Troj/Goldsun-B

Category: Viruses and Spyware Protection available since:29 May 2014 00:09:35 (GMT)
Type: Trojan Last Updated:29 May 2014 00:09:35 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Goldsun-B include:

Example 1

File Information

Size
45K
SHA-1
93121ff36d705eb3559f18be2be370ca56a7aafe
MD5
331140c7ffaea93ed807f86720b5929e
CRC-32
3cd6c1f1
File type
Windows executable
First seen
2011-06-14

Example 2

File Information

Size
28K
SHA-1
9c3799c4618094098eb26d3cc48f7d47e314d85d
MD5
8314534e82f50fc258b867b094083826
CRC-32
93a8b95b
File type
Windows executable
First seen
2014-02-10

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\spxroute.tmp
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Control\Class\{76891FC6-C786-11DD-CE70-0800B7B60147}\000
    Indeo
    0x00000000
HTTP Requests
  • http://211.72.62.111/httpdocs/prx.sec
IP Connections
  • 211.72.62.111:80

Example 3

File Information

File type
Windows executable

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\kernel32.exe
  • C:\WINDOWS\system32\shell32.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF729.tmp
    Size
    4.0K
    SHA-1
    eb59bb42e1ac29f183b93cd2be08b70b5047a487
    MD5
    43bf420e5a42dd95aac5b40335f15c61
    CRC-32
    4d7dfc9d
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-02
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\INTEL
    Version
    3.□@.□□□□□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Service
    shell32.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,kernel32.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
HTTP Requests
  • http://lws.kimoo.com.tw/httpdocs/mm/PC-00-0C-29-C2-2F-3E/ComMand.sec
DNS Requests
  • lws.kimoo.com.tw

download Try Sophos products for free
Download now