Troj/VB-FPL exhibits the following characteristics:
File Information
- Size
- 812K
- SHA-1
- 6bc3c6caadf790731094740d01a9ff971a24a5af
- MD5
- 32cd46571103505d4e8d3792c9940d0f
- CRC-32
- 6c6c35e1
- File type
- application/x-ms-dos-executable
- First seen
- 2011-10-04
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\newegg.exe
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Google Update
- c:\Documents and Settings\test user\Application Data\newegg.exe
- HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
- 3PLFMGD6HV
- October 10, 2011
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions
- 0x00000000
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- c:\Documents and Settings\test user\Application Data\newegg.exe
- c:\Documents and Settings\test user\Application Data\newegg.exe:*:Enabled:Windows Messanger
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
- Google Update
- c:\Documents and Settings\test user\Application Data\newegg.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Google Update
- c:\Documents and Settings\test user\Application Data\newegg.exe
Processes Created
- c:\windows\system32\cmd.exe
- c:\windows\system32\reg.exe
DNS Requests
- 1symantechantivirus.zapto.org
- symantechantivirus.zapto.org