Troj/MSIL-ALO

Category: Viruses and SpywareProtection available since:01 Oct 2014 11:41:42 (GMT)
Type: TrojanLast Updated:01 Oct 2014 11:41:42 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MSIL-ALO exhibits the following characteristics:

File Information

Size
1.7M
SHA-1
da123a308801d86cc146d3684a704a0ca5f29a61
MD5
5f08ca8afb6b29fa0687c2cd33bbcc57
CRC-32
db1ef4b9
File type
Windows executable
First seen
2014-09-30

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\FolderName\file.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\tmp.exe
    Size
    444K
    SHA-1
    d70c8f84e4b51948b915d91974c19ab83b60616f
    MD5
    1e2b832a05f16006dd6a9996fa5c3735
    CRC-32
    a7963935
    File type
    Windows executable
    First seen
    2014-10-01
  • c:\Documents and Settings\test user\Local Settings\Temp\notepad .exe
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\tmp.exe
    Size
    444K
    SHA-1
    d70c8f84e4b51948b915d91974c19ab83b60616f
    MD5
    1e2b832a05f16006dd6a9996fa5c3735
    CRC-32
    a7963935
    File type
    Windows executable
    First seen
    2014-10-01
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014100120141002
    CacheRepair
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    c:\Documents and Settings\test user\Local Settings\Temp\FolderName\file.exe
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\foldername\file.exe
  • c:\Documents and Settings\test user\local settings\temp\tmp.exe
  • c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\find.exe
  • c:\windows\system32\tasklist.exe
  • c:\windows\system32\wscript.exe
HTTP Requests
  • http://bot.whatismyipaddress.com/
  • http://www.ebis.pro/images/invoice_img.png
DNS Requests
  • bot.whatismyipaddress.com
  • mail.dakila.org.ph
  • www.ebis.pro