Troj/Shiz-B

Category: Viruses and SpywareProtection available since:22 Jun 2011 08:42:52 (GMT)
Type: TrojanLast Updated:22 Jun 2011 08:42:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Shiz-B exhibits the following characteristics:

File Information

Size
253K
SHA-1
523e20f79ce6eeeff3d2e6d1ee66a06fd7bbd692
MD5
fe9ba3c1a0bf74e0175e7e2488816fcd
CRC-32
edbc4e63
File type
application/x-ms-dos-executable
First seen
2011-06-20

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
Dropped Files
  • C:\WINDOWS\AppPatch\dgtnmjl.dat
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    601f769f
    C:\WINDOWS\apppatch\dgtnmjl.dat
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    test_item.exe
Registry Keys Modified
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    c:\Documents and Settings\test user\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x374d8d30
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    c:\Documents and Settings\test user\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\apppatch\dgtnmjl.dat,
HTTP Requests
  • http://gacyryw.com/login.php
  • http://gacyzuz.com/login.php
  • http://gadyfuh.com/login.php
  • http://gadyniw.com/login.php
  • http://gahyhob.com/login.php
  • http://gahyqah.com/login.php
  • http://galykes.com/login.php
  • http://galyqaz.com/login.php
  • http://ganypih.com/login.php
  • http://gaqycos.com/login.php
  • http://gaqydeb.com/login.php
  • http://gatyfus.com/login.php
  • http://gatyvyz.com/login.php
  • http://lygygin.com/login.php
  • http://lygymoj.com/login.php
  • http://lykyjad.com/login.php
  • http://lymysan.com/login.php
  • http://lymyxid.com/login.php
  • http://lyryfyd.com/login.php
  • http://lyryvex.com/login.php
  • http://lysyfyj.com/login.php
  • http://lysynur.com/login.php
  • http://lyvytuj.com/login.php
  • http://lyvyxor.com/login.php
  • http://lyxylux.com/login.php
  • http://lyxywer.com/login.php
  • http://pufygug.com/login.php
  • http://pufymoq.com/login.php
  • http://pujyjav.com/login.php
  • http://pumypog.com/login.php
  • http://pumyxiv.com/login.php
  • http://pupybul.com/login.php
  • http://purycap.com/login.php
  • http://purydyv.com/login.php
  • http://puvytuq.com/login.php
  • http://puvyxil.com/login.php
  • http://puzylyp.com/login.php
  • http://puzywel.com/login.php
  • http://qebytiq.com/login.php
  • http://qedyfyq.com/login.php
  • http://qedynul.com/login.php
  • http://qegyhig.com/login.php
  • http://qegyqaq.com/login.php
  • http://qekykev.com/login.php
  • http://qekyqop.com/login.php
  • http://qeqysag.com/login.php
  • http://qeqyxov.com/login.php
  • http://qetyfuv.com/login.php
  • http://qetyvep.com/login.php
  • http://qexylup.com/login.php
  • http://qexyryl.com/login.php
  • http://vocyruk.com/login.php
  • http://vocyzit.com/login.php
  • http://vofygum.com/login.php
  • http://vofymik.com/login.php
  • http://vojyjof.com/login.php
  • http://vojyqem.com/login.php
  • http://volykyc.com/login.php
  • http://volyqat.com/login.php
  • http://vonypom.com/login.php
  • http://vonyzuf.com/login.php
  • http://vopybyt.com/login.php
  • http://vowycac.com/login.php
  • http://vowydef.com/login.php
DNS Requests
  • gacyryw.com
  • gacyzuz.com
  • gadyfuh.com
  • gadyniw.com
  • gahyhob.com
  • gahyqah.com
  • galykes.com
  • galyqaz.com
  • ganypih.com
  • gaqycos.com
  • gaqydeb.com
  • gatyfus.com
  • gatyvyz.com
  • lygygin.com
  • lygymoj.com
  • lykyjad.com
  • lymysan.com
  • lymyxid.com
  • lyryfyd.com
  • lyryvex.com
  • lysyfyj.com
  • lysynur.com
  • lyvytuj.com
  • lyvyxor.com
  • lyxylux.com
  • lyxywer.com
  • pufygug.com
  • pufymoq.com
  • pujyjav.com
  • pumypog.com
  • pumyxiv.com
  • pupybul.com
  • purycap.com
  • purydyv.com
  • puvytuq.com
  • puvyxil.com
  • puzylyp.com
  • puzywel.com
  • qebytiq.com
  • qedyfyq.com
  • qedynul.com
  • qegyhig.com
  • qegyqaq.com
  • qekykev.com
  • qekyqop.com
  • qeqysag.com
  • qeqyxov.com
  • qetyfuv.com
  • qetyvep.com
  • qexylup.com
  • qexyryl.com
  • vocyruk.com
  • vocyzit.com
  • vofygum.com
  • vofymik.com
  • vojyjof.com
  • vojyqem.com
  • volykyc.com
  • volyqat.com
  • vonypom.com
  • vonyzuf.com
  • vopybyt.com
  • vowycac.com
  • vowydef.com
  • www.bing.com