Troj/Weelsof-HJ

Category: Viruses and SpywareProtection available since:29 Sep 2014 19:00:21 (GMT)
Type: TrojanLast Updated:29 Sep 2014 19:00:21 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Weelsof-HJ include:

Example 1

File Information

Size
147K
SHA-1
2e1fcb138fc247653eadd031f84bdd2460fb4e0f
MD5
ee1f420a7e478d73e7d00e19dcea2f91
CRC-32
e9525533
File type
Windows executable
First seen
2014-09-29

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\dxfuxxtm.exe
Registry Keys Created
  • HKCU\Software\mpffrpka
    gjrkhqkv
    %□□P□□□□□ b□□□□□□□P]□@c□0□□□o□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    jhmbnfjj
    "c:\Documents and Settings\test user\Local Settings\Application Data\dxfuxxtm.exe"
Processes Created
  • c:\windows\system32\svchost.exe
IP Connections
  • 162.144.84.238:8080
  • 222.236.47.53:8080
  • 37.59.212.214:8080
  • 5.134.115.164:443
  • 5.79.6.6:8080

Example 2

File Information

Size
147K
SHA-1
460e30bf3c7e34a580a239500ab2bab3f235575c
MD5
eadf55d14c3c54dfd17b4f1c06441c0d
CRC-32
d31c5770
File type
application/x-ms-dos-executable
First seen
2014-09-29

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\dmotijuw.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    tntujvfr
    "c:\Documents and Settings\test user\Local Settings\Application Data\dmotijuw.exe"
  • HKCU\Software\dafodvmr
    ilcbnttb
    %□□P□□□□□ b□□□□□□□P]□@c□0□□□o□□
Processes Created
  • c:\windows\system32\svchost.exe
IP Connections
  • 162.144.84.238:8080
  • 198.74.56.121:443
  • 222.236.47.53:8080
  • 37.59.212.214:8080
  • 5.134.115.164:443
  • 5.79.6.6:8080

Example 3

File Information

Size
147K
SHA-1
a65252749690b3aa243539d8c822b696f2c49a8d
MD5
1d054c27a32d77bc20bbda84d81f14c6
CRC-32
8a442081
File type
Windows executable
First seen
2014-09-29

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\ucqbasvh.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    kqruhcfb
    "c:\Documents and Settings\test user\Local Settings\Application Data\ucqbasvh.exe"
  • HKCU\Software\faxefwgd
    cvccgjqq
    %□□P□□□□□ b□□□□□□□P]□@c□0□□□o□□
Processes Created
  • c:\windows\system32\svchost.exe
IP Connections
  • 162.144.84.238:8080
  • 198.74.56.121:443
  • 222.236.47.53:8080
  • 37.59.212.214:8080
  • 5.134.115.164:443
  • 5.79.6.6:8080