Troj/Inject-AAX

Category: Viruses and Spyware Protection available since:30 Nov 2012 20:03:42 (GMT)
Type: Trojan Last Updated:30 Nov 2012 20:03:42 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Inject-AAX exhibits the following characteristics:

File Information

Size
160K
SHA-1
131d1c420a36ab1056394e7c99241b1f05bef4c7
MD5
89ccf48123b3a3d4ecde1fa1b08a2843
CRC-32
61e1daab
File type
Windows executable
First seen
2012-11-30

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ok.db
    Size
    666
    SHA-1
    2cf33e34d08b8e17743a60352baffef4b6f02dee
    MD5
    9e1e5883c74742a497cf5c272ccd2321
    CRC-32
    05e148db
    File type
    Unspecified binary - probably data
    First seen
    2012-05-23
  • c:\Documents and Settings\test user\Local Settings\Temp\PC.txt
    Size
    2.2K
    SHA-1
    7b19113e22a4c9b0b1c4b7c9d05eb2ef947769ee
    MD5
    949a1499b1dc766551a0f395bcfc1247
    CRC-32
    bd2e2925
    File type
    JavaScript
    First seen
    2012-11-30
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012113020121201
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel
    Autoconfig
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    ProxyHttp1.1
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
    ResetWebSettings
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    ProxyHttp1.1
    0x00000000
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\Windows\system32\userinit.exe,C:\DOCUME~1\support\LOCALS~1\Temp\crss.exe,
  • HKLM\SOFTWARE\Microsoft\Security Center
    UpdatesDisableNotify
    0x00000001
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\find.exe
  • c:\windows\system32\fsutil.exe
  • c:\windows\system32\reg.exe
HTTP Requests
  • http://216.119.145.141/googles/support-PC
  • http://clients1.google.com.br/generate_204
  • http://ssl.gstatic.com/gb/js/scm_eddee64586f4dba0b07603756d2e5010.js
  • http://www.google.com.br/
  • http://www.google.com.br/images/srpr/logo1w.png
  • http://www.google.com.br/images/srpr/nav_logo80.png
  • http://www.google.com.br/xjs/_/js/hp/sb_he,pcc/rt=j/ver=ekMxmVjFIzI.en_US./d=1/sv=1/rs=AItRSTM0lksRtI2VxMWJM1mGGSAc7V2OnQ
IP Connections
  • 216.119.145.141:80
DNS Requests
  • clients1.google.com.br
  • ssl.gstatic.com
  • www.google.com.br