ThreatExpert Report: Trojan-SMS.J2ME.Boxer.c, Trojan-SMS, Trojan Horse, Trojan-SMS.J2ME.Boxer.j..

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 5 October 2012, 23:57:22
Processing time: 9 min 58 sec
Submitted sample:

File MD5: 0x11454FBFA403F799CF4B39B674F63A9D
File SHA-1: 0x82E7FF7E5EC7B7FC731DBA9ACC06BD38018C64C7
Filesize: 65,369 bytes
Alias:

Trojan-SMS.J2ME.Boxer.c [Kaspersky Lab]
Trojan-SMS [Ikarus]

Summary of the findings:

What's been found	Severity Level
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\a.class	1,747 bytes	MD5: 0x22093C4092196DF302272D78C5562EFB SHA-1: 0xDAE95B4346CE70CCC8C6C1F270153028B8710516	Trojan Horse [Symantec] Trojan-SMS.J2ME.Boxer.j [Kaspersky Lab] Generic.dx!bars [McAfee] Trojan-SMS [Ikarus]
2	%Temp%\aa.class	2,201 bytes	MD5: 0x40EC36A7A5BD7DD4B258C81B4517D7B0 SHA-1: 0x652406C5F3A7C87B2F216CE677EA4FBA41100E0B	(not available)
3	%Temp%\ab.class	2,147 bytes	MD5: 0x1AD589453DB11C85F40D6501E0A41AA0 SHA-1: 0x5841B11AC5F43507CDAB4F92A4B9DC4875EAD208	(not available)
4	%Temp%\ac.class	1,653 bytes	MD5: 0xE833B75A44AB72FA7F4362E4692239DB SHA-1: 0x8463AA815A30D0B4BF1B4828A8D9411EB30A95EE	(not available)
5	%Temp%\ad.class	315 bytes	MD5: 0xF1E6E14DEA5587457C778C5E63E05A55 SHA-1: 0x3804833ED717EA5B6F8A96710DABCF6B7D3787C3	(not available)
6	%Temp%\ae.class	2,281 bytes	MD5: 0x34F50334FABACF6953F36F9272B4990B SHA-1: 0xBE63FDD320C140B24244DFCDA5E63361EB072851	(not available)
7	%Temp%\af.class	1,615 bytes	MD5: 0xA29F37DD796F634EDB68B5F03615DFA6 SHA-1: 0x336C687853F2D954C08BD153656D79B6E612D2BE	(not available)
8	%Temp%\ag.class	1,161 bytes	MD5: 0xA7046F2EB9B7DA8357C9FB47D6ACD61E SHA-1: 0x4EFD3B948371F59FC117A275C2B800940A738939	(not available)
9	%Temp%\ah.class	1,184 bytes	MD5: 0xB1110DCF26CB78AA9BB66089BA8FD1E3 SHA-1: 0x74382059E98F19F47C75BD0E992B22E61089D127	(not available)
10	%Temp%\ai.class	1,504 bytes	MD5: 0xBEB6D852611D0DBE3ADA11094605C339 SHA-1: 0xB98A72ED438B2B8F3EE6D0D0D0BD76CFA35B1151	(not available)
11	%Temp%\aj.class	827 bytes	MD5: 0x4A4D81C7420E30FB91E8195ABF0295AB SHA-1: 0xC68AEA364F20433CBF3FC81414329F54E7657C97	(not available)
12	%Temp%\ak.class	1,322 bytes	MD5: 0xCC585FC63DFF7E6E52BCF91368249C42 SHA-1: 0x9284F5D9002E8422BF95702ECA28932AE7E2D302	(not available)
13	%Temp%\al.class	2,591 bytes	MD5: 0x200BC53757ECE01B88351228E205F4FD SHA-1: 0x48B9FAA1A6E29326D4AD2EB6480F34D472BA68CF	(not available)
14	%Temp%\album.png	414 bytes	MD5: 0xDA4EFB9D90C27E01D545330997FFB2C7 SHA-1: 0x53EF19D4312ED6E95A4D65492CCC5ADAEF54A7F0	(not available)
15	%Temp%\am.class	1,260 bytes	MD5: 0xC976C0AD927B42AC276232F4D680476F SHA-1: 0x9EE41A860BCA255957AC5ECE3826179DAFBC8642	(not available)
