W32/Changeup-D

    Category: Viruses and SpywareProtection available since:26 Jan 2012 19:58:09 (GMT)
    Type: Win32 wormLast Updated:26 Jan 2012 19:58:09 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Examples of W32/Changeup-D include:

    Example 1

    File Information

    Size
    176K
    SHA-1
    b9ae0587d022ae0da5c388a4c71b1cb2332ac1f3
    MD5
    3a561c5d0dc29ff5a3b7cd8c7a79a185
    CRC-32
    ac4699f3
    File type
    application/x-ms-dos-executable
    First seen
    2012-01-26

    Runtime Analysis

    Dropped Files
    • F:/Sexy.exe
      Size
      176K
      SHA-1
      66a24b478a9dab45addb65a3425172f96b1eb23b
      MD5
      fa2dc5093272ce3591b2abe2b9b30457
      CRC-32
      1c3647d8
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • c:\Documents and Settings\test user\gdfoq.exe
      Size
      176K
      SHA-1
      bd4d8f9f67e962d7014e059c0790c719c335aa62
      MD5
      181b7be7132f23fd1e19c8850c70c3f6
      CRC-32
      d4952536
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Porn.exe
      Size
      176K
      SHA-1
      66a24b478a9dab45addb65a3425172f96b1eb23b
      MD5
      fa2dc5093272ce3591b2abe2b9b30457
      CRC-32
      1c3647d8
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/gdfoq.exe
      Size
      176K
      SHA-1
      66a24b478a9dab45addb65a3425172f96b1eb23b
      MD5
      fa2dc5093272ce3591b2abe2b9b30457
      CRC-32
      1c3647d8
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Secret.exe
      Size
      176K
      SHA-1
      66a24b478a9dab45addb65a3425172f96b1eb23b
      MD5
      fa2dc5093272ce3591b2abe2b9b30457
      CRC-32
      1c3647d8
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Passwords.exe
      Size
      176K
      SHA-1
      66a24b478a9dab45addb65a3425172f96b1eb23b
      MD5
      fa2dc5093272ce3591b2abe2b9b30457
      CRC-32
      1c3647d8
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    Registry Keys Created
    • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      NoAutoUpdate
      0x00000001
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      gdfoq
      c:\Documents and Settings\test user\gdfoq.exe /L
    Registry Keys Modified
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
      ShowSuperHidden
      0x00000000
    Processes Created
    • c:\Documents and Settings\test user\gdfoq.exe

    Example 2

    File Information

    Size
    176K
    SHA-1
    ca5af3b6191e8f121ad90d003f62e76b0f4af8ce
    MD5
    40794352a5133734595c1c7ada4c4250
    CRC-32
    3f3bb4ed
    File type
    application/x-ms-dos-executable
    First seen
    2011-09-20

    Runtime Analysis

    Dropped Files
    • F:/Sexy.exe
      Size
      176K
      SHA-1
      14495e348a8a77a0bb6111c5ac797fd2b4c6cacf
      MD5
      83a5053bdc2492c7c5565d7f7cac3f3a
      CRC-32
      b7ddc4b9
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Passwords.exe
      Size
      176K
      SHA-1
      14495e348a8a77a0bb6111c5ac797fd2b4c6cacf
      MD5
      83a5053bdc2492c7c5565d7f7cac3f3a
      CRC-32
      b7ddc4b9
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • c:\Documents and Settings\test user\neaoqi.exe
      Size
      176K
      SHA-1
      9d2bffa2b39ddb70267981ec435873d86bbd5686
      MD5
      f2347ce2bba110407e1eb9f144baf95e
      CRC-32
      79ccc59d
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/neaoqi.exe
      Size
      176K
      SHA-1
      14495e348a8a77a0bb6111c5ac797fd2b4c6cacf
      MD5
      83a5053bdc2492c7c5565d7f7cac3f3a
      CRC-32
      b7ddc4b9
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Secret.exe
      Size
      176K
      SHA-1
      14495e348a8a77a0bb6111c5ac797fd2b4c6cacf
      MD5
      83a5053bdc2492c7c5565d7f7cac3f3a
      CRC-32
      b7ddc4b9
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Porn.exe
      Size
      176K
      SHA-1
      14495e348a8a77a0bb6111c5ac797fd2b4c6cacf
      MD5
      83a5053bdc2492c7c5565d7f7cac3f3a
      CRC-32
      b7ddc4b9
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    Registry Keys Created
    • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      NoAutoUpdate
      0x00000001
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      neaoqi
      c:\Documents and Settings\test user\neaoqi.exe /d
    Registry Keys Modified
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
      ShowSuperHidden
      0x00000000
    Processes Created
    • c:\Documents and Settings\test user\neaoqi.exe

    Example 3

    File Information

    Size
    176K
    SHA-1
    f61304f0bd71faecfab56f4ae18c1675b6883491
    MD5
    474dc907c471fddc1809737a218399e2
    CRC-32
    089ccea2
    File type
    application/x-ms-dos-executable
    First seen
    2012-01-26

    Runtime Analysis

    Dropped Files
    • F:/qieoler.exe
      Size
      176K
      SHA-1
      d850071bb201fbd96b366bffaf13bd0ad4d61c4b
      MD5
      f87fd98736bc231006244e5c96e8d439
      CRC-32
      f9b6ba09
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Porn.exe
      Size
      176K
      SHA-1
      d850071bb201fbd96b366bffaf13bd0ad4d61c4b
      MD5
      f87fd98736bc231006244e5c96e8d439
      CRC-32
      f9b6ba09
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • c:\Documents and Settings\test user\qieoler.exe
      Size
      176K
      SHA-1
      103fa89c6be1baab3de9c895c33fcd7c3ddb88b3
      MD5
      f7b2a6f918f1569b0f5b3bbfacf819c1
      CRC-32
      5e774b36
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Secret.exe
      Size
      176K
      SHA-1
      d850071bb201fbd96b366bffaf13bd0ad4d61c4b
      MD5
      f87fd98736bc231006244e5c96e8d439
      CRC-32
      f9b6ba09
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Passwords.exe
      Size
      176K
      SHA-1
      d850071bb201fbd96b366bffaf13bd0ad4d61c4b
      MD5
      f87fd98736bc231006244e5c96e8d439
      CRC-32
      f9b6ba09
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    • F:/Sexy.exe
      Size
      176K
      SHA-1
      d850071bb201fbd96b366bffaf13bd0ad4d61c4b
      MD5
      f87fd98736bc231006244e5c96e8d439
      CRC-32
      f9b6ba09
      File type
      application/x-ms-dos-executable
      First seen
      2012-01-26
    Registry Keys Created
    • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      NoAutoUpdate
      0x00000001
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      qieoler
      c:\Documents and Settings\test user\qieoler.exe /R
    Registry Keys Modified
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
      ShowSuperHidden
      0x00000000
    Processes Created
    • c:\Documents and Settings\test user\qieoler.exe

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection