| Visit ThreatExpert web site | | | Close Report |
[Ikarus]| What's been found | Severity Level |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Threat Category | Description |
 |
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %Temp%\sinowal10_+20120728-20 | 49,664 bytes | MD5: 0x16404A90F200825521EE5B64FC64DB76 SHA-1: 0x15E7254F21D3EAA60A3A7FA797E56EC86A5AE632 |
Trojan.Gen.2 [Symantec] Mal/EncPk-AFH [Sophos] Win32.SuspectCrc [Ikarus] |
| 2 | %Temp%\sinowal10_+20120729-00 | 48,640 bytes | MD5: 0xC3284A878F281DBC75042C1878901B2A SHA-1: 0xE0E61DFFDF1890CF9A585EA1C053413EB5A25672 |
Mal/EncPk-AFH [Sophos] |
| 3 | %Temp%\sinowal10_+20120729-08 | 50,688 bytes | MD5: 0xC49BB4294E188E5360DB5F3786010CBB SHA-1: 0x3E0CB6BF74E5DA851CF4708768F66BD33B883253 |
Mal/EncPk-AFH [Sophos] Win32.Sinowals [Ikarus] |
| 4 | %Temp%\sinowal10_+20120729-16 | 48,640 bytes | MD5: 0xB13124545FFBB249090D66057FF861FF SHA-1: 0x5A66D9E949A37851950EAE9EE42D567C554AF72F |
Mal/EncPk-AFH [Sophos] |
| 5 | %Temp%\sinowal10_+20120730-05 | 50,688 bytes | MD5: 0xFB431EE6E4E9BEEBCB433FA3518ED85D SHA-1: 0x728AD4E36FEB018E725BA8F04C8C1C5D27CCDA8B |
Mal/EncPk-AFH [Sophos] |
| 6 | %Temp%\sinowal10_+20120730-06 | 52,224 bytes | MD5: 0x9E02631AD9FE82531D1D610A1AC74113 SHA-1: 0x7612084EB4402C17B7814CC13F11C7C6373C0C4E |
Mal/EncPk-AFH [Sophos] |
| 7 | %Temp%\sinowal10_+20120730-12 | 49,152 bytes | MD5: 0xB4649C50A69FDBC6A34904589F3C267B SHA-1: 0xBDC6C535FD13AE6C5E2B5589B2D95A5D78C4876E |
Mal/EncPk-AFH [Sophos] Win32.SuspectCrc [Ikarus] |
| 8 | %Temp%\sinowal10_+20120730-15 | 51,712 bytes | MD5: 0x32716FCEDB69A2F3B124EBCA2678124D SHA-1: 0x181BF89C8BCB0E4577C4B7AF41E2C00D0904C64B |
Mal/EncPk-AFH [Sophos] |
| 9 | %Temp%\sinowal11_+20120728-23 | 50,176 bytes | MD5: 0xCC26AEAEF6CE22B005ABECA721BA0B83 SHA-1: 0x567EC3FCFB0C0D84EA1BC62CAFE80CDB0AC29304 |
Trojan.Gen.2 [Symantec] Mal/EncPk-AFH [Sophos] Win32.SuspectCrc [Ikarus] |
| 10 | %Temp%\sinowal11_+20120729-05 | 51,712 bytes | MD5: 0x4FAA9224D37CDAB80066C2C49C4CEEA1 SHA-1: 0x05FAE8DC2111ADE4802DD5D22C18C8CA411F2C74 |
Mal/EncPk-AFH [Sophos] |
| 11 | %Temp%\sinowal11_+20120729-09 | 50,176 bytes | MD5: 0x0F76706B8BEBB7082B2786D8C524C979 SHA-1: 0x2C63D0236C61E9C04A593027ED90920EEC25BEE6 |
Mal/EncPk-AFH [Sophos] Win32.Sinowals [Ikarus] |
| 12 | %Temp%\sinowal11_+20120729-15 | 47,104 bytes | MD5: 0x27BBAE961BA0925543CA6FAAE8311C42 SHA-1: 0x1720E47F9F864433BADB49A88991F54D4ABDA2AB |
Mal/EncPk-AFH [Sophos] |
| 13 | %Temp%\sinowal11_+20120730-05 | 49,664 bytes | MD5: 0xB3EBE202081B0A96D84D4A966C17078C SHA-1: 0x244E1903A2C8BF4387057A36DD4DD1EF22725E9A |
Mal/EncPk-AFH [Sophos] |
