Examples of Troj/Jorik-B include:
Example 1
File Information
- Size
- 47K
- SHA-1
- 1ce61bde1e8cd696f17d365d594d42486cdcfd85
- MD5
- 046af4c1caad5d3c0de6206c3e950cb7
- CRC-32
- d2ffb8c9
- File type
- application/x-ms-dos-executable
- First seen
- 2011-03-08
Example 2
File Information
- Size
- 55K
- SHA-1
- dfeb9113c8339147e5b18dcf85b14dab00409e36
- MD5
- 3addc28fe2eca10e5e8639c410768a41
- CRC-32
- 248a8c5a
- File type
- application/x-ms-dos-executable
- First seen
- 2011-03-08
Example 3
File Information
- Size
- 76K
- SHA-1
- ee6cebba1400123261b3ddf218527b49558ab2b8
- MD5
- 9c88727d911e029953418605f41c1392
- CRC-32
- 7c37e3cc
- File type
- application/x-ms-dos-executable
- First seen
- 2011-03-06
Other vendor detection
- Kaspersky
- Trojan.Win32.Jorik.SdBot.mq
Runtime Analysis
Copies Itself To
- C:\Program Files\nvsvc32.exe
- C:\WINDOWS\nvsvc32.exe
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- NVIDIA driver monitor
- c:\test_item.exe
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- c:\test_item.exe
- c:\test_item.exe:*:Enabled:NVIDIA driver monitor
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent
- LogSessionName
- stdout
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- NVIDIA driver monitor
- c:\test_item.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh
- LogSessionName
- stdout
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
- NVIDIA driver monitor
- c:\test_item.exe
- HKLM\SOFTWARE\Microsoft\Tracing\FWCFG
- EnableConsoleTracing
- 0x00000000
Processes Created
- c:\windows\system32\net.exe
- c:\windows\system32\net1.exe
- c:\windows\system32\netsh.exe
- c:\windows\system32\sc.exe
IP Connections
- 146.160.147.53:1866
- 49.61.182.240:1866
DNS Requests
- albertoshistory.info
- ale.pakibili.com
- astro.ic.ac.uk
- ate.lacoctelera.net
- beta.neogen.ro
- deirdremccloskey.org
- epp.gunmablog.jp
- erdbeerlounge.de
- goodreads.com
- heidegger.x-y.net
- hrm.uh.edu
- insidehighered.com
- jb.asm.org
- journalofaccountancy.com
- journals.lww.com
- love.jabuka1234.com
- mas.0730ip.com
- mas.ahlamontada.com
- mas.archivum.info
- mas.josbank.com
- mas.juegosbakugan.net
- mas.mtime.com
- mas.tguia.cl
- mas.univie.ac.at
- mcsp.lvengine.com
- middleastpost.org
- mix.price-erotske.in.rs
- mix.thenaturistclub.com
- mmm.bolbalatrust.org
- old.longjuyt2tugas.com
- old.youku.com
- ols.systemofadown.com
- ope.oaklandathletics.com
- opl.munin.irf.se
- pra.aps.org
- pru.landmines.org
- qun.51.com
- refugee-action.org.uk
- screenservice.com
- scribbidyscrubs.com
- shopstyle.com
- southampton.ac.uk
- stayontime.info
- summer-uni-sw.eesp.ch
- transnationale.org
- tripadvisor.com
- uks.linkedin.com
- unclefed.com
- versatek.com
- websitetrafficspy.com
- windowsupdate.jebac.net
- www.shearman.com
- xxx.jagdcom.de
- xxx.stopklatka.pl