Troj/WebPrefi-B

Category: Viruses and SpywareProtection available since:01 Sep 2011 01:35:41 (GMT)
Type: TrojanLast Updated:01 Sep 2011 01:35:41 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/WebPrefi-B include:

Example 1

File Information

Size
125K
SHA-1
0010602b95a4f9507c039793cc7cef028b9181ca
MD5
b86e47bf03fbb15f1504d7820bf81cf8
CRC-32
7eff4581
File type
application/x-ms-dos-executable
First seen
2011-03-23

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\drprov32.exe
    Size
    16K
    SHA-1
    940e77e2b01709da1e20fcbfcb944d359443ae6a
    MD5
    3ca4c932ccb77472c29affa98a8a55b3
    CRC-32
    812898b7
    File type
    Windows executable
    First seen
    2011-01-29
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    0003d449
    C:\WINDOWS\system32\drprov32.exe
HTTP Requests
  • http://abc3f52644f72f194fe0ebf4ba2f2c19.vplay-to.com/go/vl/speedload.to/acb3ed5acf3901c540a25d2f6f87af92/4b548bf4-601f769f-47af2515-56b177fd-4c022957
DNS Requests
  • abc3f52644f72f194fe0ebf4ba2f2c19.vplay-to.com

Example 2

File Information

Size
125K
SHA-1
001b2c3653482b9e56e49a53b2f52e3ef2feecea
MD5
79bee71789af4cbe4f40352dc27d6ee2
CRC-32
518079ca
File type
application/x-ms-dos-executable
First seen
2011-04-04

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\imjp81kd.exe
    Size
    16K
    SHA-1
    940e77e2b01709da1e20fcbfcb944d359443ae6a
    MD5
    3ca4c932ccb77472c29affa98a8a55b3
    CRC-32
    812898b7
    File type
    Windows executable
    First seen
    2011-01-29
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011040420110405
    CacheRepair
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    0003f221
    C:\WINDOWS\system32\imjp81kd.exe
HTTP Requests
  • http://6494d07c4cabcd01f6a3f5f18a7a4397.vplay-to.com/go/vl/videoplay-to.com/
  • http://6494d07c4cabcd01f6a3f5f18a7a4397.vplay-to.com/go/vl/videoplay-to.com/349d028f30b4df510220e727f905f5d4/4b548bf4-601f769f-47af2515-56b177fd-4c022957
  • http://videodl.org/
DNS Requests
  • 6494d07c4cabcd01f6a3f5f18a7a4397.vplay-to.com
  • videodl.org

Example 3

File Information

Size
125K
SHA-1
0026eb117e7b0c252efd927c5bc7207980760399
MD5
5bba174ede5519f9820d29d1ad6e4b48
CRC-32
36b601a4
File type
application/x-ms-dos-executable
First seen
2011-04-01

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\oleprn32.dll
    Size
    706
    SHA-1
    38f2f245c797ac13d3c583c9f03fa8b407027461
    MD5
    fbc61fb9efa4a69dd95e55f9bb95c553
    CRC-32
    4d645bad
    File type
    Unspecified binary - probably data
    First seen
    2011-04-01
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers
    ProviderID6
    0x00000007
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers
    NumProviders
    0x00000007
  • HKLM\SYSTEM\CurrentControlSet\Services\RasMan
    Start
    0x00000002
HTTP Requests
  • http://9754c41a2618a8063a7e8c11cd267ef4.vplay-to.com/go/vl/videoplay-to.com/7a6669394463255fdb8ca16705d6dbb5/4b548bf4-601f769f-47af2515-56b177fd-4c022957
DNS Requests
  • 9754c41a2618a8063a7e8c11cd267ef4.vplay-to.com