Mal/Ransom-BW

Categoria: Virus e spyware Opzioni di protezione ora disponibili:10 ott 2013 04:44:13 (GMT)
Tipo: Malicious behavior Ultimo aggiornamento:10 ott 2013 04:44:13 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Mal/Ransom-BW include:

Example 1

File Information

Size
376K
SHA-1
4024aa04f97c53c77c3ce222e2128be972d5404a
MD5
04fc7ffc8439e27a51b5241e8bd00e75
CRC-32
867e8de3
File type
Windows executable
First seen
2007-08-21

Example 2

File Information

Size
363K
SHA-1
a3dbdf84d229d3ff549855cf7adc34e75d01efd3
MD5
7ea2c970326af64b1b196c4dd12e61dc
CRC-32
6a4242ca
File type
Windows executable
First seen
2013-10-08

Other vendor detection

Avira
TR/Kazy.260337.1

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CryptoLocker
    "c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *CryptoLocker
    "c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\botqnfioxfvznn.exe
DNS Requests
  • aojgdeomgdebi.info
  • aprxrvehswjju.net
  • avavkwuypgswa.biz
  • axuboentjofth.co.uk
  • ayjiujeaixfvu.org
  • cidwfkioqwyxq.biz
  • cojkrkssrnsmh.ru
  • colvmocdmqsml.com
  • cpfccobfbrmqq.com
  • dyeifsgmewfbp.org
  • eanxsbdnplxlj.org
  • effeyppxkhahh.info
  • egtlfugejqajj.co.uk
  • fpacmxdrwqmvp.com
  • fqojsdtxvamxi.info
  • gwpfmadjckheq.net
  • hhkdaiqdottsp.biz
  • hvabbrgxhqjgy.net
  • iibbbwklpnimx.biz
  • iougqsxwecndq.co.uk
  • iqkfjibqiwohr.ru
  • jdlfjnfeqtnna.org
  • jhirljxmvafat.com
  • jjfkyjspfisea.com
  • kcmgcwtjhkhpu.co.uk
  • kcsvttllpqcrm.biz
  • ldtxjhgndsbfs.ru
  • lxelsourotmui.ru
  • msopbyiqikjmi.co.uk
  • mtwhpnoigygde.com
  • myqgrlgcwhlgx.net
  • nosuvuafwsrvl.net
  • ntbkacbuxnqha.ru
  • ntprqmdsvmiah.info
  • nueywrtyuvicl.co.uk
  • ojdyefneqjone.ru
  • ojwjmivnidcdj.info
  • omigdcspeyvrq.net
  • oynsjaesuwmck.biz
  • pfoodawkpmyql.org
  • plasewqenppwh.net
  • ptrhaqjhumorr.com
  • ptxwrkrronjtm.org
  • qayslkkjjdvil.info
  • qbhkayqmhrbqs.net
  • qeshqsnodnufs.ru
  • qpjmqfbxnqtwk.co.uk
  • rktqypowhhqot.com
  • rlcinhegtbnfr.biz
  • stsjnnutfrqfq.biz
  • tenhbvinrbdty.ru
  • uldkbepsegpss.org
  • uqtrbnrbvupsa.org
  • vlevjemtwbuta.info
  • vvxiomdmqpchr.co.uk
  • wddinoeitsaok.net
  • xhyhhyqoquxys.biz
  • xxhwefjitikvu.info
  • xxnmvyrhnjwgm.ru
  • ybprcgagoanvh.com
  • ytycutbnmmhjy.org

Example 3

File Information

Size
361K
SHA-1
f7d4163877616c819758c07c8c926a9b60c844fa
MD5
b07325f2686e5c26791424d9de7a5c54
CRC-32
14656592
File type
Windows executable
First seen
2013-10-07

Other vendor detection

Avira
TR/Kazy.260337

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    CryptoLocker
    "c:\Documents and Settings\test user\Application Data\Botqnfioxfvznn.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\botqnfioxfvznn.exe
DNS Requests
  • aheugpmjdncsw.info
  • avwiitddgmscm.co.uk
  • bejvpmdecjbkl.com
  • bjxkmohrctpim.info
  • brpbhniedeorw.com
  • cisrrcdcbcdrs.co.uk
  • cwaycwnfprtqp.biz
  • dmtspvirqqywl.biz
  • dndpmrppthyic.com
  • dtchyyinsgowclv.biz
  • dtfalteaonsil.ru
  • fcpwldjnduque.co.uk
  • fxrenohptknfepw.org
  • hmmtwjbwdpxmfub.ru
  • hxcvcrhspspho.co.uk
  • iclutelkvlpyoaj.org
  • idmtwbmtcgugo.com
  • ildxgjunctcvo.info
  • jnxaxyiocwhfa.net
  • jqcqlyayetwuhkk.co.uk
  • jqnvbsaoohhux.net
  • kbyccqvjoxtta.biz
  • kgbritkmwpohhgk.info
  • ksixsinpokmes.ru
  • kwvcldkggtagi.net
  • lcgagswtyyvwb.ru
  • lehayercbhrpxfk.info
  • lgjawabkblysc.org
  • meukfxwudunao.co.uk
  • mtgbvycptdjchdw.com
  • nciivrwugiuvk.info
  • niwwntqeclqxhck.net
  • njfiahcvpisyx.com
  • ogrexknpohmlb.org
  • otqobfxqpyfxo.net
  • oxvxkobruhikhqo.biz
  • pksfvbciupsit.net
  • plccsaadhmicb.info
  • premryxqsmmtk.biz
  • pybmvodrcmkwq.ru
  • qxbuatuslrafdgv.ru
  • raojridehtkgm.org
  • scqrojtumvynvxf.co.uk
  • vxqhmdwtfbdry.com
  • wcadovnanafye.co.uk
  • wlrjqxbibiaxi.net
  • wtlxqekaknsqhcc.net
  • xgbemmchtibei.biz
  • xnmlikxprfupk.ru
  • xpbfsnbuabrne.info
  • xywpfuassoqma.biz
  • ybnnmfcenmrvt.org
  • yctwlghiqawtw.org
  • yehnakmgltmdc.org
  • ytcgqhgvppxki.ru