| Visit ThreatExpert web site | | | Close Report |
[Kaspersky Lab] [Ikarus]| What's been found | Severity Level |
| Contains characteristics of an identified security risk. |  |
NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.
 | Possible Security Risk |
| Threat Category | Description |
 |
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 |
%Temp%\setup_C.CMD
%Temp%\shfmi3\setup_C.CMD |
50 bytes | MD5: 0x8D34B98F7CBDAF2BB87EC10849BC9C65 SHA-1: 0xCD8E7F369BFCC415F1914F02DC1E01895BAB4376 |
(not available) |
| 2 |
%Temp%\setup_D.CMD
%Temp%\shfmi3\setup_D.CMD |
50 bytes | MD5: 0x1F2A4406A999173D5F9EB0DD66FD9500 SHA-1: 0xA6C13232A6A66BD429F5FF4DEA7839DBC4EC4B02 |
(not available) |
| 3 | %Temp%\shfmi3\madCHook License.txt | 6,212 bytes | MD5: 0xDE0F394D3688780F92A24A586C0381E9 SHA-1: 0x4110A77AEE157C3624AF08955858AFF9C19BE250 |
(not available) |
| 4 |
%Temp%\shfmi3\madCHook.dll
|
126,464 bytes | MD5: 0x369D077A89A03823DEBF94ED5E0DFCD1 SHA-1: 0xA14BDC948373E84B24798E20A7E91D59AD67C8BA |
(not available) |
| 5 | %Temp%\shfmi3\shfmi.exe | 15,872 bytes | MD5: 0x89A739F26A9DD2009E4B89F9AB2D510A SHA-1: 0x78B40316177750CB5ED6EAF8FD7053C7EF7032B8 |
Trojan Horse [Symantec] Trojan.Win32.Delf.orh [Kaspersky Lab]Generic.dx!tgn [McAfee] Trojan-Dropper.Delf [Ikarus]Win-Trojan/Xema.variant [AhnLab] |
| 6 | %Temp%\shfmi3\shfres.dll | 14,848 bytes | MD5: 0xE341E3BABD8C1AA0F9AFD2F1DFDA88B3 SHA-1: 0x8D5668854322B4B323EF8CF36CFDC1D2CFCA1DFA |
packed with UPX [Kaspersky Lab] |
| 7 | %Temp%\shfmi3\????.html | 3,576 bytes | MD5: 0x8FD8E066D5849846E0DE5494220D9E89 SHA-1: 0xBCBCBD8E19B62B96EC42F15FC4DA4A66383D905C |
(not available) |
| 8 | %Temp%\shfmi3\???w??DLL?{??.exe | 111,489 bytes | MD5: 0xB9F86D9C6D6AB22945E35AF949005FF5 SHA-1: 0x14EE5B12074C3504CDF3875588577A64554AC300 |
(not available) |
| 9 | %Temp%\shfmi3\????.txt | 697 bytes | MD5: 0x402717555F7D6530E9BE4A45C889132B SHA-1: 0x7FAB92952AD1AACFC419FB77D37A6B4A2FEF73DB |
(not available) |
| 10 | [file and pathname of the sample #1] | 161,179 bytes | MD5: 0x65C3785447A67A7BFB761C91420AEB25 SHA-1: 0x657997232EC0FF5629A1211DC7F61723BA681408 |
Trojan.Win32.Delf.orh [Kaspersky Lab] Trojan-Dropper.Delf [Ikarus] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [generic host process] | [generic host process filename] | 20,480 bytes |
| shfmi.exe | %Temp%\shfmi3\shfmi.exe | 57,344 bytes |
| ???w??DLL?{??.exe | %Temp%\shfmi3\???w??DLL?{??.exe | 143,360 bytes |
| ????w??dll?{??.exe | %Temp%\shfmi3\????w??dll?{??.exe | 143,360 bytes |
 | Other details |
 |
Taiwan |
 |
China |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.