16	%Temp%\an.class	1,785 bytes	MD5: 0xEA11DACCC8B8FA42F3B2595A3434EB1B SHA-1: 0xDB56B06DD6FD2059454D7D9EB7B46A33D2DFB4FD	(not available)
17	%Temp%\ao.class	1,170 bytes	MD5: 0xDA30EE04A7490D5DEAD329E3A4006BD6 SHA-1: 0x29C9515D57174E9BE19543B1A4F52C34E8C83171	(not available)
18	%Temp%\ap.class	509 bytes	MD5: 0x8E131F283DC725766AC4CA932E8DED4F SHA-1: 0x706B59D2F1B6E9BE0B6B9431165E946EBDA11778	(not available)
19	%Temp%\aq.class	2,494 bytes	MD5: 0xBF1AE38203E9D21F31707954A8AF814B SHA-1: 0x26A2E57B7217D2E8FAC6B06A029743D7D56E3BF1	(not available)
20	%Temp%\ar.class	1,337 bytes	MD5: 0x79A4AEC65F6A6618440B00E4E350D5FD SHA-1: 0xD02813A01ABE78B7BCA7F0E014BA46C4A5CC9680	(not available)
21	%Temp%\as.class	1,635 bytes	MD5: 0xB11803080DC9EB5F5F853E1F750A1629 SHA-1: 0x9DC420C95824F3A383806639F4FF10D9226F3677	(not available)
22	%Temp%\at.class	952 bytes	MD5: 0xC3F13AF286EA4AE61F311EB6DFE6F58F SHA-1: 0x491848235CC93DBAF608C5A54272B58EC108CC43	(not available)
23	%Temp%\au.class	545 bytes	MD5: 0xDAE5E3EE7606011AA2A0AA3FD0942B3C SHA-1: 0x34FAB2B93E9215603DC7E16700668A5B688BD875	(not available)
24	%Temp%\av.class	959 bytes	MD5: 0xF62138C7509CAE8DF94722BD2CE5AADB SHA-1: 0xFAF528355FBB1675DB42E6659718954CC909753E	(not available)
25	%Temp%\aw.class	775 bytes	MD5: 0xD4417D0D5BBAB02C40CA8FAEEFC0DAF3 SHA-1: 0x30900F06A5106A71A448E614CB3C95B2669DD2EC	(not available)
26	%Temp%\ax.class	278 bytes	MD5: 0x68059DCBD2BC4BDFC265D823CAEF19C6 SHA-1: 0xF0F4CF4CCF119442080A7F1BC733C22DCE805A0A	(not available)
27	%Temp%\b.class	687 bytes	MD5: 0xB3F145E0B2B3B3F93003958850259550 SHA-1: 0xD850B03F30B8BEE9035E5646C124B820EC8738DA	(not available)
28	%Temp%\c.class	3,031 bytes	MD5: 0x9118CA10F3A149A8402757EFC2B0DC80 SHA-1: 0x9D9198C2CC927B10504475D0E525DE8735AA52E2	(not available)
29	%Temp%\camera.png	1,202 bytes	MD5: 0xF939435A3A9BA52964CC37FD89010A36 SHA-1: 0x053F9FA1404E1F76B8B1ECB36D64A66EB50A51B5	(not available)
30	%Temp%\com\tmptmp\facebook\.#FacebookDao.java.1.4	2,905 bytes	MD5: 0x1A057A218DF33ADB7756DDED9DEE3A5E SHA-1: 0xF0DB2EBDBA54057F735552C42A19144457E33E7E	(not available)
31	%Temp%\d.class	2,056 bytes	MD5: 0xC3EC65486573093C10577C56AC600678 SHA-1: 0xE3990730468822DB994D275684D9176E87EF3772	(not available)
32	%Temp%\e.class	119 bytes	MD5: 0xD202BE39B6C989943FD0A6E9A4A4D47A SHA-1: 0x1882B5A7F4B9FF2B1F280AFD891415463994D4D4	(not available)
33	%Temp%\f.class	465 bytes	MD5: 0x974B2D7C850A0956968CD10D9E5C1398 SHA-1: 0x594DE7260879061C745E8FF579592A4A23F02AA3	(not available)
