Troj/VBInj-QV

Category: Viruses and Spyware Protection available since:17 Jul 2017 21:32:25 (GMT)
Type: Trojan Last Updated:17 Jul 2017 21:32:25 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/VBInj-QV exhibits the following characteristics:

File Information

Size
5.0M
SHA-1
33fa621291a7bad799a595caa8f5a8fd5778eede
MD5
0875a1d3ec29856f147aaa92b9a949ad
CRC-32
b920d253
File type
application/x-ms-dos-executable
First seen
2017-07-17

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\itunes.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\tor\state
    Size
    227
    SHA-1
    96fb6ac4a32e288858c26fcc99a73d66f704eb52
    MD5
    ee33eee063a45e9c57dc4e28a5b854a7
    CRC-32
    9b333072
    File type
    application/octet-stream
    First seen
    2017-07-17
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\itunes.vbs
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    itunes
    "c:\Documents and Settings\test user\Application Data\itunes.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *itunes
    "c:\Documents and Settings\test user\Application Data\itunes.exe"
  • HKLM\SOFTWARE\Microsoft\ESENT\Process\InstallUtil\DEBUG
    Trace Level
Processes Created
  • c:\windows\explorer.exe
  • c:\windows\microsoft.net\framework\v4.0.30319\installutil.exe
  • c:\windows\microsoft.net\framework\v4.0.30319\regasm.exe
HTTP Requests
  • http://-\x16\x03\x01
  • http://ip.anysrc.net/plain/clientip
  • http://myexternalip.com/raw
  • http://www.whatsmyip.website/api/api-info
IP Connections
  • 154.35.32.5:443
  • 208.83.223.34:80
  • 212.112.245.170:443
  • 76.73.17.194:9090
  • 86.59.21.38:443
DNS Requests
  • api.ipify.org
  • ip.anysrc.net
  • myexternalip.com
  • www.whatsmyip.website

download Try Sophos products for free
Download now