Troj/MalitRar-C

カテゴリ: ウイルスとスパイウェア保護提供の開始日時:2015 1 12 20:47:46 (GMT)
種類: Trojan最終更新日時:2015 1 12 20:47:46 (GMT)
感染率:

Download Sophos Virus Removal Tool (無償) のダウンロード - 他社製ウイルス対策製品が検出できなかったマルウェアを検出

Examples of Troj/MalitRar-C include:

Example 1

File Information

Size
604K
SHA-1
1cc95940f51c8ed7f0014782e0b651c3e10ea394
MD5
33aca354fb4de69374dcf36b54dd7d14
CRC-32
a269a3c8
File type
Windows executable
First seen
2015-01-07

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Ehny\pauz.loi
    Size
    477
    SHA-1
    ab9b8c56fc7fda1210a5d4378a9279f326a6f585
    MD5
    05ff57ed1e25e0bb76e64bae1ac59246
    CRC-32
    e922cc07
    File type
    Unspecified binary - probably data
    First seen
    2015-01-07
  • c:\Documents and Settings\test user\Local Settings\Temp\NVtfeD.exe
  • c:\Documents and Settings\test user\Application Data\Ewvaek\oliz.exe
    Size
    21K
    SHA-1
    f1151f34c42ef97143d5b9b25b13b6c725d96d1c
    MD5
    8823dc3db0cf57134bf5ece4b3356ddd
    CRC-32
    f081d2f6
    File type
    Windows executable
    First seen
    2015-01-07
  • c:\Documents and Settings\test user\Local Settings\Temp\BDlLQA
    Size
    5.9K
    SHA-1
    286a7fc564a8c2482a3df78285afd68dde3f0d4d
    MD5
    0118017ba9988367fd4cb1cf17d2d9c8
    CRC-32
    742e1674
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2015-01-07
  • c:\Documents and Settings\test user\Local Settings\Temp\Svchost.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\CSWWnT.exe
    Size
    103K
    SHA-1
    40af6d8ce97c5c09bc820a18eeb14469aaa6cf29
    MD5
    a54f6d640439ef8165eb990f923747a3
    CRC-32
    ce13bfd8
    File type
    Windows executable
    First seen
    2015-01-07
  • c:\Documents and Settings\test user\Local Settings\Temp\OkEqCW.txt
    Size
    400K
    SHA-1
    2261f3c666d2497b2eded4ae066c195097bcc231
    MD5
    3d50493bf37f5954d34b366c868f8451
    CRC-32
    75c203fc
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2015-01-07
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Meroap
    Nyozna
    □□□@□□`□□□□□□e□@9□ V□□o□□□□□□□□o□□□□□□□□□□□□□`□□ □□□□□□□□09□□□□@□□□&□□□□□'□□□□p□□□□□□□□□=□ □□□□□P□□□s□□□□□d□□3□0□□0□□□*□□□□□l□□□□□R□□□□□g□□□□□□□□□□□□□□□□@□□□B□□q□□□□□~□□m□0□□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {49C8BFCE-A4CC-EA24-52F4-32FC21A8EDED}
    "c:\Documents and Settings\test user\Application Data\Ewvaek\oliz.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    64 da e9 1e a3 2a d0 01
Processes Created
  • c:\Documents and Settings\test user\application data\ewvaek\oliz.exe
  • c:\docume~1\support\locals~1\temp\bdllqa.exe
  • c:\docume~1\support\locals~1\temp\rarsfx0\nvtfed.exe
  • c:\docume~1\support\locals~1\temp\svchost.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\taskkill.exe
HTTP Requests
  • http://reidascalhaserufos.com.br/canon/panel/config.bin
  • http://www.google.com/webhp
  • http://www.google.ie/webhp
DNS Requests
  • reidascalhaserufos.com.br
  • www.google.com
  • www.google.ie

Example 2

File Information

Size
556K
SHA-1
821f661665d75936c33ac75444e3a8f6ce729d20
MD5
ce45d14808c0d66bf1c4e9562b6dd852
CRC-32
dea8c427
File type
PK ZIP archive
First seen
2015-01-07