ThreatExpert Report: Worm.Win32.VBNA.d, Worm.Win32.VBNA, Trojan.Gen.2, Backdoor.Win32.Curioso.cbt..

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 22 September 2012, 10:20:48
Processing time: 8 min 10 sec
Submitted sample:

File MD5: 0x2C0D35E3ED31287E9849A2FF35198CD5
File SHA-1: 0x288555924AA12EF26E5E59BDF4411F4B08C5F667
Filesize: 3,776,221 bytes
Alias:

Worm.Win32.VBNA.d [Kaspersky Lab]
Worm.Win32.VBNA [Ikarus]

Technical Details:

Possible Security Risk

Attention! The following threat categories were identified:

Threat Category	Description
	A malicious backdoor trojan that runs in the background and allows remote access to the compromised system
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
	A network-aware worm that attempts to replicate across the existing network(s)

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\405e1a235f4d3730178facbfcb9cf8ca_a7bcc1a4-f7a4-4502-8650-8579e607f7f7	2,042 bytes	MD5: 0x48C2259D25E903B3811F6D445B90265F SHA-1: 0xD9FE5A911CB69B3060E9C3A6C8A2FD9D1266DADF	(not available)
2	%AppData%\Microsoft\Crypto\RSA\S-1-5-21-606747145-764733703-839522115-1003\c0528c2346cb928a9052304ef3ab8fd4_a7bcc1a4-f7a4-4502-8650-8579e607f7f7	2,045 bytes	MD5: 0x3D98E1AC19B3C9D6D540831812ABB4BC SHA-1: 0x2B7FB67CDE315D5CE3855FDAD5B98D2D3816AC3E	(not available)
3	%Temp%\Bindeado.exe	3,333,788 bytes	MD5: 0xE9603E6818A28E3B4E8CB1489D93E97B SHA-1: 0x1DD026CAC9ACC19DC432307A6A6F895FD3EF7E1D	Trojan.Gen.2 [Symantec] Backdoor.Win32.Curioso.cbt [Kaspersky Lab] Trojan-Spy.Gen2 [Ikarus]
4	%Temp%\Bindeado2.exe	331,776 bytes	MD5: 0x729F90F7751B2B11B8E16EDCDC48FDAA SHA-1: 0x76078ACC69B09C0ADCC5A454320250519B629B76	Trojan.Gen [Symantec] Trojan.Win32.VBKrypt.mgpo [Kaspersky Lab] Worm:Win32/Rebhip.A [Microsoft] Trojan-Downloader.Win32.Anedl [Ikarus]
5	[file and pathname of the sample #1]	3,776,221 bytes	MD5: 0x2C0D35E3ED31287E9849A2FF35198CD5 SHA-1: 0x288555924AA12EF26E5E59BDF4411F4B08C5F667	Worm.Win32.VBNA.d [Kaspersky Lab] Worm.Win32.VBNA [Ikarus]

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
bindeado2.exe	%Temp%\bindeado2.exe	356,352 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	110,592 bytes

Registry Modifications

The following Registry Key was created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yb1614731659c.nny

The newly created Registry Value is:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yb1614731659c.nny]

(Default) = 30 36 0B 00 00 00 00 00 68 38 C7 D5 CD 1A E4 40

Other details

To mark the presence in the system, the following Mutex objects were created:

_x_X_UPDATE_X_x_
_x_X_PASSWORDLIST_X_x_
_x_X_BLOCKMOUSE_X_x_

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.