Troj/Ramnit-BZ

Category: Viruses and SpywareProtection available since:04 Jun 2014 20:27:45 (GMT)
Type: TrojanLast Updated:04 Jun 2014 20:27:45 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Ramnit-BZ exhibits the following characteristics:

File Information

Size
184K
SHA-1
68e9789ad5d2848df8b6a0ac4236785e57cefa1b
MD5
b77960f8446ec11dbbdfafd8b28bdd46
CRC-32
4b850512
File type
Windows executable
First seen
2013-08-09

Other vendor detection

Avira
TR/Ramnit.A.24

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\jrklhfhx.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\qxrbfays.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\tvbjuwht.log
    Size
    28
    SHA-1
    f62a10f9c0bfadbc48d71c2499855718806c5989
    MD5
    71b1996c59723df9cdbea96d4c643aab
    CRC-32
    c24df74a
    File type
    application/octet-stream
    First seen
    2014-06-04
  • C:\Documents and Settings\All Users\Application Data\hwjhsolu.log
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    QxrBfays
    C:\DOCUME~1\support\LOCALS~1\Temp\qxrbfays.exe
  • HKLM\SOFTWARE\Microsoft\Security Center
    UacDisableNotify
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallOverride
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,,c:\Documents and Settings\test user\Local Settings\Application Data\rpetpsre\avvgavbr.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\jrklhfhx.exe
  • c:\docume~1\support\locals~1\temp\qxrbfays.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • acuhjbadvnmhthwnlxv.com
  • advvpbrtyw.com
  • aflgqgddfi.com
  • anrylixwcbnjopdd.com
  • anxsmqyfy.com
  • apbhwiohxqbvoxlumdh.com
  • apkdwbwdpickk.com
  • aprocqhqmmkl.com
  • asdldoqoolcgm.com
  • aufdloglxlqoxxlepp.com
  • avxvatwmxwbyiepwmwo.com
  • ayketyjlsaeu.com
  • bltolwbwychlyt.com
  • bmaucdrfpmnh.com
  • bmjjksysowdwmoy.com
  • bmjvrxrqpkiwdrdv.com
  • bpiwebgqddyvgcnjgh.com
  • briujbxmkjeusvslrln.com
  • bseboouatanfddgbrdv.com
  • bvqdvfihwnaja.com
  • care-dfr-biber.com
  • cbxyvrxewvlnxhkadfg.com
  • ccylbclg.com
  • cgwootylkoyxe.com
  • cjagpjgd.com
  • ckgvnbwdywbxvlnk.com
  • ckyioylutybvcxv.com
  • clkcdjjmyylwib.com
  • cqvylephudwsuqjhge.com
  • croxxnrtvrqt.com
  • cuhbjlgw.com
  • cyanlvwkuatvmw.com
  • dbygksqtu.com
  • dfalxqubjhl.com
  • dfvxuvljbykia.com
  • dhfejwhoj.com
  • dledwgrxiiqspx.com
  • dnqjposxrclhqplwli.com
  • duhjqituiokycypi.com
  • dwbdecmppklvbevtjq.com
  • dwksmbrq.com
  • dxktegertgbgeeoi.com
  • dxxteubknwecsdutlp.com
  • ealxbraobohxb.com
  • ebrfoyrs.com
  • ecsgmpariu.com
  • ectdsitvvoydawmfni.com
  • edvxemrsvvycwt.com
  • egopuefrdsefc.com
  • eipvatwwexl.com
  • ejfrcfwdbsaahtdt.com
  • emlxeyirx.com
  • emxwjwdcb.com
  • ersbvvdxamjotwpm.com
  • etjdsnjpvb.com
