ThreatExpert Report: Java.Trojan.SMSSend, JAVA.Agent, JAVA.SMSSend, Trojan.Gen.2, Generic.dx!bf3g

Submission Summary:

Submission details:

Submission received: 5 August 2012, 05:42:39
Processing time: 9 min 25 sec
Submitted sample:

File MD5: 0x81AC25D24429671A95BAF8E62CF48709
File SHA-1: 0xFD68F69515ABD2BDEE5FACF54DB979B142AC33BB
Filesize: 69,463 bytes
Alias: Java.Trojan.SMSSend [Ikarus]

Summary of the findings:

What's been found	Severity Level
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\a.class	2,695 bytes	MD5: 0xB710CF154BF86FF0DD2E513A1AD99585 SHA-1: 0x2D1099B1A1ABCA5F7B1BB752C2C38B655FC96DB6	(not available)
2	%Temp%\AppInstaller\a.class	571 bytes	MD5: 0xCF675B35A220A80541C3F9BEB301777B SHA-1: 0xF08240C8F123A2D47431D1651E11DAEBD7998F1D	(not available)
3	%Temp%\AppInstaller\b.class	3,746 bytes	MD5: 0xACC2BD15848E1B9481B76ACAA9472D53 SHA-1: 0x918AA8661C90DCB1F260067DB6085B8C6FF42A65	JAVA.Agent [Ikarus]
4	%Temp%\AppInstaller\c.class	2,173 bytes	MD5: 0xCB9C7C74D49942EBFC3F9C31CE9DE25C SHA-1: 0x1ECF17DADAE94656099E3E72F9ED9997F61DEA94	JAVA.SMSSend [Ikarus]
5	%Temp%\AppInstaller\config.txt	15,808 bytes	MD5: 0x93261CD9653CAF64CDE15F132DD68A4B SHA-1: 0x282CC3334A2C5D3B9DBFD6D9D68C16DB05A9AF11	(not available)
6	%Temp%\AppInstaller\d.class	1,947 bytes	MD5: 0x5C2AD92FED6A9188A9EB4C51E6297E25 SHA-1: 0xB2F0C5B12CE5CEA233590E3889913BBADFC61CF1	(not available)
7	%Temp%\AppInstaller\e.class	4,259 bytes	MD5: 0x297C516AF593A04A45217861D19C5217 SHA-1: 0x2A45FC8A15045F3CED7DF3645E575A56E3E9AE2B	(not available)
8	%Temp%\AppInstaller\f.class	1,481 bytes	MD5: 0xC35D6186C55DAEF64C16D341AA4AF7D9 SHA-1: 0xE9B6E46D24273ABB98F3BBC0869A93C88AC3DA11	(not available)
9	%Temp%\AppInstaller\g.class	214 bytes	MD5: 0x569DD2784DA76D308B11555BD1C8A1BB SHA-1: 0x9A7BDCAC1DFA9258641C51C9C57D6CC70B89E0B7	(not available)
10	%Temp%\AppInstaller\h.class	855 bytes	MD5: 0xE0224BFC24B4A069E4ADDA91A0BB9F6A SHA-1: 0x49C28EADAF3875029F6D89CAC58EA242A86A3DE3	(not available)
11	%Temp%\AppInstaller\i.class	1,766 bytes	MD5: 0xEFA8A6AB5FE2E746123F1D33036F7902 SHA-1: 0x4166E8BCA6C8DFE211414082782FCBDFA8936C13	(not available)
12	%Temp%\AppInstaller\icon.png	3,556 bytes	MD5: 0xAD2A86F4F8151FEC6C79FA7817C8F42C SHA-1: 0x2C33DFE3EE5176A58B852E0EDB7843298C1470AE	(not available)
13	%Temp%\AppInstaller\InstallerMIDlet.class	21,234 bytes	MD5: 0x5D9F12C21E597AB71B5635EC7594D5D2 SHA-1: 0x37C6757232F936E019C5B25789FCE4D9F66CBC78	Trojan.Gen.2 [Symantec] Generic.dx!bf3g [McAfee] Java.Trojan.SMSSend [Ikarus]
14	%Temp%\AppInstaller\j.class	2,286 bytes	MD5: 0xB692989EB2811801E922319DB161F7CF SHA-1: 0x29F566265392176D903BE398D1F92FCA572A748F	(not available)
15	%Temp%\AppInstaller\k.class	5,314 bytes	MD5: 0xF2885EE07C223A66B2EEAB18D81F4673 SHA-1: 0x6F74A50A6E7CF8FD5DE8A2F665A08302C61D9EAF	(not available)
16	%Temp%\AppInstaller\l.class	1,371 bytes	MD5: 0x588EEACF9D16CB2D97897ABBCFA87454 SHA-1: 0x0B26F8A23850ACAE0221F29247A51D377C53C2EA	(not available)
17	%Temp%\AppInstaller\m.class	210 bytes	MD5: 0x13609F43D664331DDFFE1FD8205D987B SHA-1: 0x820EA43FB431014FC9036D6B0FE0FC15BA95BF91	(not available)
18	%Temp%\AppInstaller\member.txt %Temp%\AppInstaller\numbers.cfg	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
19	%Temp%\AppInstaller\n.class	1,823 bytes	MD5: 0x2F519A8A18297AF2ADCBF9DC233C1597 SHA-1: 0x042A85D8679189352FB1353652D87E1DCA079F28	(not available)
