Troj/Ransom-DJ

Category: Viruses and Spyware Protection available since:22 Feb 2012 16:41:56 (GMT)
Type: Trojan Last Updated:22 Feb 2012 16:41:56 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Ransom-DJ exhibits the following characteristics:

File Information

Size
246K
SHA-1
2bd0e02b7e8747e90d1a85bb2b03b7f66a684e9a
MD5
3f17d0e77854a7869d8680d0428a4c18
CRC-32
b6c6a1cf
File type
application/x-ms-dos-executable
First seen
2012-02-22

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\gema\gema.exe
  • C:\WINDOWS\system32\gema.exe
  • c:\Documents and Settings\test user\Application Data\gema\gema.exe
Modified Files
  • %WINDOWS%\win.ini
    • Changed the file contents
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    gema
    C:\WINDOWS\system32\gema.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    gema
    c:\Documents and Settings\test user\Application Data\gema\gema.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    c:\Documents and Settings\test user\Application Data\gema\gema.exe,Explorer.exe,
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\Documents and Settings\All Users\Application Data\gema\gema.exe,C:\WINDOWS\system32\gema.exe,C:\WINDOWS\system32\userinit.exe,
DNS Requests
  • gema-lock11.in