Troj/VB-GLX

Category: Viruses and SpywareProtection available since:18 Mar 2013 19:14:10 (GMT)
Type: TrojanLast Updated:18 Mar 2013 19:14:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/VB-GLX exhibits the following characteristics:

File Information

Size
696K
SHA-1
7262735308021b367baea75e2e73ebaac6026f34
MD5
0a27cd1f6f333258b9580bc77dc4b66f
CRC-32
fbd2ff5a
File type
Windows executable
First seen
2013-03-16

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\SunJava\SunJava.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF427A.tmp
Registry Keys Created
  • HKCU\Software\yahoo\pager
    Save Password
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013031620130317
    CacheRepair
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SunJava
    c:\Documents and Settings\test user\Application Data\Sunjava\SunJava.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\sunjava\sunjava.exe
  • c:\windows\explorer.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\makecab.exe
HTTP Requests
  • http://enamad.ir/Scripts/Scripts.js
  • http://enamad.ir/images/namad1.png
  • http://enamad.ir/trustseal/symbol.aspx
  • http://opi.yahoo.com/online
  • http://service.persianstat.com/Stats.aspx
  • http://service.persianstat.com/images/stat.gif
  • http://tehranloos.zzl.org/
  • http://www.fanoosit.com/
  • http://www.fanoosit.com/fanoos_com_files/06.jpg
  • http://www.fanoosit.com/fanoos_com_files/2.jpg
  • http://www.fanoosit.com/fanoos_com_files/354935c934f448b.jpg
  • http://www.fanoosit.com/fanoos_com_files/695d05f3d82f418.jpg
  • http://www.fanoosit.com/fanoos_com_files/7-1.jpg
  • http://www.fanoosit.com/fanoos_com_files/8.jpg
  • http://www.fanoosit.com/fanoos_com_files/BackFlash.jpg
  • http://www.fanoosit.com/fanoos_com_files/BackGround.jpg
  • http://www.fanoosit.com/fanoos_com_files/Backdown.jpg
  • http://www.fanoosit.com/fanoos_com_files/Fa.css
  • http://www.fanoosit.com/fanoos_com_files/G.jpg
  • http://www.fanoosit.com/fanoos_com_files/Noghteh.gif
  • http://www.fanoosit.com/fanoos_com_files/Orado-Logo-12.jpg
  • http://www.fanoosit.com/fanoos_com_files/Tehran_orado.jpg
  • http://www.fanoosit.com/fanoos_com_files/calc.js
  • http://www.fanoosit.com/fanoos_com_files/e0ebb8a1e42741a.jpg
  • http://www.fanoosit.com/fanoos_com_files/etminan.jpg
  • http://www.fanoosit.com/fanoos_com_files/f367325dcf6c415.jpg
  • http://www.fanoosit.com/fanoos_com_files/mahsoolat.jpg
  • http://www.fanoosit.com/fanoos_com_files/sefaresh.jpg
  • http://www.fanoosit.com/fanoos_com_files/tahvil-kala.jpg
  • http://www.fanoosit.com/imagesFa/index/BackGround.jpg
  • http://www.persianstat.com/service/stat.js
DNS Requests
  • enamad.ir
  • loostehran.3eeweb.com
  • opi.yahoo.com
  • service.persianstat.com
  • tehranloos.zzl.org
  • www.fanoosit.com
  • www.google.com
  • www.persianstat.com