Troj/MSIL-IR

Categoria: Virus e spyware Opzioni di protezione ora disponibili:07 gen 2014 05:04:08 (GMT)
Tipo: Trojan Ultimo aggiornamento:27 ago 2016 02:27:13 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Troj/MSIL-IR include:

Example 1

File Information

Size
224K
SHA-1
00ea31c9afed0ec8a22b5165afe2b7aa154ed2eb
MD5
e837d82161005c81989ef2ef172f0749
CRC-32
f62c773a
File type
Windows executable
First seen
2016-07-13

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\win32.exe
Registry Keys Created
  • HKCU
    di
    !
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    1046e7e9440e1857cac369cd7a8a3abf
    "c:\Documents and Settings\test user\Local Settings\Temp\win32.exe" ..
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    1046e7e9440e1857cac369cd7a8a3abf
    "c:\Documents and Settings\test user\Local Settings\Temp\win32.exe" ..
  • HKCU\Environment
    SEE_MASK_NOZONECHECKS
    1
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\win32.exe
  • c:\windows\system32\netsh.exe
DNS Requests
  • jihad0812929.ddns.net

Example 2

File Information

Size
414K
SHA-1
04128de220f691a3a90f097b9ee812f3b694e4b5
MD5
c1b5482977fd2cb720e3533450682318
CRC-32
a946ba3a
File type
Windows executable
First seen
2014-02-05

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\windowsupdate.exe
  • c:\Documents and Settings\test user\Application Data\JdkftxOe\YKHAVSj.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\JdkftxOe\YKHAVSj.exe.lnk
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    WinUpdate
    C:\WINDOWS\system32\windowsupdate.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    EnableLUA
    0x00000000
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\windowsupdate.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    c:\Documents and Settings\test user\Application Data\JdkftxOe\YKHAVSj.exe,explorer.exe
  • HKLM\SOFTWARE\Microsoft\Security Center
    AntiVirusDisableNotify
    1
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\notepad.exe
  • c:\windows\system32\reg.exe
  • c:\windows\system32\windowsupdate.exe
IP Connections
  • 62.141.44.219:300

Example 3

File Information

Size
118K
SHA-1
0418df7e9e86d41bb94aa5364052ab6385dc1d66
MD5
9d60ea6a6627104a93cf188ce4c1710f
CRC-32
0c5dd16b
File type
Windows executable
First seen
2016-06-17

scarica Prova gratuita dei prodotti Sophos
Scarica subito