Troj/Nanocor-SH

Category: Viruses and Spyware Protection available since:05 Sep 2017 03:34:18 (GMT)
Type: Trojan Last Updated:05 Sep 2017 03:34:18 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Nanocor-SH exhibits the following characteristics:

File Information

Size
408K
SHA-1
0844cca4294414df1aa918e82a099d9066f00ca6
MD5
57508f5a395d2f927e410247717582f4
CRC-32
9eacf153
File type
Windows executable
First seen
2017-08-28

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\26C19984-2A01-45B5-A7B3-A568AF60C200\run.dat
    Size
    8
    SHA-1
    f85c2f0844fddfa0555073422e9fc321811a988a
    MD5
    58d83942fac0cea82259fbb92d260459
    CRC-32
    d14da3a9
    File type
    Windows Codepage 1252
    First seen
    2017-09-04
  • c:\Documents and Settings\test user\Local Settings\Temp\svhost.exe
  • c:\Documents and Settings\test user\AppData\Roaming\tmp.exe
    Size
    203K
    SHA-1
    90649edf84bd02d4b0b151fb2f23dada1213fd5d
    MD5
    417239a49db7959d439a0c54b395bb9f
    CRC-32
    18e73e7f
    File type
    Windows executable
    First seen
    2017-08-23
  • C:\Documents
    Size
    139
    SHA-1
    06579450000b48d1efc4570e228efb9e6c7dbfdc
    MD5
    83075accc2535143875187f99b239bce
    CRC-32
    b1895b88
    File type
    Configuration Data File (generic)
    First seen
    2017-07-31
  • C:\Program Files\UPNP Subsystem\upnpss.exe
  • c:\Documents and Settings\test user\AppData\Roaming\winlogon\winlogon.exe.bat
    Size
    213
    SHA-1
    122e984670a310e78e12454b5b55388baf3d09be
    MD5
    898e47ccb671421850e7f4295ffae76d
    CRC-32
    c44f7364
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2017-07-31
Registry Keys Created
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Load
    c:\Documents and Settings\test user\Application Data\winlogon\winlogon.exe.lnk
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    UPNP Subsystem
    C:\Program Files\UPNP Subsystem\upnpss.exe
Processes Created
  • c:\Documents and Settings\test user\appdata\roaming\tmp.exe
  • c:\docume~1\support\locals~1\temp\svhost.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
IP Connections
  • 8.8.8.8:53
DNS Requests
  • classiccream.hopto.org
  • lauracooper.hopto.org

download Try Sophos products for free
Download now