Troj/Ransom-FMU

    Category: Viruses and SpywareProtection available since:30 Jun 2019 17:46:22 (GMT)
    Type: TrojanLast Updated:30 Jun 2019 17:46:22 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Troj/Ransom-FMU exhibits the following characteristics:

    File Information

    Size
    4.5M
    SHA-1
    057ce5d68142f9c744a20c01c8fa69b85af318f6
    MD5
    6917c566fbe300441bd9ab2d435e52cf
    CRC-32
    f73d789e
    File type
    Windows executable
    First seen
    2017-04-14

    Runtime Analysis

    Modified Files
    • %SYSTEM%\wbem\Repository\$WinMgmt.CFG
    • %PROFILE%\Cookies\index.dat
    • %SYSTEM%\wbem\Repository\FS\MAPPING1.MAP
    • %SYSTEM%\wbem\Repository\FS\OBJECTS.MAP
    • %PROFILE%\NTUSER.DAT.LOG
    • %SYSTEM%\wbem\Repository\FS\INDEX.BTR
    • %SYSTEM%\wbem\Repository\FS\INDEX.MAP
    • %SYSTEM%\wbem\Repository\FS\OBJECTS.DATA
    • %SYSTEM%\wbem\Logs\wbemcore.log
      • Changed the file contents
    • %SYSTEM%\config\system.LOG
    • C:\Documents and Settings\LocalService\ntuser.dat.LOG
    • %INTERNET_CACHE%
      • Set the hidden and system flags
    • %SYSTEM%\config\software.LOG
      • Changed the file contents
    • %SYSTEM%\wbem\Repository\FS\MAPPING.VER
    • %SYSTEM%\wbem\Logs\wbemess.log
      • Changed the file contents
    • %SYSTEM%\config\SAM.LOG
    • C:\KMDhips.txt
      • Changed the file contents
    • %SYSTEM%\wbem\Repository\FS\MAPPING2.MAP
    • %PROFILE%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    • %HISTORY%
      • Set the hidden and system flags
    Registry Keys Created
    • HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVSERVICE\0000\Control
      ActiveService
      SAVService
    Registry Keys Modified
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5B3B929D6C65CC643B3A1A7A48BC8B4E\Usage
      SAVService
      0x4c2609c1
    • HKCU\Software\Microsoft\Windows\ShellNoRoam\BagMRU
      MRUListEx
      01 00 00 00 00 00 00 00 02 00 00 00 03 00 00 00 06 00 00 00 05 00 00 00 04 00 00 00 ff ff ff ff
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore
      Time
      e2 07 01 00 06 00 06 00 09 00 28 00 3b 00 0b 03
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore
      Time
      e2 07 01 00 06 00 06 00 09 00 28 00 3b 00 0b 03
    • HKCU\Software\Microsoft\Internet Explorer\Main
      Window_Placement
      2c 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 42 00 00 00 42 00 00 00 7c 03 00 00 52 02 00 00
    • HKLM\SYSTEM\CurrentControlSet\Control\ServiceCurrent
      (Default)
      0x0000000e
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\iexplore
      Time
      e2 07 01 00 06 00 06 00 09 00 28 00 3a 00 17 01
    • HKLM\SOFTWARE\Sophos\SAVService\Status
      UpToDateState
      0x00000002
    • HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
      ActiveTimeBias
      0x00000000
    • HKLM\SOFTWARE\Sophos\SAVService\Status\Infected
      SuspiciousBehaviorDetected
      0x00000001
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
      Time
      e2 07 01 00 06 00 06 00 09 00 28 00 39 00 a8 03
    • HKLM\SOFTWARE\Sophos\SAVService\Status\LastScan
      NormalScan
      0x5a509a2c
    • HKCU\SessionInformation
      ProgramCount
      0x0000000a
    • HKLM\SOFTWARE\Microsoft\Cryptography\RNG
      Seed
      1b d9 c5 59 1c ce bd e9 9b 72 b2 25 a3 68 49 90 ba 94 7e 9e 8c cd 07 26 dc 00 03 be 0c 6c 05 83 09 86 e6 26 d0 8c 4d b1 c7 6b f8 07 36 cc 03 ff 57 af 6c 5f 15 bc df 56 32 7b 6c f9 b0 98 22 5e 28 8e f5 c2 f9 09 cf 29 ad e0 a2 e3 4e fd bf af

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection