Submission Summary:

What's been foundSeverity Level
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Security RiskDescription
Trojan-Spy.Bankject Trojan-Spy.Bankject injects extra HTML code into internet banking webpages in order to steal passwords and credit card details. It also steals email addresses from Windows Address Book and sends all these stolen information to the attacker.

Threat CategoryDescription
A virus capable to modify other files by infecting, prepending, or overwriting them them with its own body

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\3582-490\[filename of the sample #1] 132,608 bytes MD5: 0xD4342FFE2F5B609ED161A2B7B223D335
SHA-1: 0x27874337C83D920037C738C97B69368C12A7ABE4
(not available)
2 %Temp%\tmp5023.tmp 8 bytes MD5: 0x46FA5BA182FDD8B9D013932D5123F63A
SHA-1: 0x83725ACB8C6E69D6F5F512B1FA8C70307AD766C1
(not available)
3 %Windir%\directx.sys 33 bytes MD5: 0xCF4C20A90A31F5E8DC1B9183788E5E23
SHA-1: 0x3BD3FB2BD932745ACC7E1A6E46E8672E49551A6A
(not available)
4 %Windir%\svchost.com 41,472 bytes MD5: 0xAA962D6EC2961E8B1BA5739DDEB2E4B4
SHA-1: 0xC5AED4AD464C5720010EF764247A36721048C72F
W32.Neshuta [Symantec]
Virus.Win32.Neshta.a [Kaspersky Lab]
W32/HLLP.41472.e [McAfee]
PE_NESHTA.A-O [Trend Micro]
W32/Bloat-A [Sophos]
Virus:Win32/Neshta.A [Microsoft]
Virus.Win32.Neshta [Ikarus]
Win32/Neshta [AhnLab]
5 [file and pathname of the sample #1] 174,080 bytes MD5: 0x0CE4C0EB5409A41796FC23E8614D80A7
SHA-1: 0xC0C3FCC984A84965E712B61F70CFD37F4BA55359
W32.Neshuta [Symantec]
Virus.Win32.Neshta.a [Kaspersky Lab]
W32/HLLP.41472.e [McAfee]
PE_NESHTA.A [Trend Micro]
W32/Bloat-A [Sophos]
Virus:Win32/Neshta.A [Microsoft]
Virus.Win32.Neshta [Ikarus]
Win32/Neshta [AhnLab]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]110,592 bytes
svchost.com%Windir%\svchost.com110,592 bytes
VMEB23~1.EXEC:\PROGRA~1\VMware\VMWARE~1\VMEB23~1.EXE90,112 bytes

 

Registry Modifications

 

Other details

Russian Federation

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2018 ThreatExpert. All rights reserved.