| 14 | %Temp%\sinowal11_+20120730-09 | 51,200 bytes | MD5: 0x441B33567099EC057DF074F6EC1A8FE6 SHA-1: 0xC8DC91683AD074F0E0F39B27A77AF81B32A2E41A |
Mal/EncPk-AFH [Sophos] |
| 15 | %Temp%\sinowal11_+20120730-12 | 49,664 bytes | MD5: 0x040B8C4755CD3B0C167701DA207D8C18 SHA-1: 0x668570826359343CCC4863FEE2532403732AF931 |
Mal/EncPk-AFH [Sophos] |
| 16 | %Temp%\sinowal11_+20120730-15 | 52,224 bytes | MD5: 0x2F1F5E25A58046DD2B278A26AE985849 SHA-1: 0x06F4633349D3C57FDE96D8ABACAAF290C23F1571 |
Mal/EncPk-AFH [Sophos] Win32.Sinowals [Ikarus] |
| 17 | %Temp%\sinowal11_+20120730-16 | 16,032 bytes | MD5: 0x3C0DAA4883FC14C80DA8DF85E28EEF15 SHA-1: 0xD027CF2C847FFBD30087A52EC1D1C7E14BB2F740 |
(not available) |
| 18 | %Temp%\sinowal12_+20120730-04 | 77,233 bytes | MD5: 0xCE77A89D7E9E0F47512A51B724807494 SHA-1: 0x6946E087EC403BDE247CCAFA66A574AD1C1E8A9E |
Troj/EncProc-I [Sophos] |
| 19 | %Temp%\sinowal12_+20120730-09 | 77,233 bytes | MD5: 0x9EE29A8B405A100D5ED159BF785FE566 SHA-1: 0x5F27889D93809E9B65B6C13EBFB77ACF6977EB68 |
Troj/EncProc-I [Sophos] |
| 20 | %Temp%\sinowal12_+20120730-14 | 77,233 bytes | MD5: 0x743FCDF56D53934295A75D10833A1E8A SHA-1: 0xB242FCBD787C065CF2CFCE986B25E0F913CDED42 |
Troj/EncProc-I [Sophos] |
| 21 | %Temp%\sinowal12_+20120730-16 | 77,233 bytes | MD5: 0xE110095E2C609BCA320F32A563851A43 SHA-1: 0xA3FCAE8F927A310DB704186C6F4DD6E461364184 |
Troj/EncProc-I [Sophos] |
| 22 | %Temp%\sinowal3_+20120728-19 | 52,736 bytes | MD5: 0x6EB4501E793A83A2897FBAB636DEEDD4 SHA-1: 0x6F4D0A5AE3C57EC5F37D5A55ED083B614FE2B0E0 |
Trojan.Gen.2 [Symantec] Mal/EncPk-AFH [Sophos] Win32.SuspectCrc [Ikarus] |
| 23 | %Temp%\sinowal3_+20120729-04 | 49,664 bytes | MD5: 0x9A767FD425A4E45E19D37A0CDEE46C45 SHA-1: 0x24A9A9C8B82AB19BBF86E101015D7CFA9BD26E73 |
Mal/EncPk-AFH [Sophos] Win32.Sinowals [Ikarus] |
| 24 | %Temp%\sinowal3_+20120729-09 | 46,592 bytes | MD5: 0xE4C4945B0869B7BD53E2FDF2E61CA499 SHA-1: 0xAF657CC858FFC3AEF02CFDF1176704AA14ECFA70 |
Mal/EncPk-AFH [Sophos] |
| 25 | %Temp%\sinowal3_+20120729-16 | 50,688 bytes | MD5: 0x71F1D6714E8C1CDD8FF2A21020368431 SHA-1: 0xCEFAAE0A45214EFC7E85B82E9F5E8E2E1A4234CE |
Mal/EncPk-AFH [Sophos] |
| 26 | %Temp%\sinowal3_+20120730-04 | 50,176 bytes | MD5: 0x44E95CA365B26C21549BAC0EC8FE0A56 SHA-1: 0x86F564988705B44765964D1954A8096B811F29C0 |
Mal/EncPk-AFH [Sophos] |
| 27 | %Temp%\sinowal3_+20120730-09 | 50,688 bytes | MD5: 0x5C66A2EF937FE225AF815100926A5028 SHA-1: 0xA057AD247E611A2FE478143E3617F5E112239290 |
Mal/EncPk-AFH [Sophos] |
| 28 | %Temp%\sinowal3_+20120730-13 | 51,200 bytes | MD5: 0x2C48A810C4FACDCBDB1B52DA3E3CA12B SHA-1: 0x530351F6A6C3B7422C27005CDDA4CB3E8B2F4177 |
