Troj/MSIL-KOR

Category: Viruses and Spyware Protection available since:14 Nov 2017 03:57:12 (GMT)
Type: Trojan Last Updated:14 Nov 2017 03:57:12 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MSIL-KOR exhibits the following characteristics:

File Information

Size
494K
SHA-1
340c66825a26beacda12732401c3ae29a6eb418e
MD5
42a816af4f2e2f3536a9a6e56b40f814
CRC-32
be0247af
File type
Windows executable
First seen
2017-11-13

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\AppData\Local\Temp\melt.txt
Dropped Files
  • c:\Documents and Settings\test user\Application Data\26C19984-2A01-45B5-A7B3-A568AF60C200\run.dat
    Size
    8
    SHA-1
    3ecc41b39f4e1b8599e321a16a3034dd41e83537
    MD5
    b61e537078178bafb5f1a4ce14d661a2
    CRC-32
    18078697
    File type
    Windows Codepage 1252
    First seen
    2017-11-13
  • c:\Documents and Settings\test user\AppData\Local\Temp\FolderN\name.exe.bat
    Size
    223
    SHA-1
    bd26716e25dfaae2f3d864d7d6e89b2b59f80886
    MD5
    d6ac3fc12ef2f19c81f863c68a6f581e
    CRC-32
    a12cf918
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-08-09
  • c:\Documents and Settings\test user\Local Settings\Temp\svhost.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Load
    C:\DOCUME~1\support\LOCALS~1\Temp\FolderN\name.exe.lnk
Processes Created
  • c:\docume~1\support\locals~1\temp\svhost.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\find.exe
  • c:\windows\system32\reg.exe
  • c:\windows\system32\tasklist.exe
IP Connections
  • 8.8.8.8:53
DNS Requests
  • darkrig.ddns.net

download Try Sophos products for free
Download now