Troj/Floki-A

Category: Viruses and Spyware Protection available since:14 Dec 2016 03:59:50 (GMT)
Type: Trojan Last Updated:14 Dec 2016 03:59:50 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Floki-A include:

Example 1

File Information

Size
232K
SHA-1
5ac80df4f80d466e616d13e8d35be3fe9da5a45e
MD5
cc38fd598cbef1a3816bb64f2990e9b6
CRC-32
02cb4cdf
File type
Windows executable
First seen
2016-11-06

Other vendor detection

Avira
TR/Dropper.Gen

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\yplaax\ewnuhef.exe
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\Nykyhi\roar.tmp
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\ewnuhef.lnk
Registry Keys Created
  • HKCU\Software\Microsoft
    ewnuhef.exe
    □_□□□□ □□`□□□□□□□□□M□pU□0>□□□□ □□□c□ □□ □□□q□□A□□□□0□□□□□□□□0@□p□□□□□□~□P□□p`□□@□□L□□□□`□□□V□□□□0□□p□□ f□□!□□o□□□□P>□□□□`□□□%□□□□@□□□z□@□□pm□0?□□□□□r□□_□□□□P□□□I□□6□□p□□□□□□□□□□□□□□□□□w□□@□□I□□8□pF□ Z□@□□□□□`□□ ^□@B□□□□@□□p□□□□□@□□ □□ □□□□□0□□P□□□□□□□□□□□□□□□□□P□□□r□P□□□□□□F□□□□p&□□5□□□□□□□□:□ E□@<□□□□□R□@d□□I□□□□□.□□C□PG□@□□P9□□□□P□□□□□□N□□□□0M□□9□□□□p□□□o□□d□□□□□□□□F□0v□`0□□-□□<□□0□□@□ □□□□□□□□□&□□□□□□□0A□@X□pb□@□□ □□□□□□(□□#□□4□□□□`\□□□□□□□□G□`□□□□□pf□□□□□t□□□□□□□p□□□,□`□□`]□0□□□□□□□□□□□ +□□□□□5□P□□□□□0□□□□□p&□p□□□O□PK□□□□□{□□v□□□□□□□□□□□□□□□□□4□□□□pV□□□□ □□□□□P□□pI□□□□□□□p!□□□□□□□Pi□P_□P□□□G□□□□□□□□G□p□□□□□□□□□J□@c□□□□□□□□□□□@□P□□0G□`□□0□□□\□□□□□□□ □□`Q□□□□□u□□□□□□□□□□0□□□□□0□□□H□p□□□U□□□□□□□`*□0G□□□□□□□0W□ □□□:□□X□
  • HKCU\Software\Microsoft\Xeezy
    Ydelot
    A□□□{□□]□□□□□g□P□□Pf□□x□□□□□□ □□□□□`□□□□□□□□`□□`p□ □□□□□□j□□L□P□□□□□P1□□□□0□□□y□□Q□0□□pp□0□□□□□□□□□□□□□□□j□`□□□□□□□□□R□P!□□□□□2□□s□P□□□□□ □□□(□□□□`□□0□□ □□□□□p□□□^□□k□@□□□.□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\windows\explorer.exe
IP Connections
  • 192.168.0.103:55
DNS Requests
  • vtraffic.su

Example 2

File Information

Size
238K
SHA-1
5ae4f380324ce93243504092592c7b275420a338
MD5
37768af89b093b96ab7671456de894bc
CRC-32
80936b26
File type
Windows executable
First seen
2016-11-14

Other vendor detection

Avira
TR/Dropper.Gen

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\orohq\cauwiw.exe
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\Lyaxo\yhyc.tmp
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\cauwiw.lnk
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft
    cauwiw.exe
    □□□□□□ □□□□□0j□`<□ L□ □□□"□P□□□c□`T□`5□pn□□□□□□□□□□p□□ □□□□□□□□□"□□□□□□□PJ□pK□□□□0f□0□□ □□□□□@□□□□□□z□@□□□□□□:□pp□□□□□/□□□□□□□□□□□□□@□□□□□□□□p□□□□□□{□□k□@:□@□□□□□ □□@,□@□□□o□@3□@□□□□□□□□@t□□X□p□□□l□□□□□\□□□□ □□□□□□□□p%□□S□□□□ □□□□□p□□□u□`f□□>□□)□`□□□□□□_□□□□0□□□□□□?□ □□□□□□-□□.□□D□□□□@□□□v□□□□□V□□-□□/□`L□□□□□□□□□□□□□p□□□□□`□□□^□□~□□R□pW□0□□p□□p□□p>□□Y□□Q□@G□□□□□{□@)□□□□ #□□□□□%□Py□□□□□□□□□□□□□□□□□7□□□□□□□`□□p□□□□□□G□□□□□□□P□□□□□□□□pB□□□□ Y□□□□□□□ □□0b□□%□□□□□□□□□□□□□□□□`□□□□□pK□□□□p□□□"□□□□□□□□□□`□□□□□P□□□□□□□□ [□□□□□□□P@□@+□□□□`□□□□□□a□□□□□□□□O□□@□□□□ □□P<□`□□□"□pN□ □□@□□0□□□□□□□□0c□□□□0□□□x□□□□0.□P^□□□□□m□p□□□□□@j□ □□p□□P□□□{□□c□`s□□□□□□□0□□□□□□`□□□□□□□□S□□:□□□□□□□0□□□□□□□□@□□0□□□□□0D□□□□□o□□□□`□□□G□0□□`\□□<□□□□@□□□.□
  • HKCU\Software\Microsoft\Neiwq
    Xiebsuaz
    □□□P□□□□□P@□□□□□□□□/□□!□□□□□z□□□□□□□pu□`□□p□□□□□□□□□8□p□□□□□□K□□□□`□□□□□□□□□□□□□□P\□□s□P□□□□□□0□□□□□□□@□□□□□□□□ □□@□□□@□□□□p□□`Q□□□□□8□Ph□P□□□□□@□□@^□□□□ E□□□□0□□p□□ □□□□□P□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\windows\explorer.exe
DNS Requests
  • extensivee.bid