  • euvyalbkwahxxjn.com
  • evrlsscrxvmd.com
  • exmfhgyv.com
  • eyvvpstmcwwvsyjtif.com
  • facmttijcdq.com
  • fgcdhqgcdomle.com
  • fijdmkqvralmgorinlc.com
  • fkcfkcygpldjcr.com
  • fmdjnmskmjhjq.com
  • fmjboahxkasxdl.com
  • fmqegimr.com
  • fsxgwfwychumrgrmhwo.com
  • fuogcmhewqer.com
  • fvkcrcflhy.com
  • fxngienbgebck.com
  • fycecyuksgjfxy.com
  • gaqqerty.com
  • gbcpynphvropsyu.com
  • gdekatkjjihi.com
  • gmsxrgagrfgivh.com
  • google.com
  • gqnoupteuivrwte.com
  • grbfrnxxej.com
  • gtiswnukb.com
  • guifymdmxj.com
  • gunqwxgyrl.com
  • gwmjxjueqme.com
  • gwnppapgwhntidegx.com
  • hajqfvvqjkkaejwi.com
  • hgyudheedieibxy.com
  • hjahmduyebf.com
  • hjvlshecwshpfxwfl.com
  • hllcololi.com
  • hllnakmxmgoyh.com
  • hlrsxjdakvl.com
  • hoeqosqeicddv.com
  • hqskceeltysbbnc.com
  • hufqifjq.com
  • hvklxvhkmfsdgd.com
  • hvyfjjqdlwhnlrpaa.com
  • hwruujnk.com
  • ibvtknxochoyjidm.com
  • icqxkusbfdwhy.com
  • ifbomanec.com
  • ijfwbyvcirepgd.com
  • ikkjjgbqgts.com
  • ilpvrpxwfauqaxyq.com
  • imvfakaudq.com
  • iqhafgpvsrj.com
  • itktxexjghvvxa.com
  • ixwnsfmyg.com
  • iylelocfjsj.com
  • jetuergatod.com
  • jherkljjcsloepd.com
  • jhfykbugtthmdkgga.com
  • jhghrlufoh.com
  • jhrqfnrlpyvo.com
  • jjdvasey.com
  • jkgvbneenmrbklortr.com
  • jkyyolccxfy.com
  • jmesrbwtcjev.com
  • jmmurxyktxvegsxid.com
  • jnjjlojgnvxesr.com
  • jvmckcospyqedcsjny.com
  • jycxmcdof.com
  • jymqfxgwfhyns.com
  • kavkwpjdndsk.com
  • kcilhmepervm.com
  • kdjsnsre.com
  • kdkdpwql.com
  • khllpmpmare.com
  • kjpsjoxqsutgewlrah.com
  • knpqxlxcwtlvgrdyhd.com
  • kuwkdqstblavept.com
  • kvcovjrpsb.com
  • kvfkfxakmqoof.com
  • kynknfyngikfno.com
  • kyskhoopsmkbmenau.com
  • labxpyvjtwuiijwghie.com
  • lcqavndroo.com
  • lehmgspxp.com
  • liedjckipkehqxwtdl.com
  • llgnygbqhv.com
  • llurxdkpkbvjx.com
  • lorwmtrf.com
  • lpivbutq.com
  • lpvdauemfexnvoyh.com
  • lsvnoumbqcsjl.com
  • ltrpfybf.com
  • luvrqdhavhxcbtc.com
  • lvqdhrqhfxlsglkf.com
  • lvrjjmbdtfapwev.com
  • lwnggpwijlvyagmu.com
  • lybfxrtkcdkbbqr.com
  • lyftposyknpigp.com
  • lyvxrtpkchmddb.com
  • lyxbotuappfreadkfk.com
  • mbpnjenhxgcimx.com
  • mchpmdywgs.com
  • mfnaqngqorgbxbnsc.com
  • mhuvivlyndmsx.com
  • mioqhqvmduqicvoey.com
  • mkdnthyiqlq.com
  • mktxegrucbkv.com
  • mlgdwljfmnkt.com
  • mqojcxmnnxy.com
  • muabyljiutasgqjedl.com
  • mxgainbmtvariv.com
  • myhyfpuoh.com
  • myqenkelfk.com
  • nbkqygsfvri.com
  • nfbodxdevgpjba.com
  • nfqhufvxyssyda.com
  • nglqogrh.com
  • nhcdrnwpsasnaar.com
  • nqgsmrbkwvnifdyost.com
  • nqnyteqxqgqohvco.com
  • ntikqcjtehpvih.com
  • nvgmdyabspq.com
  • nvlyffua.com
  • nwuqfobauuwsyuppii.com
  • nxhdmugxeiht.com
  • nxlakdliamyuejsss.com
  • nxxuwtws.com
  • ocvqccdhenkjs.com
  • odcenmfimwibhrfvxxy.com