Mal/EncPk-AFH [Sophos] |
| 29 | %Temp%\sinowal3_+20120730-17 | 50,688 bytes | MD5: 0x0C8E345B0CE8C0019940751D9686B1E1 SHA-1: 0x43A322BADCBB1D0CBDB1C173FA8A5091B67CDAF2 |
Mal/EncPk-AFH [Sophos] |
| 30 | %Temp%\sinowal4_+20120728-21 | 50,176 bytes | MD5: 0xBA9C3C2681A194C3DACCE2875DB38DCD SHA-1: 0x4BC57CD3C6A6B94BC8072DD83B2B37134F723F84 |
Trojan.Gen.2 [Symantec] Mal/EncPk-AFH [Sophos] Win32.SuspectCrc [Ikarus] |
| 31 | %Temp%\sinowal4_+20120729-02 | 16,032 bytes | MD5: 0x9C497513C6D4850904EEF06E3ED6CE90 SHA-1: 0x96407C38460E26A748D881E36251CB17988C8CB3 |
(not available) |
| 32 | %Temp%\sinowal4_+20120729-05 | 51,200 bytes | MD5: 0xDAFA2F0FF959979F738281C9F485F818 SHA-1: 0x8C866214E20EE675910CD48E0AF13F4E577E4B88 |
Mal/EncPk-AFH [Sophos] |
| 33 | %Temp%\sinowal4_+20120729-11 | 51,712 bytes | MD5: 0x9C92AF47CE19E9D4179AE1F7CFD2B8F8 SHA-1: 0x02B1665001E75C4CD854061B7988A510A61E477F |
Mal/EncPk-AFH [Sophos] |
| 34 | %Temp%\sinowal4_+20120729-15 | 52,224 bytes | MD5: 0xFDB4715F30EAAD491AB8DC83E3D1AC3D SHA-1: 0x55F0A6D3D3AD327C066CBBCD74CE93C2CECF0BB1 |
Mal/EncPk-AFH [Sophos] Trojan-PWS.Win32.Sinowal [Ikarus] |
| 35 | %Temp%\sinowal4_+20120730-05 | 48,128 bytes | MD5: 0x56664967A9BF3AD7CADAB3EDD81DCC92 SHA-1: 0xDEFCCC6017310A5C28A717817724EB7A36F124C4 |
Mal/EncPk-AFH [Sophos] |
| 36 | %Temp%\sinowal4_+20120730-08 | 47,616 bytes | MD5: 0x3A2E171F8D40502DB922036BF3101117 SHA-1: 0x09E94C2B093BD97A0169F2CD02D0329E5DFE49D0 |
Mal/EncPk-AFH [Sophos] |
| 37 | %Temp%\sinowal4_+20120730-13 | 50,688 bytes | MD5: 0x9A332C7ED22C5F94D54002512F2CF203 SHA-1: 0xF4C8E7428D9F67AC3B4A380FF2F619787953368B |
Mal/EncPk-AFH [Sophos] |
| 38 | %Temp%\sinowal4_+20120730-15 | 51,200 bytes | MD5: 0x68FCEE2EE721D618CBF272B257016564 SHA-1: 0xB4EBEB6C87DDBCF910CBC29F443B3BA15AE2C925 |
Mal/EncPk-AFH [Sophos] Win32.Sinowals [Ikarus] |
| 39 | %Temp%\sinowal5_+20120728-21 | 50,176 bytes | MD5: 0xD9DF4AD0E97E0C379819DE2195831C4D SHA-1: 0x6B38CB7ABC7BACBBD4F02F61EC36967317E92DDC |
Trojan.Gen.2 [Symantec] Mal/EncPk-AFH [Sophos] Win32.SuspectCrc [Ikarus] |
| 40 | %Temp%\sinowal5_+20120729-01 | 51,200 bytes | MD5: 0xCD2200B312CF7C53116717B61042236C SHA-1: 0xC5737F5D087F715B4CAB695D9103929252565B7C |
Mal/EncPk-AFH [Sophos] Trojan-PWS.Win32.Sinowal [Ikarus] |
| 41 | %Temp%\sinowal5_+20120729-06 | 52,224 bytes | MD5: 0x4805A72B3A70CB62EA4BE1D0BB4D4ED6 SHA-1: 0x714A1E6FCCED3B54ED0793C64D59460417284246 |
Mal/EncPk-AFH [Sophos] |
| 42 | %Temp%\sinowal5_+20120729-16 | 48,640 bytes | MD5: 0x37C8C6B167E912F24F22418BC779720F SHA-1: 0x22D3F34D8F0F4697F2DB3AA232F2B5C41FAE48CA |
Mal/EncPk-AFH [Sophos] |