34	%Temp%\FBMidlet.class	967 bytes	MD5: 0xE62F82DAD92B39D695E93C77CFAA1605 SHA-1: 0x70A306F5886D687BC4F016B69F6132348004E114	(not available)
35	%Temp%\friend.png	383 bytes	MD5: 0x2876FFC49DB0928A4C812162AECC660E SHA-1: 0x18198D1B8123785F9EC85D01442A6D03097628ED	(not available)
36	%Temp%\g.class	1,252 bytes	MD5: 0x4A00ED7DFBF98CD938C84B036BBD32AD SHA-1: 0x3F9F77F9181413239A53E0BDA2CEFD1F3355C02A	(not available)
37	%Temp%\h.class	1,581 bytes	MD5: 0xDED303AF4A654BD3CA26096018FD3A84 SHA-1: 0xCF3B6338F569916F453B29EAF56B770151EA94E8	(not available)
38	%Temp%\i.class	1,203 bytes	MD5: 0x40CA84B7E89EE8D0F9287ADAAD92C96D SHA-1: 0x95140140A6F9476A14D08A1833577E68ACC2D23C	(not available)
39	%Temp%\icon.png	508 bytes	MD5: 0x27F43B77BB830476E0C0A3390824B862 SHA-1: 0xF9408BAC3D883254A65C5B6CD17C5C54E04FEE44	(not available)
40	%Temp%\inbox.png	440 bytes	MD5: 0xC2C5F618392861E2F50A9EE01637C2C3 SHA-1: 0xC8E22FEBE6FB6EE98D1D688FFB352D551114F7C6	(not available)
41	%Temp%\j.class	1,420 bytes	MD5: 0xBFA8EB1638B2DEA61A225FE9769299A3 SHA-1: 0xC780DB1E206F58C855D35CFCFE1E1BDB1A3AD8C3	(not available)
42	%Temp%\k.class	2,548 bytes	MD5: 0x2AB0DB0360B4288DC629AFF92DDDD206 SHA-1: 0xE113F4C3A1F556E6E910C8E980D5369E7D559FA1	(not available)
43	%Temp%\l.class	1,887 bytes	MD5: 0x9C50A06BF5F0F78AE81C2239F347DE12 SHA-1: 0x725236280A91A476EEFBB9AE5274F25DDA4BE668	(not available)
44	%Temp%\logo.png	443 bytes	MD5: 0x79198922523ACE82DC9B34303F215B76 SHA-1: 0x9DD1929B76D0A5395DE466BFD5E320F08B7A657A	(not available)
45	%Temp%\m.class	1,917 bytes	MD5: 0x35B67D3AB8FC328B481CA22E745F3AC0 SHA-1: 0x998D4295A09DA143985D7BE39EE7CA3EC71B2F67	(not available)
46	%Temp%\MANIFEST.MF %Temp%\META-INF\MANIFEST.MF	775 bytes	MD5: 0x378E69292C3BF1769262FB2EC5FC9AA2 SHA-1: 0x7007BE2B237069995C9831F2AE2E277E8B6218BE	(not available)
47	%Temp%\mtek.png	2,700 bytes	MD5: 0xD362846F4FAF97945572DAE8126CF40C SHA-1: 0x44BE4C1147557C1B5F60F364782B854EF6566341	(not available)
48	%Temp%\n.class	1,633 bytes	MD5: 0x7FA710DD0656C000B3A38EA308A58AF9 SHA-1: 0x76D13714C9C893E75420075C7EB307F4FB3EDDA0	(not available)
49	%Temp%\newsfeed.png	516 bytes	MD5: 0xA50309A4A654898FC89AE23C3A0C970B SHA-1: 0x6C02CBFDC797CCDA4E7E542F893E98767B8B3C70	(not available)
50	%Temp%\o.class	1,198 bytes	MD5: 0x8EAC01E46F494B357264B5E7B5139781 SHA-1: 0x676C0FC6FFFC8D7332AC2310DA8C5E25F84CFB78	(not available)
51	%Temp%\p.class	1,098 bytes	MD5: 0xC53420C3819B735EDC04A700F3DECB5B SHA-1: 0x609FC18D775669949FC364E014B86A8D0BE432B3	(not available)
52	%Temp%\poke.png	476 bytes	MD5: 0xF931AD48C5D8A433DCA9F47B71EE4635 SHA-1: 0xD3775F96B7F51E0FE5FDEB4551C11405FE3E7AFD	(not available)
