Troj/Fareit-DEB

Category: Viruses and Spyware Protection available since:14 Jun 2017 00:40:10 (GMT)
Type: Trojan Last Updated:14 Jun 2017 00:40:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Fareit-DEB exhibits the following characteristics:

File Information

Size
747K
SHA-1
d45b8ef2ee80570e4b35b2c26dd128c4667a96e4
MD5
9ecc5c5cacf88fd343f5709fc591404f
CRC-32
12601c33
File type
Windows executable
First seen
2017-06-13

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\emf\efm.docx
    Size
    810
    SHA-1
    0a8f8fe63aff882c4ea83444a9f9dd5f2e2d5284
    MD5
    b7ad5e020fef99d2ae9ba69532fc4a5e
    CRC-32
    75e93d33
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\abr.txt
    Size
    154
    SHA-1
    bd55e392aad9cd40f1ebc2cdbbfd776c8768d600
    MD5
    e5628070aad62c5e4fd1a1143290df1d
    CRC-32
    1f9f4d4f
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\igl.jpg
    Size
    1.3K
    SHA-1
    286e5d930976166df5bb32b79dbf56e4786ce77c
    MD5
    898ef0e1a8f0fed7ec3efef60847095b
    CRC-32
    33476312
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\fmv.mp4
    Size
    2.1K
    SHA-1
    c49b58096f0bf3efc64c2c70a707242336a4db50
    MD5
    dae1c94c3f2e60e6ff78eecdfab024af
    CRC-32
    25507c41
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\lpg.jpg
    Size
    1.2K
    SHA-1
    3f9657f4fbd03232150533b2503e5eea60642946
    MD5
    a69ab41c018eeaa464622dcaf3f42800
    CRC-32
    5fdbf657
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\chv.ppt
    Size
    1.9K
    SHA-1
    b276af6c364cde50481a2f66c86335bbc04d59d1
    MD5
    6f65f983b288db152525ab8ba7eb79c9
    CRC-32
    7f3d0f74
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\wrv.ico
    Size
    1.6K
    SHA-1
    07e28a53fd5ac3af57d9328aae9d46c041855814
    MD5
    71afc9265980f5167d0b629e92b086ff
    CRC-32
    c945659c
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\aur.ico
    Size
    867
    SHA-1
    e1ec08ff46a9df28bc35f8f055e2c0173ef6f879
    MD5
    813c8a9d1c8376cbef2f46c3c94e62c8
    CRC-32
    69916f58
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\eaw.mp4
    Size
    233
    SHA-1
    789773f98f596eb1ef80500e9efbe524e51a835b
    MD5
    e890b35dd8eaeb6137a81d797811f38c
    CRC-32
    3b84401a
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\jtb.jpg
    Size
    1.5K
    SHA-1
    81c713f2eed928cdab1f79ae0e878c28ed8a45e7
    MD5
    5b6c692d9f5d1d577191351f62cbeaf0
    CRC-32
    db2d946b
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\mvc.pdf
    Size
    975
    SHA-1
    692bb60ec7e35ef0b4cd20b097cb858902a46a14
    MD5
    d643e6dec9f1165629ac5c7bab48fd3d
    CRC-32
    8b6517bb
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\jxn.jpg
    Size
    1.3K
    SHA-1
    956a0dfd6d14e4941328299994f4678fd172b48c
    MD5
    5f3b93834a5d2b45f7ffe2640b075c27
    CRC-32
    6d59fa50
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\rvh.txt
    Size
    858
    SHA-1
    23870b9cfda6cb497426db1f5efe6143ecf72eef
    MD5
    2b04552d77a02e1caeaf1c06054c2840
    CRC-32
    3a627630
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\guu.ppt
    Size
    1.5K
    SHA-1
    e0c84a5dee971c2c6f14cd744b157e3fc9f07144
    MD5
    4635cc9d13441554a17b5732dfba85d4
    CRC-32
    1656db13
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\tvw.ico
    Size
    1.9K
    SHA-1
    f257cdcbb2408d6c38505d9f8d8a10defedd3001
    MD5
    17d508b3cfb9aa52591f707ff1a66fae
    CRC-32
    9c4923a3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\kgd.exe
  • c:\Documents and Settings\test user\Application Data\emf\fva.ppt
    Size
    1.3K
    SHA-1
    761f039393b8711d67d8ff4a2b42c2f220e17e89
    MD5
    610be879a71e3cf098363df43c8aebf4
    CRC-32
    3f339b5c
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\pio.txt
    Size
    1.6K
    SHA-1
    504ab431656f692d10c008c8beb76b3de92806d9
    MD5
    53374540a0c6c3173fb354b0d2258998
    CRC-32
    8d87bc26
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\nrc.jpg
    Size
    1.5K
    SHA-1
    e3e036fa60688f4fed8fbc7f574975193bc616fb
    MD5
    49a66c3858eb6826f1813d3890ee7beb
    CRC-32
    0584879a
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\uca.txt
    Size
    1.9K
    SHA-1
    fc99402f4a3ae5c7226914b6430ff6a6047c1bd4
    MD5
    56649478ac09d1684a3422288426132c