| 43 | %Temp%\sinowal5_+20120730-05 | 49,152 bytes | MD5: 0x44C102BFBD4BF9FE16E8E2CF84346AFF SHA-1: 0x84029872310314052106D714FD49FB0F7E56A729 |
Mal/EncPk-AFH [Sophos] |
| 44 | %Temp%\sinowal5_+20120730-10 | 50,176 bytes | MD5: 0x9D1091E0E852A245718B2A3ED9F675AA SHA-1: 0x1F24F5E5425A239D4528372C0F4C5FE1CAC20D16 |
Mal/EncPk-AFH [Sophos] |
| 45 | %Temp%\sinowal5_+20120730-13 | 50,176 bytes | MD5: 0x991B1A2D1ADF76AF2FCA2D7633156DA4 SHA-1: 0xBA0CB3E7D58A5AF5D2C16696A91EE1429FFC1076 |
Mal/EncPk-AFH [Sophos] |
| 46 | %Temp%\sinowal5_+20120730-16 | 51,200 bytes | MD5: 0x42259A4D6389C50A1EFAA958484BF5B6 SHA-1: 0x88467228734C7C9824E9D2FBE605113FA07B6D8E |
Mal/EncPk-AFH [Sophos] |
| 47 | %Temp%\sinowal6_+20120729-02 | 16,032 bytes | MD5: 0x08822E5AAE2F74841E7E74D6F5CBA3F1 SHA-1: 0x49751A488A78E4B37A5E7095B6527DDBC38F8520 |
(not available) |
| 48 | %Temp%\sinowal6_+20120729-04 | 51,200 bytes | MD5: 0x70A2213B8CDF149A90E6D00F31CD806F SHA-1: 0xE0B27A93D740C0A072994797AF4261474D0FF103 |
Mal/EncPk-AFH [Sophos] Win32.Sinowals [Ikarus] |
| 49 | %Temp%\sinowal6_+20120729-10 | 50,688 bytes | MD5: 0xE6301A9727C033E37162A724C7385629 SHA-1: 0xA4CA47D8CE45D0293F5A4DE0C465DE770CA7224F |
Mal/EncPk-AFH [Sophos] |
| 50 | %Temp%\sinowal6_+20120729-12 | 50,688 bytes | MD5: 0x92B59620F55C860A8F33CA119EF8D28E SHA-1: 0x357FD19A988024AA4C7228A380DAE38059F8D063 |
Mal/EncPk-AFH [Sophos] |
| 51 | %Temp%\sinowal6_+20120730-04 | 53,760 bytes | MD5: 0xE837A7F8687208F8A41DF04BAC3FD933 SHA-1: 0x13E5814ECA95EAB157BE32C65A7134D698F374F5 |
Mal/EncPk-AFH [Sophos] |
| 52 | %Temp%\sinowal6_+20120730-07 | 50,688 bytes | MD5: 0x3E19D4C0243FBEEB46A26F834C4ED141 SHA-1: 0x127816C0183DB8DBCD32C3458C351316E75429AA |
Mal/EncPk-AFH [Sophos] |
| 53 | %Temp%\sinowal6_+20120730-13 | 50,176 bytes | MD5: 0x8513BBD8CB25DE4BB5FDD99ED5A24AA0 SHA-1: 0xC190EC0AE6CB3F7E16BA035D3E4DCB48A26FE390 |
Mal/EncPk-AFH [Sophos] |
| 54 | %Temp%\sinowal6_+20120730-16 | 49,152 bytes | MD5: 0x5926B5C9EDBB3C0FA1898817483E220F SHA-1: 0x452AA4C6C1B59BA11ED607BDF696393DA50A1DF1 |
Mal/EncPk-AFH [Sophos] |
| 55 | %Temp%\sinowal7_+20120728-20 | 52,224 bytes | MD5: 0xCB4DB2A3EAD1BEA371185BBA01EF825E SHA-1: 0xBE7C2A712206975EFEA598D1C799DFBCA661D46D |
Trojan.Gen.2 [Symantec] Mal/EncPk-AFH [Sophos] Win32.SuspectCrc [Ikarus] |
| 56 | %Temp%\sinowal7_+20120729-04 | 52,736 bytes | MD5: 0x406557E5EDFAC6040368CA99EB922705 SHA-1: 0xECD1F358BCB65B665F64C991965623FE496514FC |
Mal/EncPk-AFH [Sophos] |
| 57 | %Temp%\sinowal7_+20120729-06 | 52,736 bytes | MD5: 0xF7E28B5F5105A48BF6C1DD9AED77A41D SHA-1: 0x2499242152643AE2BEBD9146642CB99DF12235E8 |
Mal/EncPk-AFH [Sophos] |
