Troj/Ransom-ABV

Category: Viruses and Spyware Protection available since:10 Sep 2013 00:50:53 (GMT)
Type: Trojan Last Updated:13 Sep 2013 20:07:06 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Ransom-ABV include:

Example 1

File Information

Size
344K
SHA-1
598869c6ffd1ad92b9ab81951b690ac068ae16d0
MD5
16f0e31ac53b98411dd6719ff995872f
CRC-32
fd852f81
File type
Windows executable
First seen
2013-09-06

Other vendor detection

Avira
TR/Fraud.Gen2

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\{C3C65463-F79D-EACC-81D7-D0EAC8A0FBF4}.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CryptoLocker
    "c:\Documents and Settings\test user\Application Data\{C3C65463-F79D-EACC-81D7-D0EAC8A0FBF4}.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\{c3c65463-f79d-eacc-81d7-d0eac8a0fbf4}.exe
IP Connections
  • 184.164.136.134:80
DNS Requests
  • ackaoflbhbehil.co.uk
  • bvxpvsqcvoirsm.co.uk
  • cjsppxdeiucxju.info
  • cuvswjvieftjlh.com
  • diqsqoikqlnplc.net
  • dqlsmrsxygsqja.ru
  • fmjuqixkfmdnsl.co.uk
  • gyngnpehtupmku.biz
  • havfphscxhherm.org
  • hggbakpkokkoqe.info
  • hxljogjnclbeto.org
  • inqfjpohttqsrt.co.uk
  • iuwkhtgpbyfiaq.info
  • jcedebuwuqulsi.net
  • jvthtxxoenrbbj.info
  • kjohngttaabprh.com
  • koiobibtjyhkrd.co.uk
  • kqumlesoarsvco.net
  • lngrcygarpsctv.com
  • lpqndaponlycnw.com
  • mdlnwiltjxiqnl.net
  • mehwkjgtaatvij.com
  • nlophqubtrjypm.biz
  • nrcwercyvmdkiq.net
  • oafyotssyshjks.biz
  • oncyfcfslrrbwj.ru
  • oyjpbyqgpesngr.ru
  • pbwyykbxhebpwx.org
  • pnayicoxufqxbq.ru
  • qjabjmrrkkfogt.co.uk
  • qsgeuamluxgwru.org
  • rwubdunwgwodwy.info
  • soegyqrxbeqtrt.info
  • swsufktahjmxlg.net
  • tvqxgbygpaxplq.ru
  • uibmisjxkcxuyg.com
  • vwrvpcadwqsoil.com
  • weyomjokqiirrx.biz
  • wgdhiatpgkqtwf.biz
  • wmndsdqmwnevsh.org
  • xfbkjqyvobclwb.org
  • xllgttvsfepnlq.info
  • xspxtmmcvjgcbw.biz
  • xtxhcfgrsqkang.ru
  • ymlpgfgwfdcptj.net
  • ysvkdvlxbhvrwo.co.uk

Example 2

File Information

Size
338K
SHA-1
65559245709fe98052eb284577f1fd61c01ad20d
MD5
04fb36199787f2e3e2135611a38321eb
CRC-32
412c0ff3
File type
Windows executable
First seen
2013-09-08

Runtime Analysis

Processes Created
  • c:\Documents and Settings\test user\application data\{c3c65463-f79d-eacc-81d7-d0eac8a0fbf4}.exe
IP Connections
  • 184.164.136.134:80
DNS Requests
  • advoaujvyftj.org
  • cailkqqoksad.net
  • cytmyfwedner.info
  • dygkgbeqqhlg.ru
  • esqwbngipnhp.com
  • goouaxtqtvrx.biz
  • gpdtljnbbbnj.org
  • gvsunfxgrxpw.biz
  • hjnxhkkilecm.ru
  • hobshtbdhpym.info
  • huqtjplixmba.org
  • iilwduxkrsnp.co.uk
  • klndoxusigdd.co.uk
  • lklckiiuouog.com
  • lyigidhucmps.info
  • mbbgrmpiinnt.ru
  • mxgfenuwibbv.net
  • owyeqwdqmvxc.co.uk
  • pcdtsvbveekw.biz
  • qbbsogoxksva.org
  • qqvosfmuyvba.info
  • qwlpubwopsyj.org
  • smtmrpaddeli.net
  • trxctoxiumxd.co.uk
  • umgxvttbgbmp.com
  • uqvbpylkbbjg.com
  • vabbpcpgwndj.net
  • wievuehjkjwx.biz
  • woaksfgmgepd.net
  • xvyyomdobvnr.ru
  • xwdfxnfjqkmi.biz
  • ykxirvbohwdc.ru

