Troj/MSIL-KHD

Category: Viruses and Spyware Protection available since:05 Sep 2017 03:34:18 (GMT)
Type: Trojan Last Updated:05 Sep 2017 03:34:18 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MSIL-KHD exhibits the following characteristics:

File Information

Size
1000K
SHA-1
b6d4557a1a5a1782be4a1e5b4dd45cc52a69db16
MD5
9676f220bd68b3142162d0f7991846dd
CRC-32
08ad64e6
File type
Windows executable
First seen
2017-09-04

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\Products\WinDecode.exe
Dropped Files
  • C:\WINDOWS\system32\drivers\etc\hosts
    Size
    745
    SHA-1
    83af50ba48d4985fb1aaaa6fc58230411d51fd0f
    MD5
    297bad10fddeea6a2792c4bc06b511c9
    CRC-32
    bd586a28
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-13
Modified Files
  • %SYSTEM%\drivers\etc\hosts
    • Changed the file contents
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Tregain
    C:\DOCUME~1\support\LOCALS~1\Temp\Products\WinDecode.exe
HTTP Requests
  • http://checkip.dyndns.org/
DNS Requests
  • checkip.dyndns.org

download Try Sophos products for free
Download now