Submission Summary:

• Submission details:
• Submission received: 25 October 2012, 15:46:37
• Processing time: 10 min 30 sec
• Submitted sample:
• File MD5: 0x4E495EC8BEC791A820C725F8000E1326
• File SHA-1: 0x253B1577C5C9B411C0235D000CD84A44C41C6EA0
• Filesize: 786,957 bytes
• Alias:
• Trojan.Win32.Inject.eipm [Kaspersky Lab]
• Generic BackDoor.abu [McAfee]
• Trojan.Win32.Inject [Ikarus]

• Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

• Attention! The following threat category was identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

• The following file was created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\2.tmp	786,957 bytes	MD5: 0x4E495EC8BEC791A820C725F8000E1326 SHA-1: 0x253B1577C5C9B411C0235D000CD84A44C41C6EA0	Trojan.Win32.Inject.eipm [Kaspersky Lab] Generic BackDoor.abu [McAfee] Trojan.Win32.Inject [Ikarus]

• Note:
• %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Memory Modifications

• There was a new process created in the system:

Other details

• The following Host Name was requested from a host database:
• 94.23.116.81

• The following HTTP URL was started reading:
• http://report.wsku5555k5yws5e.com/?3cE9a20 =%96%96%A7%A6%A6%A8d%AC%AC%CC%D9%9B%97%9Bk%CD%98%D C%AD%A4i%95%93%9A%D4%9Df%C6wl%95%95g%98%DC%E6%AC%E 9%EA%86%C7%99%E0%DE%99rjl%A3n%9F%E3%E1%9C%A2%93%D1 %9C%C2%86%89%B2%A2%C5oe%A4%96%A4%A5%A8%B8p%B8%B8%A..