Example 3

File Information

Size
344K
SHA-1
a6eee7369eb008fe48789ad4e8d2d8dcba4f23d9
MD5
012d9088558072bc3103ab5da39ddd54
CRC-32
85b46a5c
File type
Windows executable
First seen
2013-09-06

Other vendor detection

Avira
TR/Fraud.Gen2

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\{C3C65463-F79D-EACC-81D7-D0EAC8A0FBF4}.exe
Registry Keys Created
  • HKCU\Software\CryptoLocker
    PublicKey
    □□□□□□□□□□□□ S□□1□□□□□□□□□□□□□P□□pU□□□□□□□0n□□□□□)□@□□ □□□N□□□□@□□□□□p□□□□□□>□□E□□□□□)□ h□□□□□2□ □□□$□0□□□□□@}□□□□0□□□□□p□□`□□@$□@□□□h□□-□□□□0X□□□□□2□p□□pc□□□□p>□□d□ □□□y□□ □0□□□□□□u□□□□□S□□□□ □□PA□□□□□t□□h□`□□0b□□□□□□□□□□□□□□□□ □□□|□`8□0□□0e□□□□□□□`□□□-□□□□□g□@□□□□□□i□□□□□□□□□□PM□□(□□[□@□□□□□□□□□□□□!□@□□0□□□□□05□□□□□ □□s□□-□□□□□l□□□□□□□□□□ □□□□□`□□pG□□□□p□□□1□□n□@□□□)□`□□□N□pz□□□□`□□ □□□□□□□□□□□`~□□%□□-□□=□P□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CryptoLocker
    "c:\Documents and Settings\test user\Application Data\{C3C65463-F79D-EACC-81D7-D0EAC8A0FBF4}.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\{c3c65463-f79d-eacc-81d7-d0eac8a0fbf4}.exe
IP Connections
  • 184.164.136.134:80
DNS Requests
  • ataddfnaxegtpa.org
  • axugjsdemnjuso.org
  • bxkefuaelntqpm.info
  • ckukykxflxmopu.com
  • cqrmldcueiiksb.com
  • doflbakjyhalig.biz
  • ehmthimarcofsg.ru
  • ercofsofplrcsf.biz
  • giwvbxykdfxwld.co.uk
  • iyidupgksnijpn.co.uk
  • jdsewfsogwvgpo.com
  • jmjcfuaqpxibgk.info
  • kafwlewspkotqd.ru
  • kpdkquqpghoebc.net
  • kqtdhkmudhvxpu.net
  • ldejbakvdrovrg.biz
  • lpacdmhhcpccqi.org
  • ltnlskdttqcbtc.ru
  • mfdqrncpoybusv.co.uk
  • mhokdpwaqbcstp.org
  • nuxvjvmebeodjr.info
  • nvbpdkjbumdhoj.co.uk
  • oalqfavfivqexi.com
  • okajawvxnpywje.info
  • ooqalupasubskc.info
  • pauorfgmaumfjc.com
  • pmvwyptgigjcol.net
  • qflhhaafgohnka.biz
  • qpbcfkckexkktp.net
  • qpxdggbumelxsx.net
  • qqgxbfgkvpwyqj.ru
  • rfsixoljyjygjm.biz
  • sgvjbpmprrqfmg.org
  • vqpnuksasccwgw.co.uk
  • ykthyksbbxthsu.ru