab60e058da9a16ef
- MD5
- 48a861fbcd1bba0117df26cb0f0d20b0
- CRC-32
- 7c900ceb
- File type
- Windows executable
- First seen
- 2012-10-26
Runtime Analysis
HTTP Requests
- http://www.limperonline.com.br/RWLD/exe/minner/bitcoinminercuda_10.cubin
DNS Requests