Mal/BeeBone-AE

Catégorie: Virus et spywares Protection disponible depuis:03 juil. 2013 11:59:25 (GMT)
Type: Malicious behavior Dernière mise à jour :21 août 2016 17:32:26 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of Mal/BeeBone-AE include:

Example 1

File Information

Size
80K
SHA-1
001356b2ad430d534df2a6f163f8ada25d03ad85
MD5
fdf73d0764802ad621a13d47d79a7dc2
CRC-32
1cf23ce0
File type
Windows executable
First seen
2012-03-30

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\gsquk.exe
    Size
    80K
    SHA-1
    11c57ae4d67f979b21380e48e05d2cbbee08abd0
    MD5
    eb90016ea2557ec5ddc7d3c3e15d2864
    CRC-32
    075bb7e1
    File type
    Windows executable
    First seen
    2016-01-30
  • F:/Secret.exe
    Size
    80K
    SHA-1
    1794959d2bd9172d846403de6348ee3b48932238
    MD5
    6c96d0343ca44f580a6f8b39aea4217f
    CRC-32
    a3f14820
    File type
    Windows executable
    First seen
    2016-01-30
  • F:/gsquk.exe
    Size
    80K
    SHA-1
    1794959d2bd9172d846403de6348ee3b48932238
    MD5
    6c96d0343ca44f580a6f8b39aea4217f
    CRC-32
    a3f14820
    File type
    Windows executable
    First seen
    2016-01-30
  • F:/Porn.exe
    Size
    80K
    SHA-1
    97c8714ce39ec010ea1982926e7ed0acaf280875
    MD5
    0f56b0bbdc1a632657d54b6f9180885d
    CRC-32
    c7d2d418
    File type
    Windows executable
    First seen
    2016-01-30
  • F:/Sexy.exe
    Size
    80K
    SHA-1
    96e69ae5758992cb044b072b456b5b04093e90d4
    MD5
    d8f9874a2403dc3a66f05b4d930a404e
    CRC-32
    e3ecf6e9
    File type
    Windows executable
    First seen
    2016-01-30
  • F:/Passwords.exe
    Size
    80K
    SHA-1
    5dcb89896641a9ac32a04d131d8fac5bb438b4c5
    MD5
    39e65f3d09dc35a280852e0a233a2596
    CRC-32
    70c8fb0b
    File type
    Windows executable
    First seen
    2016-01-30
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    gsquk
    c:\Documents and Settings\test user\gsquk.exe /d
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\gsquk.exe
DNS Requests
  • ns1.helpupdates.com
  • ns1.helpupdates.info
  • ns1.helpupdates.org

Example 2

File Information

Size
20K
SHA-1
00222ede23eba1e91589685e29d1b09c66182701
MD5
e7aa2f2710f083dcf488814a72bb6e64
CRC-32
d975c0c3
File type
Windows executable
First seen
2012-04-17

Example 3

File Information

Size
88K
SHA-1
0031e961ead77a67713db2a32e2ea72d95401285
MD5
479346b94dff6e7dbee1824218927f73
CRC-32
469ad0f5
File type
Windows executable
First seen
2016-01-22

Runtime Analysis

Dropped Files
  • F:/Secret.exe
    Size
    88K
    SHA-1
    5e3b385d39c5d9922e5206bd9865058274fc4d46
    MD5
    f7bde70becdc8f93a01c5f31d3790da5
    CRC-32
    fe570975
    File type
    Windows executable
    First seen
    2016-01-22
  • c:\Documents and Settings\test user\sauyez.exe
    Size
    88K
    SHA-1
    9f3073fa4e28b1a1edfaf58062847d36a2e41df8
    MD5
    ba162eb7512628e74a3f92dac2e52645
    CRC-32
    2c357bca
    File type
    Windows executable
    First seen
    2016-01-22
  • F:/sauyez.exe
    Size
    88K
    SHA-1
    5e3b385d39c5d9922e5206bd9865058274fc4d46
    MD5
    f7bde70becdc8f93a01c5f31d3790da5
    CRC-32
    fe570975
    File type
    Windows executable
    First seen
    2016-01-22
  • F:/Sexy.exe
    Size
    88K
    SHA-1
    2a01a1cf0eba94d34b90de37b6f8b9d88e5c141f
    MD5
    af67f02383f7783c5c3302b655c0fdc4
    CRC-32
    69043c08
    File type
    Windows executable
    First seen
    2016-01-22
  • F:/Porn.exe
  • F:/Passwords.exe
    Size
    88K
    SHA-1
    8127b75756560ce0d07e295f463313e261af8e79
    MD5
    2e562ce958ff3b05b2fc2aee2fbceb44
    CRC-32
    75e88594
    File type
    Windows executable
    First seen
    2016-01-22
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    sauyez
    c:\Documents and Settings\test user\sauyez.exe /h
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    NoAutoUpdate
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    ShowSuperHidden
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\sauyez.exe

download Essayez les produits Sophos gratuitement
Téléchargez maintenant