    CRC-32
    e02e9834
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\xhu-hrs
    Size
    7.4M
    SHA-1
    319aab58fa44e0ec672768539cb2418ea9d16d0c
    MD5
    c5d41845ee9d2c27290ba4a6cb48ef02
    CRC-32
    28a3fa9b
    File type
    Unspecified binary - probably data
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\kve.txt
    Size
    1.1K
    SHA-1
    62467f36b8bff076814a744dd907c81eabdbdf9d
    MD5
    9dcea54e2164685c1997baa481cfab7d
    CRC-32
    a8801d1c
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\kin.txt
    Size
    635
    SHA-1
    db84061909b8166c08a31efe63e416765230e8db
    MD5
    9cdabaa5cf16645f3ad957b037fdab9c
    CRC-32
    0b2f8e8b
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\CF2254\460F75.exe
  • c:\Documents and Settings\test user\Application Data\emf\gtl.ico
    Size
    2.0K
    SHA-1
    5e2b475e4aa8ba562cb95b6fbf5c2ce1f29ded23
    MD5
    af4821fa63fd25f571cbd461c7f1c8c6
    CRC-32
    4559719e
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\04677c6e-cd32-464d-a810-b84cbc9ee638
    Size
    388
    SHA-1
    78c19ccac466b5c4f95f238c716836a9d50692b7
    MD5
    8bacf8826af211fa4421812707b12183
    CRC-32
    8459e6ba
    File type
    Unspecified binary - probably data
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\crb.jpg
    Size
    1.3K
    SHA-1
    a1c37b995b5c657fb4748f1ad8ba904ffec42f96
    MD5
    5fdf5bdba3c96a55fda8d353a029ea05
    CRC-32
    502bece2
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\mij.jpg
    Size
    78
    SHA-1
    b726a325ed27f92221cc50eb16935bc953434a8b
    MD5
    9dd95b1c014f1fb78f4a4a1a87ff9b0c
    CRC-32
    dfc24b1f
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\mid.ico
    Size
    1.1K
    SHA-1
    7e6319eb10ec9e421f10b31a84127c63a514d830
    MD5
    7ded7c68eea69c3f720cca1ded1e0acf
    CRC-32
    f3c2fcb5
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\amg.mp3
    Size
    1.1K
    SHA-1
    3be66ff7383877d8e14fb8b0bf975c6add0b108e
    MD5
    1d4fec2d86c0a2d9032dcc999a87ffec
    CRC-32
    6cea8e45
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\nah.pdf
    Size
    1.4K
    SHA-1
    71e0a93809760cb1e7ee62fb75d2271b24216238
    MD5
    7179013e0c1e7942cc1395a3b9fea0b7
    CRC-32
    718c43c0
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\owc.icm
    Size
    426K
    SHA-1
    362db55c052704a25cf9388c31ee48410a3b5223
    MD5
    739e1adb8397fd766c8722bdf0328891
    CRC-32
    3dc63311
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\nag.mp4
    Size
    1.3K
    SHA-1
    abe406772fb28a87da437f88ef5bb6628ff06760
    MD5
    b27b00f70ecff69a4d81292113c46d1b
    CRC-32
    7f922817
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\nki.docx
    Size
    1.6K
    SHA-1
    ef0f74053f8c2ede0b72e1c0afadbb6985287465
    MD5
    a5d517c071e2b584d64c8fc71c986cd8
    CRC-32
    d27110ee
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\uor.pdf
    Size
    1.7K
    SHA-1
    2d7d0653e64c1529bedd3673d840e6c828658ab4
    MD5
    e55b8bd5cd20d27c405732a8b6ac2f4f
    CRC-32
    ad0b6972
    File type
    Base64 encoded
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\vrf.docx
    Size
    963
    SHA-1
    facf3eedeaf4c945d143bee011d4b6f8387cec80
    MD5
    65a200d8e531634ce13d372e5520c033
    CRC-32
    198f8082
    File type
    application/octet-stream
    First seen
    2017-06-13
  • c:\Documents and Settings\test user\Application Data\emf\vue.xl
    Size
    331
    SHA-1
    6776d1206d6af90106594767b16b76ca535b4bf0
    MD5
    1ab6ec6dad2797dead217383411ef780
    CRC-32
    17eda44b
    File type
    Base64 encoded
    First seen
    2017-06-13
Modified Files
  • %PROFILE%\Application Data\Microsoft\Protect\S-1-5-21-1202660629-1454471165-1275210071-1003\Preferred
  • %PROFILE%\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1202660629-1454471165-1275210071-1003\844641068f15df8c2e25fea3578f59c8_26c19984-2a01-45b5-a7b3-a568af60c200
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    WindowsUpdate
    c:\Documents and Settings\test user\Application Data\emf\kgd.exe C:\DOCUME~1\support\APPLIC~1\emf\xhu-hrs
Processes Created
  • c:\Documents and Settings\test user\application data\emf\kgd.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\regsvcs.exe
DNS Requests
  • toopolex.com