W32/Dorkbot-FV

Category: Viruses and Spyware Protection available since:04 May 2013 02:38:50 (GMT)
Type: Win32 worm Last Updated:04 May 2013 02:38:50 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Dorkbot-FV exhibits the following characteristics:

File Information

Size
129K
SHA-1
650c4cba2c1b8487459aa3ee413ff2e55e6287bc
MD5
2a6d63e9047917d24b270e943f519114
CRC-32
e08fa958
File type
Windows executable
First seen
2012-08-23

Runtime Analysis

Copies Itself To
  • F:/SItSSrXMSDaXfgM.exe
  • c:\Documents and Settings\test user\Application Data\ScreenSaverPro.scr
  • c:\Documents and Settings\test user\Application Data\temp.bin
Dropped Files
  • C:\WINDOWS\wiaservc.log
    Size
    50
    SHA-1
    62951cd4456c23312315d25008558efb031b4568
    MD5
    2abef8cc7a383c22b3deb12b27dc9e81
    CRC-32
    64470cd2
    File type
    Configuration Data File (generic)
    First seen
    2013-05-04
  • C:\WINDOWS\wiadebug.log
    Size
    159
    SHA-1
    9248f5650c40ae247787073975f56d0c4aa9a2ad
    MD5
    62ae2e679c6130e3ba86bd083b494c82
    CRC-32
    6758cf2b
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-05-04
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Screen Saver Pro 3.1
    c:\Documents and Settings\test user\Application Data\ScreenSaverPro.scr
Registry Keys Modified
  • HKCU\Software\Microsoft\Internet Explorer\Main
    Start Page
    http://ie.getitclear.com/
Processes Created
  • c:\windows\system32\mspaint.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://api.wipmania.com/
DNS Requests
  • api.wipmania.com
  • h.balkoov.com
  • h.jossven.com
  • h.lartinito.com

download Try Sophos products for free
Download now