Troj/PDFJs-RE

Category: Viruses and SpywareProtection available since:01 Apr 2011 11:32:10 (GMT)
Type: TrojanLast Updated:07 Apr 2011 12:22:01 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/PDFJs-RE include:

Example 1

File Information

Size
73K
SHA-1
0ecbdda3faaae2ffd00312036232703fee6bf63f
MD5
01b61a7a82e8a6db894840f68bee8f0d
CRC-32
02ee9955
File type
application/pdf
First seen
2011-04-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrA990.tmp
    Size
    358
    SHA-1
    e3cca8f39b205b327abbd62cbdd5d3a7d885bae2
    MD5
    2f41e0bf5df118d5e8f133f061217e2c
    CRC-32
    63719f1e
    File type
    application/pdf
    First seen
    2011-04-04
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
HTTP Requests
  • http://zkp2.cz.cc/y/l.php
DNS Requests
  • zkp2.cz.cc

Example 2

File Information

Size
73K
SHA-1
220ab788e4320545dc6e3e82d731874d06d8c88c
MD5
a2a1168a66570ea25d194574eb31104c
CRC-32
c8032677
File type
application/pdf
First seen
2011-04-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrF06D.tmp
    Size
    358
    SHA-1
    7fd63653e93592c661426e073d6875006bc4afba
    MD5
    76538aa460f9440e6e0ef7e03b0ee68a
    CRC-32
    370848ee
    File type
    application/pdf
    First seen
    2011-04-01
  • c:\Documents and Settings\test user\Application Data\Yqiw\igumg.wuz
    Size
    1.7K
    SHA-1
    df99ce109a11c63309ddb0cbd219ec77a6659c3c
    MD5
    533eb2711b6c34f6dbd0b4902e806b6e
    CRC-32
    1b99c60e
    File type
    application/octet-stream
    First seen
    2011-04-01
  • c:\Documents and Settings\test user\Application Data\Microsoft\Address Book\support.wab
    Size
    173K
    SHA-1
    634fc303fcdea758a75fb8b4eb2b8f6ef823e68f
    MD5
    b2918c2faf5fd69f905dc90c779bc7ba
    CRC-32
    7130ce53
    File type
    application/octet-stream
    First seen
    2011-04-01
  • c:\Documents and Settings\test user\Application Data\Hivo\myev.exe
    Size
    179K
    SHA-1
    3926e10753ecb0df00d89ea91f1d47690dc4d56e
    MD5
    0aed07d945a277d8e536daf2dab370c3
    CRC-32
    07ef8c3d
    File type
    application/x-ms-dos-executable
    First seen
    2011-04-01
Registry Keys Created
  • HKCU\Software\Microsoft\WAB\WAB4
    OlkContactRefresh
    0x00000000
  • HKCU\Software\Microsoft\Internet Account Manager
    Default LDAP Account
    Active Directory GC
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {5DBAD8CF-32D6-B43B-5C4F-AB0CE0B626F9}
    "c:\Documents and Settings\test user\Application Data\Hivo\myev.exe"
  • HKCU\Software\Microsoft\Internet Account Manager\Accounts\WhoWhere
    LDAP Timeout
    0x0000003c
  • HKCU\Software\Microsoft\Internet Account Manager\Accounts\Active Directory GC
    LDAP Search Base
    NULL
  • HKCU\Software\Microsoft\Idvi
    Usewsou
    c2 b9 f9 b4 16 f9 7c 93 58 76 c7 53 8d fc c0 57 87 55 13 ee a6 11 7e 42 9a dd b8 ed ca 33 8f 5e 5c e8 99 4a e7 2f 32 6d dc e4 6e bb 71 f3 c7 c1 b0 77 39 29 69 ce c9 69 e7 53 5e 2a 76 c5 a7 cc 61 84 0d 4b 3e 09 c9 84 c1 52 7e b4 54 fd e6 9a 0c 8e 6a df fb 89 d3 5f 1e e4 d3 47 99 43 fd 39 7b ff a3 3d 91 2f d6 fb 5d ac 8b 33 ab c1 2a 10 ef 96 74 5b
  • HKCU\Software\Microsoft\Internet Account Manager\Accounts
    PreConfigVerNTDS
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\documents and settings\support\local settings\temporary internet files\content.ie5\l4kr7nrv\update[1].exe
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://1ctg.cz.cc/y/l.php
  • http://lldhjgjvxmvwrok.net/news/
  • http://www.google.com/webhp
  • http://xivqedvpkssuujg.biz/news/
  • http://xnpnntknkfsnizo.biz/news/
  • http://xnpnntknkfsnizo.org/news/
DNS Requests
  • 1ctg.cz.cc
  • lldhjgjvxmvwrok.net
  • www.google.com
  • xivqedvpkssuujg.biz
  • xnpnntknkfsnizo.biz
  • xnpnntknkfsnizo.org

Example 3

File Information

Size
73K
SHA-1
26deaf4a241395b893ab6129ba047feb18be3b62
MD5
2310df12fe03ac609c5698cdafef85fb
CRC-32
179c75e7
File type
application/pdf
First seen
2011-04-04

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\AcrA971.tmp
    Size
    358
    SHA-1
    5c888bdf8731733ba12eef09da0ab05089d5342d
    MD5
    ad3a8b53f65d3c1db5d24b81f3639058
    CRC-32
    c3c14e9d
    File type
    application/pdf
    First seen
    2011-04-04
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe