W32/Slenfbot-BO

Category: Viruses and Spyware Protection available since:17 Feb 2012 20:38:18 (GMT)
Type: Win32 worm Last Updated:17 Feb 2012 20:38:18 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/Slenfbot-BO include:

Example 1

File Information

Size
177K
SHA-1
244e999f918c4233bd8fcece6e797543e47828c0
MD5
84762dd9508eb7c4eecd609c3e17231b
CRC-32
50092af3
File type
application/x-ms-dos-executable
First seen
2012-01-05

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\mdm.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Firevall Engine
    c:\windows\mdm.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\windows\mdm.exe
    c:\windows\mdm.exe:*:Enabled:Microsoft Firevall Engine
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Microsoft Firevall Engine
    c:\windows\mdm.exe
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
    Microsoft Firevall Engine
    c:\windows\mdm.exe
Processes Created
  • c:\windows\mdm.exe
  • c:\windows\system32\netsh.exe
IP Connections
  • 49.61.182.240:5050
DNS Requests
  • ms.mrkva.su

Example 2

File Information

Size
126K
SHA-1
3203b53a013bc73e16939f824ad87e484e387f23
MD5
f04a3b038164cff62c3ef340d0100297
CRC-32
5c5a077f
File type
application/zip
First seen
2012-02-17

download Try Sophos products for free
Download now