Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Security RiskDescription
Rootkit.TDSS Rootkit.TDSS can hide the presence of any process on the infected machine in order to perform malicious actions without users knowledge

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\nvrxohnsev.tmp 180,736 bytes MD5: 0x6585660A3914079ECC7F964B87912747
SHA-1: 0xEC6B9FAFBA1F934E2600C752511C67E381167534
Packed.Generic.200 [Symantec]
Packed.Win32.Tdss.f [Kaspersky Lab]
Mal/EncPk-GR, Mal/EncPk-GR [Sophos]
Trojan.Win32.InternetAntivirus [Ikarus]
2 %System%\drivers\senekatnymdbsc.sys 113,152 bytes MD5: 0x3FD0C868E8FBCB6EDD849E6FE342624B
SHA-1: 0x948E020A0FDB6931F3466C430944DA6375205A85
Trojan:WinNT/Alureon.C [Microsoft]
3 %System%\senekakorduymb.dll 29,798 bytes MD5: 0x5AA85B76CA58B75B6594F8C5F8F66F19
SHA-1: 0x48B0A0FB3C71201BD21DB11B3D6555E460625A69
Packed.Generic.200 [Symantec]
Packed.Win32.Tdss.f [Kaspersky Lab]
Trojan-Downloader.Win32.Renos.AQ [Ikarus]
4 %System%\senekapxywyksp.dll 27,238 bytes MD5: 0x0053FCCFF6B2EBC6885C4BBA551976A1
SHA-1: 0x1DACEB4081A3152076642AD0F6B78061C56CAC62
Packed.Generic.200 [Symantec]
Packed.Win32.Tdss.f [Kaspersky Lab]
Trojan:Win32/Vundo.JC.dll [Microsoft]
Trojan.Win32.InternetAntivirus [Ikarus]
5 %System%\senekauetqxtiq.dll 87,142 bytes MD5: 0xBE1515AF0F1D1CCA2B46CA3F0BEB28F6
SHA-1: 0x0224FCDAD33227B7BAF635A23DC826919018CC3B
Packed.Generic.200 [Symantec]
Packed.Win32.Tdss.f [Kaspersky Lab]
Trojan:Win32/Sudiet.B [Microsoft]
Trojan-Downloader.Win32.Renos.AQ [Ikarus]
6 %System%\senekaynmkddec.dat 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]356,352 bytes

Process NameProcess FilenameAllocated Size
svchost.exe%System%\svchost.exe32,768 bytes
svchost.exe%System%\svchost.exe28,672 bytes

Driver NameDriver Filename
senekatnymdbsc.sys%System%\drivers\senekatnymdbsc.sys

 

Registry Modifications

 

Other details

Server NameServer PortConnect as UserConnection Password
78.26.144.21080(null)(null)
directitfast.com80(null)(null)
onseneka.net80(null)(null)
onseneka.com80(null)(null)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.