Troj/MSIL-BK

Category: Viruses and Spyware Protection available since:27 Feb 2013 20:13:45 (GMT)
Type: Trojan Last Updated:06 Nov 2015 19:26:09 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/MSIL-BK include:

Example 1

File Information

Size
948K
SHA-1
0eee7f9c4550eb406053da7646f86b9e9ca49283
MD5
d94a7cc39cd1ecd75c017c3bd4c6f01a
CRC-32
01feae25
File type
Windows executable
First seen
2012-11-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Java(TM) Update Scheduler.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AppLaunch\jusched.exe
  • c:\Documents and Settings\test user\Application Data\dclogs\2012-11-21-4.dc
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Java(TM) Update Scheduler
    c:\Documents and Settings\test user\Application Data\Java(TM) Update Scheduler.exe
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\applaunch\jusched.exe
DNS Requests
  • hannesotto.zapto.org

Example 2

File Information

Size
603K
SHA-1
2be192040e73f6e1541bcd424178b407d50ae9a3
MD5
6247c9615000f7c70e5e9aa21dd4fd1c
CRC-32
020c3668
File type
Windows executable
First seen
2012-11-13

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\FacbookUpdate.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\5L7TARUFZB.exe
  • c:\Documents and Settings\test user\Application Data\keylogs
  • c:\Documents and Settings\test user\Local Settings\Temp\AppLaunch\Service.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    FacbookUpdate
    c:\Documents and Settings\test user\Application Data\FacbookUpdate.exe
  • HKCU\Software\VB and VBA Program Settings\SrvID\ID
    AI0MY5T3LN
    stewartd4's Bot
  • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
    AI0MY5T3LN
    November 14, 2012
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\Application Data\5L7TARUFZB.exe
    c:\Documents and Settings\test user\Application Data\5L7TARUFZB.exe:*:Enabled:Windows Messanger
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\applaunch\service.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • 1netcrpytedser.no-ip.info
  • 2netcrpytedser.no-ip.info
  • netcrpytedser.no-ip.info

Example 3

File Information

Size
2.8M
SHA-1
36cf45c8a2959e68da65c62c9a395549cd78adaa
MD5
6af7fefd6aa5fb0e69588553d160bcca
CRC-32
89f34457
File type
Windows executable
First seen
2012-11-11

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\WinUp.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AppLaunch\svchost.exe
  • c:\Documents and Settings\test user\Application Data\FacbookUpdater.exe
  • c:\Documents and Settings\test user\Application Data\dclogs\2012-11-12-2.dc
  • c:\Documents and Settings\test user\Local Settings\Temp\ask.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\AppLaunch\csrss.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    FacbookUpdater
    c:\Documents and Settings\test user\Application Data\FacbookUpdater.exe
  • HKCU\Software\DC3_FEXEC
    12/11/2012 at 01:52:48
    {8683e91a-044e-11df-871e-806d6172696f-1612674719}
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\applaunch\csrss.exe
  • c:\Documents and Settings\test user\local settings\temp\applaunch\svchost.exe
  • c:\Documents and Settings\test user\local settings\temp\ask.exe
DNS Requests
  • dark66.zapto.org
  • darkc0m3t.redirectme.net

download Try Sophos products for free
Download now