  • oexdjxjdoiplmxfybbm.com
  • ogfavxwxus.com
  • ogmwrgryk.com
  • okfatclblpl.com
  • ooadnxbvbhxnnm.com
  • ootuuujaep.com
  • optiidevdabtlewjd.com
  • otdvlbjeucwyqkfbn.com
  • ovhlfqcpfxoyjgjb.com
  • ovtindng.com
  • ovypjimjcnvwwooiamj.com
  • owerubvhcinavarinm.com
  • oyuqibrjowbfmvj.com
  • oyxmxbsppuucbtiwm.com
  • pacffcnx.com
  • pbdlsfkjrxclqjo.com
  • pgnpuktvbnmrybjsv.com
  • pgtujjyovgffyfrn.com
  • pnfnkahiocdseewyen.com
  • ppvrnfkbarbnlm.com
  • ppyblaohb.com
  • ptvaolhg.com
  • pxjjwmhlmptbsvhuq.com
  • qdboaveuhwabhwik.com
  • qglhlsyskvufb.com
  • qhnhlgmfepeuelxtpkv.com
  • qiisbgyqkrokokwrbq.com
  • qnyyirhtuautt.com
  • qpfrvbstn.com
  • qtyvbditfgmkxqjrik.com
  • qvberjspofqsxdnr.com
  • qwmqyrcvkseynvrgdnv.com
  • qxqkdvwayhengjqm.com
  • qyuylvjwh.com
  • repliinjqssbrnf.com
  • rgrtvwsmalhmx.com
  • riaaiysk.com
  • rijfxtotkuysyfh.com
  • rjbejalpcsghdm.com
  • rmdmqetbpbpgpufhql.com
  • rmjkunxkbcrsltbc.com
  • rrewytfucjjylju.com
  • rwcdljyemxplouufjvd.com
  • sblbtuqtiavvtrkrn.com
  • sbpvpkuwoxevjiy.com
  • scfxvdlmfbgf.com
  • sdjvmbngpgwnpdj.com
  • shnlojyteeocltymxe.com
  • slvmktdpxdd.com
  • smisifkrfkyccnlk.com
  • snpryjitnos.com
  • srjkrxvxmkuql.com
  • srvmkdeaerccaffs.com
  • ssclrhiimfeodm.com
  • sthspflawbhacxp.com
  • tbajypaiecloxihf.com
  • tjslktadkjklb.com
  • tnqtdfodepctna.com
  • todyennhm.com
  • tqjhvylf.com
  • twwrktawwgpito.com
  • typmyloijdcxtdxd.com
  • ucfenxbryboqwbmlxke.com
  • udiivoyrbugyfruq.com
  • uehhvrdnuc.com
  • ugkrxtjrlfbxmakmt.com
  • uoidxmhugvidc.com
  • upnsdndflqokigybdr.com
  • uuofllccd.com
  • uvenqtbfbeyvebqeb.com
  • uvkejdrigublblsst.com
  • vbvqbnwyurqem.com
  • vcssgidqhxkar.com
  • vdbtvdpujtfhwa.com
  • vefqierywsov.com
  • veymnlvyoknk.com
  • vffamysgsfsodw.com
  • vfrpojablskkqrx.com
  • vilapacdnnodhsehneh.com
  • vlglwuyqoxjn.com
  • vpwxxqwcnvdrxpc.com
  • vrndmdrdrjoff.com
  • vrvfonqdkfjo.com
  • vwlcnujosuovul.com
  • wacwpxqx.com
  • wehtwbqu.com
  • wgvmlfyygec.com
  • wjpsxawqxomokepfbw.com
  • wknfjeopkdj.com
  • wldlrwlygck.com
  • wnftxxhnwiugtvwyo.com
  • wvmmvpbkjrds.com
  • wxkeojjdshd.com
  • wxxnufbeacmrtdam.com
  • xbjersli.com
  • xcpvexsyqjsf.com
  • xdtfqohfbskcgxameg.com
  • xdyowsheht.com
  • xirrjlpllrcosfqsf.com
  • xktepjxakoyq.com
  • xlqaburwns.com
  • xmlonthptunynnxf.com
  • xnttexmtc.com
  • xoqxabqb.com
  • xrtgqevawtlmulghjj.com
  • xsmympdmnacrqxkdb.com
  • xtbwxayxxvqpspo.com
  • xuajockq.com
  • ybgpdikdudmdfr.com
  • ycafyovxdnlsa.com
  • ycmusvulvknohnbwhvp.com
  • yctgocejemh.com
  • yctkhjksne.com
  • ycvmwjae.com
  • ydgsadpgvne.com
  • yembvgbgmdipfwjmd.com
  • yovkoaxsana.com
  • yoxbjnpkmkjirj.com
  • yxiibnav.com
  • yxkhvhehtjfoqrnedi.com
  • yytbonkxjwy.com