Troj/DwnLdr-KJW

Category: Viruses and SpywareProtection available since:21 Nov 2012 21:02:06 (GMT)
Type: TrojanLast Updated:21 Nov 2012 21:02:06 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/DwnLdr-KJW include:

Example 1

File Information

Size
144K
SHA-1
12dd2ec54966f1b9138a08547e32d323fc350325
MD5
67cbc4a273b5b752cb02fab24bc914d4
CRC-32
69d2ca77
File type
Windows executable
First seen
2012-11-10

Runtime Analysis

Registry Keys Created
  • HKCR\Interface\{21FDC190-FE7B-433F-9C61-3A6E59F75107}\ProxyStubClsid
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\Interface\{21FDC190-FE7B-433F-9C61-3A6E59F75107}\TypeLib
    Version
    1.0
  • HKCR\TypeLib\{A2A0965C-D26E-4DEF-A400-63B6E72EC80B}\1.0\HELPDIR
    (Default)
    c:\
  • HKCR\TypeLib\{A2A0965C-D26E-4DEF-A400-63B6E72EC80B}\1.0\FLAGS
    (Default)
  • HKCR\Interface\{21FDC190-FE7B-433F-9C61-3A6E59F75107}\ProxyStubClsid32
    (Default)
    {00020424-0000-0000-C000-000000000046}
  • HKCR\TypeLib\{A2A0965C-D26E-4DEF-A400-63B6E72EC80B}\1.0\0\win32
    (Default)
    c:\test_item.dll
  • HKCR\Interface\{21FDC190-FE7B-433F-9C61-3A6E59F75107}
    (Default)
    IOAddin
  • HKCR\TypeLib\{A2A0965C-D26E-4DEF-A400-63B6E72EC80B}\1.0
    (Default)
    Outlook Addin 1.0 Type Library
HTTP Requests
  • http://140.135.11.60/css.ashx
  • http://jobster.servehttp.com/css.ashx
IP Connections
  • 140.135.11.60:80
DNS Requests
  • jobster.servehttp.com
  • mail.google.com

Example 2

File Information

Size
143K
SHA-1
383eacfd48ed8f8fbb64bba265b44af9494fe83b
MD5
fa110f2ca81b5a8c84c1753489618660
CRC-32
f1445f06
File type
Windows executable
First seen
2012-11-10

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ssl
    regsvr32 /s "c:\Documents and Settings\test user\Application Data\openssl\ssheay.dll"
Processes Created
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://140.135.11.60/css.ashx
  • http://jobster.servehttp.com/css.ashx
IP Connections
  • 140.135.11.60:80
DNS Requests
  • jobster.servehttp.com

Example 3

File Information

Size
1.2M
SHA-1
a7ea4ed499c97bf6ae4a688f51438f27fede99f2
MD5
595e4d2b8c3a08ae99a157175fe9c3af
CRC-32
650c515c
File type
Windows executable
First seen
2012-11-21

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\sample.tmp
Dropped Files
  • c:\Documents and Settings\test user\Application Data\openssl\ssheay.dll
    Size
    144K
    SHA-1
    12dd2ec54966f1b9138a08547e32d323fc350325
    MD5
    67cbc4a273b5b752cb02fab24bc914d4
    CRC-32
    69d2ca77
    File type
    Windows executable
    First seen
    2012-11-10
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFF5AB.tmp
    Size
    143K
    SHA-1
    383eacfd48ed8f8fbb64bba265b44af9494fe83b
    MD5
    fa110f2ca81b5a8c84c1753489618660
    CRC-32
    f1445f06
    File type
    Windows executable
    First seen
    2012-11-10
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFF5AA.tmp
    Size
    972K
    SHA-1
    0c7df38306bb0804748967ba3f2de4421bb89657
    MD5
    96d617b5b665fef7913c0475f412cf99
    CRC-32
    92c19709
    File type
    Windows executable
    First seen
    2012-11-21
  • C:\sample.scr
    Size
    972K
    SHA-1
    0c7df38306bb0804748967ba3f2de4421bb89657
    MD5
    96d617b5b665fef7913c0475f412cf99
    CRC-32
    92c19709
    File type
    Windows executable
    First seen
    2012-11-21
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ssl
    regsvr32 /s "c:\Documents and Settings\test user\Application Data\openssl\ssheay.dll"
Processes Created
  • c:\docume~1\support\locals~1\temp\sample.scr
  • c:\docume~1\support\locals~1\temp\sample.tmp
  • c:\docume~1\support\locals~1\temp\tmp2.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://140.135.11.60/css.ashx
  • http://jobster.servehttp.com/css.ashx
IP Connections
  • 140.135.11.60:80
DNS Requests
  • jobster.servehttp.com