| 58 | %Temp%\sinowal7_+20120729-16 | 49,152 bytes | MD5: 0x8DF6F9792B3D9B0A64A0CB1F70BAD8FF SHA-1: 0x1EC604A35C96EAE9107D43F815B6A84C13B93AAD |
Mal/EncPk-AFH [Sophos] |
| 59 | %Temp%\sinowal7_+20120730-04 | 48,640 bytes | MD5: 0x67ADF846D68B5932DA8B5DD003DE4A91 SHA-1: 0x6D2CDF359E22EF488ADF2066005B0DB45B51D8A0 |
Mal/EncPk-AFH [Sophos] |
| 60 | %Temp%\sinowal7_+20120730-09 | 52,224 bytes | MD5: 0x1038027B08480812CC39700820F225AD SHA-1: 0x4C9ADC24B5D1E00DDC13718D636A8A1E3D930330 |
Mal/EncPk-AFH [Sophos] |
| 61 | %Temp%\sinowal7_+20120730-14 | 51,712 bytes | MD5: 0xADF44B2A183B4294B0505C2A37E4481B SHA-1: 0xEA85D16603F634C7726D7ECC077017645B4B4B73 |
Mal/EncPk-AFH [Sophos] Win32.Sinowals [Ikarus] |
| 62 | %Temp%\sinowal7_+20120730-17 | 50,176 bytes | MD5: 0x154418AF78DD460D813DDBFA34D2FA45 SHA-1: 0xCE6BCB76D8399D078ED57C7C64F2A7CC69DCFFB9 |
Mal/EncPk-AFH [Sophos] |
| 63 | %Temp%\sinowal8_+20120728-21 | 47,616 bytes | MD5: 0x2B11785B4E0EB65B92B7C10E99FC0578 SHA-1: 0x04A2BE0C9484C3ED2AF0E4599301399B3CA6D87B |
Trojan.Gen.2 [Symantec] Mal/EncPk-AFH [Sophos] Win32.SuspectCrc [Ikarus] |
| 64 | %Temp%\sinowal8_+20120729-01 | 51,200 bytes | MD5: 0x1F23352A5920313350B268FEC879AF06 SHA-1: 0x9E645BC4090CC241923BEC8B8A0E34506D6059FA |
Mal/EncPk-AFH [Sophos] |
| 65 | %Temp%\sinowal8_+20120729-11 | 52,224 bytes | MD5: 0xA862DD444D8E955CACF028E3711CE86A SHA-1: 0x4B95F933E27F2610A4DF67211CA864FBEC5360EB |
Mal/EncPk-AFH [Sophos] |
| 66 | %Temp%\sinowal8_+20120729-16 | 49,152 bytes | MD5: 0xAF31B4DFA7A50F7730493FB7B2D6746A SHA-1: 0x919C710D1A771CE96D243785D1AC775011492263 |
Mal/EncPk-AFH [Sophos] |
| 67 | %Temp%\sinowal8_+20120730-04 | 48,128 bytes | MD5: 0xD825EE56457105B5AE8425AC823F6375 SHA-1: 0x26D33D0D36DAFAFC126E2739EADA9CAB301554CF |
Mal/EncPk-AFH [Sophos] |
| 68 | %Temp%\sinowal8_+20120730-10 | 48,640 bytes | MD5: 0x8C02D3A64A252E98472DBF3D557D0A02 SHA-1: 0xA5F021A4B9C97750C824D7B24254EC2424D82281 |
Mal/EncPk-AFH [Sophos] |
| 69 | %Temp%\sinowal8_+20120730-12 | 49,152 bytes | MD5: 0xD193845CAB3BBD94BE8C724DF940914C SHA-1: 0x20DB695577869074BC3513856D23087C55EF8169 |
Mal/EncPk-AFH [Sophos] Trojan-PWS.Win32.Sinowal [Ikarus] |
| 70 | %Temp%\sinowal8_+20120730-17 | 51,200 bytes | MD5: 0x7E7545D235EC4BD69BB19D9E9D3B9311 SHA-1: 0x3D9B4B3B7A798D088E1FE4F52577BD9808CC5D9A |
Mal/EncPk-AFH [Sophos] |
| 71 | [file and pathname of the sample #1] | 2,024,445 bytes | MD5: 0x50868E3FAB50012CB4EAFD42622DC7D7 SHA-1: 0x933C785E62465CB4580A0A90365BB40A16BAF6D3 |
Win32.SuspectCrc [Ikarus] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [generic host process] | [generic host process filename] | 45,056 bytes |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.