53	%Temp%\profile.png	556 bytes	MD5: 0x9ED867BC2774012E3E21214229B6C3F5 SHA-1: 0x859A98B5B465BC2EF4D068BA984DBC2576AF2D43	(not available)
54	%Temp%\q.class	1,198 bytes	MD5: 0xC2204F52639D093EFC80A7AAA27B1B7D SHA-1: 0x61D4D9384C3CBE3234379D6B340B9CE1C9DE5B42	(not available)
55	%Temp%\r.class	29,817 bytes	MD5: 0xE95FDE02AD192B36DEDC5703D69256F9 SHA-1: 0x66532E068D2906DEFAE1D8D7A13A85A9EBE0A21A	(not available)
56	%Temp%\s.class	1,098 bytes	MD5: 0xA25569C9C379DDB3393CD77D136C03E1 SHA-1: 0x75A684544CE53D11F78A3A65EE8FC8B2559032F5	(not available)
57	%Temp%\SmsBox.class	2,621 bytes	MD5: 0x87A0DAF103C93C56B9202A8D30B994B3 SHA-1: 0xAA29261D294BFEB99A5BF6E707325E45FC5D92D4	Trojan.Gen.2 [Symantec] Trojan-SMS.J2ME.Boxer.c [Kaspersky Lab] Trojan-SMS [Ikarus]
58	%Temp%\splash.png	2,891 bytes	MD5: 0xCF7479DB67E46F834158FB3EE171BD27 SHA-1: 0xB0046FB07C6A001787F8CB2FD7F299C57E16889E	(not available)
59	%Temp%\t.class	851 bytes	MD5: 0x0F91FC9AB9ACC14A3EB552106C8FF840 SHA-1: 0x4F68AF0D543776192F50DB5A4A09F98D3AF8ED9F	(not available)
60	%Temp%\tagged.png	408 bytes	MD5: 0x88FAD66DFFE9401794F21E6F32147D13 SHA-1: 0xE20A8F77A383D8AC81281BA259C6B9698515672F	(not available)
61	%Temp%\u.class	1,844 bytes	MD5: 0x5AE19DACED77740D34505FCF371DB307 SHA-1: 0x09CBA06AB3A5EE5ECC6478B5FCC052DDC3029E03	(not available)
62	%Temp%\update.png	338 bytes	MD5: 0x7F2568BCBE8AAF0345C5BDB41F4808C1 SHA-1: 0xB5BE09232D3D7D293D9370E8601D26750BEDD0A3	(not available)
63	%Temp%\v.class	1,568 bytes	MD5: 0x9011E53624C3E2E9ECE13401173E0E26 SHA-1: 0x844F7121218C160665575384AA52A4A30CC75C99	(not available)
64	%Temp%\w.class	1,315 bytes	MD5: 0xACDF28152EDB541173BB493CBD7CE5D2 SHA-1: 0x822B70699528891D24FE2E5885C270B1AD7DF2F9	(not available)
65	%Temp%\wall.png	365 bytes	MD5: 0x137BF05EE7067960B6BBBD631AB255D9 SHA-1: 0xE585065BDD07FD0C4BCE63BEA9BDDDDF394E05A4	(not available)
66	%Temp%\x.class	1,213 bytes	MD5: 0x5894B5D41127FD31253535BE28535D36 SHA-1: 0x961C890C749C582A31E8132E88CD41E2C7C442ED	(not available)
67	%Temp%\y.class	829 bytes	MD5: 0x97C57F055450D975471931488A6E40F1 SHA-1: 0x7C4946E8692A0A42CEC258B32EAAAA7FCB31C1EA	(not available)
68	%Temp%\z.class	956 bytes	MD5: 0x0D785B4E7024F170ABBFEB368CEE187B SHA-1: 0x968FAE8675DB495A3A7ECB41BFDFCB26184778DD	(not available)
69	[file and pathname of the sample #1]	65,369 bytes	MD5: 0x11454FBFA403F799CF4B39B674F63A9D SHA-1: 0x82E7FF7E5EC7B7FC731DBA9ACC06BD38018C64C7	Trojan-SMS.J2ME.Boxer.j, Trojan-SMS.J2ME.Boxer.c [Kaspersky Lab] Trojan-SMS [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\com
%Temp%\com\tmptmp
%Temp%\com\tmptmp\facebook
%Temp%\META-INF

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.