Example 3

File Information

Size
232K
SHA-1
7583d06da294a47ddcc48b2b19f19d6a5220c1fc
MD5
20816af7c443180cccc6aa962151af67
CRC-32
f5219192
File type
Windows executable
First seen
2016-11-08

Other vendor detection

Avira
TR/Dropper.Gen

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\dyzy\ipaql.exe
Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\ipaql.lnk
    Size
    631
    SHA-1
    458ebe7660d3ef2ded975f327fa47fe876d47392
    MD5
    fcbb9c734746eaffb0746d3ac76c11d4
    CRC-32
    29998796
    File type
    Windows Shortcut file (.LNK)
    First seen
    2016-12-13
  • C:\Documents and Settings\All Users\Application Data\Idzu\myomm.tmp
    Size
    1.2K
    SHA-1
    5a58a365be22bc6a7a99def573238f8dcea0f4b5
    MD5
    15932316e8f7571c3739f7fd2863a1ae
    CRC-32
    75d40d44
    File type
    Unspecified binary - probably data
    First seen
    2016-12-13
Registry Keys Created
  • HKCU\Software\Microsoft
    ipaql.exe
    □0□□□□□□□ □□□M□□q□□#□@□□0W□□□□□>□□□□□□□ □□□□□□(□□□□□<□□"□□□□□|□□P□P □□□□□□□□□□□h□ □□PQ□□□□□□□□□□□□□□□□□□□pT□□f□□□□□n□□□□□□□□□□□n□□□□0□□□□□□1□ □□□/□□□□`h□p□□□□□□□□□n□□□□□$□p□□□□□□□□□S□□□□`x□`□`c□□b□`□□□□□□K□□□□□H□P□□□Y□P□□0□□□k□P>□□Z□@D□@X□□□□□□□□(□□□□□4□0□□□-□p□□ □□□_□□□□□□□□□□□N□□□□□□□0□□□□□□□□□u□□□□□□□□□□`□□□□□@□□□6□@□□p□□ps□□□□Ps□□□□ %□□=□ □□0L□□□□□a□□□□□□□0H□□□□□□□P□□□□□□□□P□@□□@[□□□□0(□□□□□□□□□□PW□□□□`□□@□□□)□□□□p□□p□□ ;□0□□□□□□□□□□□k□□□□□S□□5□□□□`□□□□□□□□□□□`□□□□□□□□□`□□:□0□□□□□0□□ #□□□□@z□□K□□□□□□□□^□□<□□A□□□□□□□□□□□□□□P□`□□ p□ >□ □□□#□□□□□□□□□□ T□`□□□□□□□□□3□pd□□□□@□□□□□□□□@□□□□□ □□□Z□□□□□f□□□□@□□□□□@□□□□□□a□□□□0□□@□□□3□0□□P+□□w□□□□PH□□□□p,□`]□@□□ □□□"□□\□0□□ A□ □□ □□□}□□□□p□□0 □PJ□0□□PA□`□□□□□ □□□U□@□□□g□□0□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Opubc
    Hoexqoiv
    QY□□□□□□□□K□@□□□□□□□□□c□□□□□x□□□□□□□0□□□□□0v□□F□□□□□,□□□□ □□0□□p□□ □□ □□□□□□□□ □□ □□ b□□'□□q□□_□□□□□□□□=□PT□□S□□x□□□□`f□□□□□R□□B□□□□□□□□□□□@□@?□□□□□i□□□□PO□□{□□□□□□□@g□P□□p□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\windows\explorer.exe
IP Connections
  • 192.168.0.103:55
DNS Requests
  • uspal.cf

download Try Sophos products for free
Download now