Submission Summary:

What's been foundSeverity Level
Creates a startup registry entry.
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Security RiskDescription
Email-Worm.Brontok!sd5 Email-Worm.Brontok!sd5 is a mass-mailing application that propagates from one system to another by creating a new email message, attaching itself and then sending the message without user's consent.
Backdoor.SdBot.BXR Backdoor.SdBot.BXR installs itself into the registry forcing it to run with windows. It provides a backdoor server which allows a remote intruder to gain access and control over the computer. It spreads via MSN Messenger and sends a message containing a link enticing users to download the worm to all contacts of an infected machine.
Adware.Component.Unrelated These common components have files and keys that are in different threats but the threats are not related to one another in that the author of the signature is not the same. It is recommended that all these entries be removed.

Threat CategoryDescription
A network-aware worm that attempts to replicate across the existing network(s)

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %MyDocuments%\About FeeLCoMz.V1.Htm
%MyDocuments%\My Pictures\Wallpaper %UserName%.Htm
%Programs%\About FeeLCoMz.V1.Htm
%Windir%\FeeLCoMz.V1.Htm
444 bytes MD5: 0xF27DC86C10553E1D4608A9EBDF3308CD
SHA-1: 0xE09468D43F8796E145094AB3CCAE6AB8FF0927E5
(not available)
2 %MyDocuments%\FeeLCoMz CoMMuNiTy\Apa itu FeeLCoMz CoMMuNiTy.exe
%MyDocuments%\FeeLCoMz CoMMuNiTy\CyBeRz@AllNetwork.Org.exe
%MyDocuments%\FeeLCoMz CoMMuNiTy\FaTaLisTiCz_Fx@Yahoo.Com.exe
%MyDocuments%\FeeLCoMz CoMMuNiTy\ViRuZ@AllNetwork.Org.exe
%MyDocuments%\FeeLCoMz CoMMuNiTy.exe
%MyDocuments%\My eBooks\Apa itu My eBooks.exe
%MyDocuments%\My Music\Apa itu My Music.exe
%MyDocuments%\My Pictures\Apa itu My Pictures.exe
%MyDocuments%\Rahasia %UserName%.exe
%Programs%\Startup\Hardware Monitor.exe
c:\Rahasia %UserName% 05-11.exe
%Windir%\system\lsass.exe
%Windir%\system\svchost.exe
%System%\1025\Apa itu 1025.exe
%System%\1028\Apa itu 1028.exe
%System%\1031\Apa itu 1031.exe
%System%\1033\Apa itu 1033.exe
%System%\1037\Apa itu 1037.exe
%System%\1041\Apa itu 1041.exe
%System%\1042\Apa itu 1042.exe
%System%\1054\Apa itu 1054.exe
%System%\2052\Apa itu 2052.exe
%System%\3076\Apa itu 3076.exe
%System%\3com_dmi\Apa itu 3com_dmi.exe
%System%\CatRoot\Apa itu CatRoot.exe
%System%\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\Apa itu {127D0A1D-4EF2-11D1-8608-00C04FC295EE}.exe
%System%\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Apa itu {F750E6C3-38EE-11D1-85E5-00C04FC295EE}.exe
%System%\CatRoot2\Apa itu CatRoot2.exe
%System%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\Apa itu {127D0A1D-4EF2-11D1-8608-00C04FC295EE}.exe
%System%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Apa itu {F750E6C3-38EE-11D1-85E5-00C04FC295EE}.exe
%System%\Com\Apa itu Com.exe
%System%\dhcp\Apa itu dhcp.exe
%System%\DirectX\Apa itu DirectX.exe
%System%\DirectX\Dinput\Apa itu Dinput.exe
