ThreatExpert Report: Possible_Virus, Win32.SuspectCrc

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 5 October 2012, 23:52:06
Processing time: 8 min 6 sec
Submitted sample:

File MD5: 0x15EFAC243871FDC3A55D41D5A67CDD54
File SHA-1: 0xC6E90371582D3D97AEDD1958504FA8D9755ED1FA
Filesize: 68,608 bytes
Alias & packer info:

Possible_Virus [Trend Micro]
Win32.SuspectCrc [Ikarus]
packed with: UPX [Kaspersky Lab]

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.

Technical Details:

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%FontsDir%\qdvd.dll	305 bytes	MD5: 0x595082C1F340809FC297897CACAC4F90 SHA-1: 0x33513FB2CD115D918583CD88AC1CF96B1181670C	(not available)
2	[file and pathname of the sample #1]	68,608 bytes	MD5: 0x15EFAC243871FDC3A55D41D5A67CDD54 SHA-1: 0xC6E90371582D3D97AEDD1958504FA8D9755ED1FA	Possible_Virus [Trend Micro] Win32.SuspectCrc [Ikarus] packed with UPX [Kaspersky Lab]

Note:

%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[generic host process]	[generic host process filename]	45,056 bytes

Notes:

[generic host process filename] is a full path filename of [generic host process].

Other details

Analysis of the file resources indicate the following possible country of origin:

Brazil

The following Host Names were requested from a host database:

192.5.5.241
newgordolindo2012.com

The following HTTP URL was started reading:

http://newgordolindo2012.com/tmp/wucps.js

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.