ThreatExpert Report: Virus.Win32.Heur

Technical Details:

File System Modifications

The following files were created in the system:

Filename(s)

File Size

File Hash

Alias

%Temp%\7z.dll

914,432 bytes

MD5: 0x04AD4B80880B32C94BE8D0886482C774
SHA-1: 0x344FAF61C3EB76F4A2FB6452E83ED16C9CCE73E0

(not available)

%Temp%\archdata.zip

76,000 bytes

MD5: 0x5F41FB5EC97EE14C95E8B8020C668C5D
SHA-1: 0x9D3C50CC2458479270DDD91193D3DEC566290420

(not available)

%Temp%\archive.xml

9,388 bytes

MD5: 0xA9FE58437CD4858939B927A5553CCEDD
SHA-1: 0xAB0BC5927EB434DE6402F16747ADF7EFCC570C4E

(not available)

%Temp%\dw.log

76 bytes

MD5: 0xDF02A70442BC200184BCCA8FA677BC27
SHA-1: 0xBAFDDC12F958FB1C8660A241C79C71B46A39682C

(not available)

%Temp%\icon

25,214 bytes

MD5: 0xE8201D6DD359C84694029F91442E512F
SHA-1: 0x74759C60AB5FCDB37072F9742CA385D5702D6956

(not available)

%Temp%\image

78,271 bytes

MD5: 0x619771E6376256C348F7D124F5C30FA0
SHA-1: 0x1D6E6CA218B862CBC0C7A23514BA400CBD99CF31

(not available)

%Temp%\main.xml

10,641 bytes

MD5: 0xDC06BD25F09A94A709987E26A14B625D
SHA-1: 0xB979A99E1C6E695B6E27A7954D65A10337E5CD43

(not available)

%Temp%\[filename of the sample #1]

2,432,272 bytes

MD5: 0x4F9563E140431C45F86BDCE35D9465DA
SHA-1: 0x6BC757F2D33ACD570D04C32C184ECF6116F35503

Virus.Win32.Heur

[Ikarus]

[file and pathname of the sample #1]

2,579,350 bytes

MD5: 0x73C26B7C6D859BAB81ED17512656400E
SHA-1: 0x82636C0DC15B0868AA7AF34F2994674C495EDE82

(not available)

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Memory Modifications

There were new processes created in the system:

Process Name

Process Filename

Main Module Size

[filename of the sample #1]

%Temp%\[filename of the sample #1]

638,976 bytes

DW20.EXE

C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE

794,624 bytes

Other details

The following Host Names were requested from a host database:

0x558fbf3a
wpad.mrc.pctools.com.
xsp.zip-archive.com

The following GET request was made:

wpad.dat

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Submission Summary:

Technical Details: