Troj/MSIL-ITE

Category: Viruses and SpywareProtection available since:30 Nov 2016 22:37:44 (GMT)
Type: TrojanLast Updated:30 Nov 2016 22:37:44 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/MSIL-ITE include:

Example 1

File Information

Size
1.7M
SHA-1
994ab68cdbbabf225e885b6042de7aa80c1a0461
MD5
bb3ae4d451b38b13db354c3f365b6e6a
CRC-32
4f356456
File type
Windows executable
First seen
2016-11-06

Example 2

File Information

Size
1.8M
SHA-1
bc1d6e1fa11ed00e57a2af01bdf9db92f1a65f10
MD5
17ae2ee8edc2f619773501f4d40e8177
CRC-32
57569899
File type
Windows executable
First seen
2016-11-06

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\system.exe
    Size
    304K
    SHA-1
    5bd07d75e261c4246e288ee37173d3fabdba4073
    MD5
    55e3a8b550a5b32aec90e7faaaa43dd2
    CRC-32
    5c226108
    File type
    Windows executable
    First seen
    2016-11-10
  • c:\Documents and Settings\test user\Local Settings\Temp\A bit Smarter - Public Version.exe
    Size
    888K
    SHA-1
    cee47b3128af482766cc7d4cb7d9a75c40d8e3e2
    MD5
    57810b75bc1ad30efad7f69b2ede515a
    CRC-32
    1474c6ea
    File type
    Windows executable
    First seen
    2016-11-01
  • c:\Documents and Settings\test user\Local Settings\Temp\ANIS.exe
    Size
    318K
    SHA-1
    c5ae09b5f814f4d48b54aad0014c78d026fb6d42
    MD5
    b5ac53a5bd27669ce58035cd066d8b9d
    CRC-32
    5c17deb4
    File type
    Windows executable
    First seen
    2016-11-10
  • c:\Documents and Settings\test user\Local Settings\Temp\KOCEILA.exe
    Size
    304K
    SHA-1
    5bd07d75e261c4246e288ee37173d3fabdba4073
    MD5
    55e3a8b550a5b32aec90e7faaaa43dd2
    CRC-32
    5c226108
    File type
    Windows executable
    First seen
    2016-11-10
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\73e060e3f0d79bb58d254f460a212fdb.exe
    Size
    304K
    SHA-1
    5bd07d75e261c4246e288ee37173d3fabdba4073
    MD5
    55e3a8b550a5b32aec90e7faaaa43dd2
    CRC-32
    5c226108
    File type
    Windows executable
    First seen
    2016-11-10
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    73e060e3f0d79bb58d254f460a212fdb
    "c:\Documents and Settings\test user\Application Data\system.exe" ..
  • HKCU
    di
    !
  • HKCU\Environment
    SEE_MASK_NOZONECHECKS
    1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    73e060e3f0d79bb58d254f460a212fdb
    "c:\Documents and Settings\test user\Application Data\system.exe" ..
Processes Created
  • c:\Documents and Settings\test user\application data\system.exe
  • c:\Documents and Settings\test user\local settings\temp\anis.exe
  • c:\Documents and Settings\test user\local settings\temp\koceila.exe
DNS Requests
  • tortor.ddns.net

Example 3

File Information

Size
3.3M
SHA-1
0dce956989e41469330ea898dc18034c8775d81c
MD5
68e0248fe3758a74042e4d050c56ebfc
CRC-32
6a211dc9
File type
Windows executable
First seen
2016-08-12