Troj/DwnLdr-KIB

Category: Viruses and SpywareProtection available since:26 Oct 2012 03:48:56 (GMT)
Type: TrojanLast Updated:15 Jan 2013 07:25:40 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/DwnLdr-KIB include:

Example 1

File Information

Size
19K
SHA-1
355dbeaec49eab2e208e9d14095e3dabc1845b93
MD5
4da3d848f044d8313130f94ac5aefcb4
CRC-32
67577518
File type
Windows executable
First seen
2012-10-18

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    winlogon
    c:\Documents and Settings\test user\Application Data\srvsms\wgastart.exe
HTTP Requests
  • http://www.limperonline.com.br/RWLD/cc/exe1.exe
DNS Requests
  • www.limperonline.com.br

Example 2

File Information

Size
81K
SHA-1
ae4fc5ddbde10de746fc5829068abeef7c5fefad
MD5
9f63c83a9fad2d8ff845424eb079d3f9
CRC-32
cfdb5c31
File type
Windows executable
First seen
2012-10-26

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\driver\ns3.exe
    Size
    18K
    SHA-1
    435788641234b9f82858480341dcf1778f8d9d6c
    MD5
    3e8d60745ac4d5e0d81ed0a384aaf44e
    CRC-32
    3a42dee2
    File type
    Windows executable
    First seen
    2012-10-26
  • c:\Documents and Settings\test user\Application Data\srvsms\klsanta.cpl
    Size
    135K
    SHA-1
    04a036aa7c9ea34901fd629c729376e29d6fac3c
    MD5
    4dfdd7a337ff76f901e5baa3476eff71
    CRC-32
    8c1774f3
    File type
    Windows executable
    First seen
    2012-10-26
  • c:\Documents and Settings\test user\Application Data\nsbit\bitcoinminercuda_10.cubin
    Size
    49K
    SHA-1
    913ad27e4855480626666e9823fdd2c9a6735c23
    MD5
    c368aaaf1dc69a1c5f1f4603355c941e
    CRC-32
    dc10e5a7
    File type
    Executable and Linkable Format (ELF)
    First seen
    2011-05-26
  • c:\Documents and Settings\test user\Application Data\nsbit\bitcoinminercuda_11.cubin
    Size
    49K
    SHA-1
    97a3bf87b57e4c52af9369cb9fd5c2039331db75
    MD5
    60c2de14c26e28911d3d0e44d8c180c1
    CRC-32
    955ab7ec
    File type
    Executable and Linkable Format (ELF)
    First seen
    2011-05-26
  • c:\Documents and Settings\test user\Application Data\nsbit\bitcoinminercuda_20.cubin
    Size
    43K
    SHA-1
    170b8be2a492886ba7ae553cca9bb1fb142cd14b
    MD5
    200fb758f88ad092801b77d688a81007
    CRC-32
    b99f4ef7
    File type
    Executable and Linkable Format (ELF)
    First seen
    2011-05-26
  • c:\Documents and Settings\test user\Application Data\srvsms\winuac.exe
    Size
    1.9M
    SHA-1
    45fd38507549c403db3abe87a74235607f94661d
    MD5
    580b5ac1deb965d3c643f508ee7b9d47
    CRC-32
    486e0d07
    File type
    Windows executable
    First seen
    2012-10-18
  • c:\Documents and Settings\test user\Application Data\nsbit\bitcoinmineropencl.cl
    Size
    9.8K
    SHA-1
    cf132bb2c6ae3abd439cad46aa025d95f166b372
    MD5
    e413816918d912fa44ccbe21673108e0
    CRC-32
    4efbd8a8
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2011-05-26
  • c:\Documents and Settings\test user\Application Data\nsbit\curllib.dll
  • c:\Documents and Settings\test user\Application Data\nsbit\cudart32_32_16.dll