%System%\dllcache\Apa itu dllcache.exe
%System%\drivers\Apa itu drivers.exe
%System%\drivers\disdn\Apa itu disdn.exe
%System%\drivers\etc\Apa itu etc.exe
%System%\drivers\etc\Host.com
%System%\export\Apa itu export.exe
%System%\GroupPolicy\Adm\Apa itu Adm.exe
%System%\GroupPolicy\Apa itu GroupPolicy.exe
%System%\GroupPolicy\Machine\Apa itu Machine.exe
%System%\GroupPolicy\User\Apa itu User.exe
%System%\ias\Apa itu ias.exe
%System%\icsxml\Apa itu icsxml.exe
%System%\IME\Apa itu IME.exe
%System%\IME\CINTLGNT\Apa itu CINTLGNT.exe
%System%\IME\PINTLGNT\Apa itu PINTLGNT.exe
%System%\IME\TINTLGNT\Apa itu TINTLGNT.exe
%System%\inetsrv\Apa itu inetsrv.exe
%System%\Macromed\Apa itu Macromed.exe
%System%\Macromed\Flash\Apa itu Flash.exe
%System%\Microsoft\Apa itu Microsoft.exe
%System%\MsDtc\Apa itu MsDtc.exe
%System%\MsDtc\Trace\Apa itu Trace.exe
%System%\mui\0009\Apa itu 0009.exe
%System%\mui\0401\Apa itu 0401.exe
%System%\mui\0402\Apa itu 0402.exe
%System%\mui\0404\Apa itu 0404.exe
%System%\mui\0405\Apa itu 0405.exe
%System%\mui\0406\Apa itu 0406.exe
%System%\mui\0407\Apa itu 0407.exe
%System%\mui\0408\Apa itu 0408.exe
%System%\mui\0409\Apa itu 0409.exe
%System%\mui\040b\Apa itu 040b.exe
%System%\mui\040C\Apa itu 040C.exe
%System%\mui\040D\Apa itu 040D.exe
%System%\mui\040e\Apa itu 040e.exe
%System%\mui\0410\Apa itu 0410.exe
%System%\mui\0411\Apa itu 0411.exe
%System%\mui\0412\Apa itu 0412.exe
%System%\mui\0413\Apa itu 0413.exe
%System%\mui\0414\Apa itu 0414.exe
%System%\mui\0415\Apa itu 0415.exe
%System%\mui\0416\Apa itu 0416.exe
%System%\mui\0418\Apa itu 0418.exe
%System%\mui\0419\Apa itu 0419.exe
%System%\mui\041a\Apa itu 041a.exe
%System%\mui\041b\Apa itu 041b.exe
%System%\mui\041D\Apa itu 041D.exe
%System%\mui\041e\Apa itu 041e.exe
%System%\mui\041f\Apa itu 041f.exe
%System%\mui\0424\Apa itu 0424.exe
%System%\mui\0425\Apa itu 0425.exe
%System%\mui\0426\Apa itu 0426.exe
%System%\mui\0427\Apa itu 0427.exe
%System%\mui\0804\Apa itu 0804.exe
%System%\mui\0816\Apa itu 0816.exe
%System%\mui\0C0A\Apa itu 0C0A.exe
%System%\mui\Apa itu mui.exe
%System%\mui\dispspec\Apa itu dispspec.exe
%System%\npp\Apa itu npp.exe
%System%\oobe\Apa itu oobe.exe
%System%\ras\Apa itu ras.exe
%System%\ReinstallBackups\0000\Apa itu 0000.exe
%System%\ReinstallBackups\0000\DriverFiles\Apa itu DriverFiles.exe
%System%\ReinstallBackups\0000\DriverFiles\i386\Apa itu i386.exe
%System%\ReinstallBackups\Apa itu ReinstallBackups.exe
%System%\Restore\Apa itu Restore.exe
61,440 bytes MD5: 0x6C08BD41F70D51662DF04EB4ECD2F9EE
SHA-1: 0x1E75F3F14DE56B34D503CB92426957999A310F4D
W32.Rontokbro@mm [Symantec]
Email-Worm.Win32.Brontok.u [Kaspersky Lab]
W32/Rontokbro.gen@MM [McAfee]
Mal/VB-F, Mal/VB-F, Mal/VB-F [Sophos]
Virus.Win32.Kangen [Ikarus]
Win32/Brontok.worm.61440.B [AhnLab]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
svchost.exe%Windir%\system\svchost.exe65,536 bytes
lsass.exe%Windir%\system\lsass.exe65,536 bytes
Winzip.exe%System%\winzip.exe65,536 bytes

 

Registry Modifications

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.