Troj/VB-IFI

Category: Viruses and SpywareProtection available since:10 Mar 2015 04:54:36 (GMT)
Type: TrojanLast Updated:10 Mar 2015 04:54:36 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/VB-IFI include:

Example 1

File Information

Size
845K
SHA-1
75b1026e9e2b001c3729673e4c9682e11ca3019a
MD5
82ba3f5ea79707e487a498f7c909dd44
CRC-32
b266faa0
File type
Windows executable
First seen
2015-03-09

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\images (2).jpg
    Size
    8.3K
    SHA-1
    762b5c3a77c2f38afc4662cc01667536ef9edbb3
    MD5
    cd524d4ebe9b75083a0a888faffd7b17
    CRC-32
    27e35375
    File type
    JPEG Interchange Format
    First seen
    2015-03-10
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Mentmentsecure
    c:\Documents and Settings\test user\Start Menu\Programs\Startup\Mentmentsecure.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\taskkill.exe

Example 2

File Information

Size
837K
SHA-1
63ae2d7744aed414c398c6651e4f87f8e67ec94a
MD5
bfff9fcff29acc0102a47eef692afa9f
CRC-32
8478c190
File type
Windows executable
First seen
2015-03-09

Other vendor detection

Avira
TR/Ransom.jfoez

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\2.txt
    Size
    7
    SHA-1
    8d8ed8cdb4e665a2f5c0ede65260e63046b4a13f
    MD5
    e2be303820e3fd515b34fe8a733b8c39
    CRC-32
    fe38aa22
    File type
    A small file (too small to be malicious)
    First seen
    2015-02-22
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Mentmentsecure
    c:\Documents and Settings\test user\Start Menu\Programs\Startup\Mentmentsecure.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\notepad.exe
  • c:\windows\system32\taskkill.exe