    Size
    376K
    SHA-1
    28942b81b7517d1ce14d855ee7a1a52397bcad8a
    MD5
    fc2e03aa5442624ad53665aaf8960c8c
    CRC-32
    3b0df08b
    File type
    Windows executable
    First seen
    2011-02-24
  • c:\Documents and Settings\test user\Application Data\srvsms\wgastart.exe
    Size
    19K
    SHA-1
    355dbeaec49eab2e208e9d14095e3dabc1845b93
    MD5
    4da3d848f044d8313130f94ac5aefcb4
    CRC-32
    67577518
    File type
    Windows executable
    First seen
    2012-10-18
  • c:\Documents and Settings\test user\Application Data\srvsms\klx.exe
    Size
    21K
    SHA-1
    d53aa700fa392250736a368dab60e058da9a16ef
    MD5
    48a861fbcd1bba0117df26cb0f0d20b0
    CRC-32
    7c900ceb
    File type
    Windows executable
    First seen
    2012-10-26
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    winlogon
    c:\Documents and Settings\test user\Application Data\srvsms\wgastart.exe
Processes Created
  • c:\Documents and Settings\test user\application data\driver\ns3.exe
  • c:\Documents and Settings\test user\application data\srvsms\klx.exe
  • c:\Documents and Settings\test user\application data\srvsms\wgastart.exe
  • c:\windows\system32\rundll32.exe
HTTP Requests
  • http://ada95.de//modules/mod_acepolls/yessss.pics.cpl
  • http://restauraciaberehovo.sk/images/Alertantv.jpg
  • http://restauraciaberehovo.sk/images/loadns.jpg
  • http://www.kai-schlebusch.de//modules/mod_acepolls/yesss.pics.exe
  • http://www.limperonline.com.br/RWLD/cc/exe2.exe
  • http://www.limperonline.com.br/RWLD/cc/klx.exe
  • http://www.limperonline.com.br/RWLD/cc/start1.exe
  • http://www.limperonline.com.br/RWLD/exe/minner/bitcoinminercuda_10.cubin
  • http://www.limperonline.com.br/RWLD/exe/minner/bitcoinminercuda_11.cubin
  • http://www.limperonline.com.br/RWLD/exe/minner/bitcoinminercuda_20.cubin
  • http://www.limperonline.com.br/RWLD/exe/minner/bitcoinmineropencl.cl
  • http://www.limperonline.com.br/RWLD/exe/minner/cudart32_32_16.dll
  • http://www.limperonline.com.br/RWLD/exe/minner/curllib.dll
  • http://www.limperonline.com.br/RWLD/exe/minner/libeay32.dll
  • http://www.limperonline.com.br/RWLD/exe/minner/libsasl.dll
  • http://www.limperonline.com.br/RWLD/exe/minner/minerador.exe
  • http://www.limperonline.com.br/RWLD/exe/minner/openldap.dll
  • http://www.limperonline.com.br/RWLD/exe/minner/rpcminer-4way.exe
  • http://www.limperonline.com.br/RWLD/exe/minner/rpcminer-cpu.exe
  • http://www.limperonline.com.br/RWLD/exe/minner/rpcminer-cuda.exe
  • http://www.limperonline.com.br/RWLD/exe/minner/rpcminer-opencl.exe
  • http://www.limperonline.com.br/RWLD/exe/minner/ssleay32.dll
DNS Requests
  • ada95.de
  • restauraciaberehovo.sk
  • www.kai-schlebusch.de
  • www.limperonline.com.br

Example 3

File Information

Size
21K
SHA-1
d53aa700fa392250736a368dab60e058da9a16ef
MD5
48a861fbcd1bba0117df26cb0f0d20b0
CRC-32
7c900ceb
File type
Windows executable
First seen
2012-10-26

Runtime Analysis

HTTP Requests
  • http://www.limperonline.com.br/RWLD/exe/minner/bitcoinminercuda_10.cubin
DNS Requests
  • www.limperonline.com.br