Troj/Dyreza-BL

Category: Viruses and SpywareProtection available since:07 Feb 2015 00:29:26 (GMT)
Type: TrojanLast Updated:07 Feb 2015 00:29:26 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Dyreza-BL include:

Example 1

File Information

Size
12K
SHA-1
79b631306b575b0fa3e96ef6d554d1203f2fe27d
MD5
1a9d39436c1597108f8baf6d7dc5dd45
CRC-32
851bcaa9
File type
PK ZIP archive
First seen
2015-02-06

Example 2

File Information

Size
24K
SHA-1
9faac97f5d9b8f6885592d530229d42e49ef564c
MD5
1d38c362198ad67329fdf58b4743165e
CRC-32
5c94305b
File type
Windows executable
First seen
2015-02-06

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\tubeini.exe
Dropped Files
  • C:\WINDOWS\XnnSLOfD.exe
    Size
    552K
    SHA-1
    882f43bea5a210889bd149cdd44613e142a6108c
    MD5
    278d5ff287ca2172b5308fe04bb20431
    CRC-32
    bfda9dc4
    File type
    Windows executable
    First seen
    2015-02-06
  • c:\Documents and Settings\test user\Local Settings\Temp\tubei560T.txt
    Size
    424K
    SHA-1
    3de6f7475b467b46d045eb29ebb100d15212a4f9
    MD5
    6643e36630b9826fc740a79d6212a0cf
    CRC-32
    c9f7fd08
    File type
    Unspecified binary - probably data
    First seen
    2015-02-06
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    marker_gjru_fbegrihlgm
    TRUE
  • HKLM\SYSTEM\CurrentControlSet\Services\googleupdate
    ObjectName
    LocalSystem
  • HKLM\SYSTEM\CurrentControlSet\Services\googleupdate\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
Registry Keys Modified
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
    C:\WINDOWS\system32\config\systemprofile\Application Data
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
    C:\WINDOWS\system32\config\systemprofile\Application Data
Processes Created
  • c:\docume~1\support\locals~1\temp\taefhx2.exe
  • c:\docume~1\support\locals~1\temp\tubeini.exe
  • c:\windows\xnnslofd.exe
HTTP Requests
  • http://checkip.dyndns.org/
  • http://cwvancouver.com/cp/images/digits/arrowu.jpg
  • http://harveyouellet.com/TOXICOUSTIQUE/arrowu.jpg
IP Connections
  • 178.47.141.100:12101
  • 178.47.141.100:12102
DNS Requests
  • checkip.dyndns.org
  • cwvancouver.com
  • google.com
  • harveyouellet.com
  • stun.internetcalls.com
  • stun.iptel.org
  • stun2.l.google.com