20	%Temp%\AppInstaller\o.class	1,075 bytes	MD5: 0x082233BCCA55CDB7AF9ABCAA56645B5D SHA-1: 0x3912CABE75356CEBBDB2286B4D6BDA79B39D3B49	(not available)
21	%Temp%\AppInstaller\oplist.txt	232 bytes	MD5: 0x08F4D6D8259B8D654DCD81C8AAE7B563 SHA-1: 0xFE61CFAEB2BA9F06719D7F58A02FD636015DB0EC	(not available)
22	%Temp%\AppInstaller\p.class	1,285 bytes	MD5: 0x08BE63AEE1A69722F6011B9831A7C6EB SHA-1: 0xF5F285FAE32C9C1369A187CA0CFDAF22E263777D	(not available)
23	%Temp%\AppInstaller\q.class	4,551 bytes	MD5: 0x1326BBADE373FB8276BC87B0B575F0FB SHA-1: 0x431A024897FE197A2147D78B8A274E6A3E6966C5	(not available)
24	%Temp%\AppInstaller\r.class	2,231 bytes	MD5: 0xC5A96F1323F45DCC30F0EB0DED4D9F73 SHA-1: 0x1A57A0261B122B176A92B22084605C67D888A3BE	(not available)
25	%Temp%\AppInstaller\res\error.png	3,204 bytes	MD5: 0x85E9D47AC7ED0562ECD18E5706DE9857 SHA-1: 0xC40F564F2E97C684A39D6415EC2983751F5572A3	(not available)
26	%Temp%\AppInstaller\res\hourglass.png	2,012 bytes	MD5: 0x268D589B84DB34D32D620BE5B0A2EFB0 SHA-1: 0x97ADE7B197BEE91507D28368418D7C3DD782EFE9	(not available)
27	%Temp%\AppInstaller\rules\default\rules.txt	12,162 bytes	MD5: 0x36F88BE4BF4590219970C427ACEBC197 SHA-1: 0x7C52B10EC8A6134B2AE52FDDDA3F3E569995D9E4	(not available)
28	%Temp%\AppInstaller\smsc.txt	898 bytes	MD5: 0x5D5F9AAA6D5E1615B8DF036EAA19753E SHA-1: 0x6D73371D0A89E3B2D07A1A7EE849EC236A9C87D2	(not available)
29	%Temp%\AppInstaller\system.cfg	18 bytes	MD5: 0x7F30A131F14499BC86A2932368274B78 SHA-1: 0x3D751A8FFF53CD0B49ADC9CB884DC822D5616C8F	(not available)
30	%Temp%\AppInstaller\text\1.txt %Temp%\AppInstaller\text\2.txt %Temp%\AppInstaller\text\3.txt %Temp%\AppInstaller\text_ru_megafon\1.txt %Temp%\AppInstaller\text_ru_megafon\2.txt %Temp%\AppInstaller\text_ru_megafon\3.txt	117 bytes	MD5: 0xA06202F7ABFD41B8BC510E039667C625 SHA-1: 0x9CEA901AAB4E7366EA3EA0487804CAB4BD4B18A4	(not available)
31	%Temp%\AppInstaller\text\cancel.txt %Temp%\AppInstaller\text_ru_megafon\cancel.txt	232 bytes	MD5: 0x1EF5E4B40E20F128D7DE28274B9E75EF SHA-1: 0x6AE58E6D22093A079984FE7391ED946ABBC71595	(not available)
32	%Temp%\AppInstaller\text\clickerAutoLoading.txt %Temp%\AppInstaller\text_ru_megafon\clickerAutoLoading.txt	70 bytes	MD5: 0xDCDA019715EA34955786DD7B987A7CAB SHA-1: 0xB237D2F90CB93398CBC41DD20CCFE953D0BA6D94	(not available)
33	%Temp%\AppInstaller\text\clickerFinal.txt %Temp%\AppInstaller\text_ru_megafon\clickerFinal.txt	452 bytes	MD5: 0xC434FF0B79FFDB45A1C3D270B0090B38 SHA-1: 0x766BB9AD3298FCE35D98AE309289C317FB250890	(not available)
34	%Temp%\AppInstaller\text\clickerFirstScreen.txt %Temp%\AppInstaller\text_ru_megafon\clickerFirstScreen.txt	171 bytes	MD5: 0xFC7D1145ADB7A27326B3E9D96E956F6C SHA-1: 0xD4721580A807D89C9C3B97397DE092D91C932C0C	(not available)
35	%Temp%\AppInstaller\text\clickerLoading.txt %Temp%\AppInstaller\text_ru_megafon\clickerLoading.txt	111 bytes	MD5: 0xEB111C3C2EFF26C39804A7A0CF72FA00 SHA-1: 0xA448C286679653DA774DA1878966D215C31ABA17	(not available)
36	%Temp%\AppInstaller\text\clickerProgress.txt %Temp%\AppInstaller\text_ru_megafon\clickerProgress.txt	1,177 bytes	MD5: 0x34858EB1C9726DB12CC2DAF1384304BA SHA-1: 0x51B8D6AE6277CE80D1824DBFAB38C3EEAB88DFA2	(not available)
37	%Temp%\AppInstaller\text\final.txt %Temp%\AppInstaller\text_ru_megafon\final.txt	374 bytes	MD5: 0xDFC8B88AF0F44B3BE21C1EDF04C65307 SHA-1: 0x12C2252E57D9177FAA923E41A367C2D6849C7859	(not available)
38	%Temp%\AppInstaller\text\firstScreen.txt	105 bytes	MD5: 0xA48CF7952D489139231A34D768C66862 SHA-1: 0x7526194395B5182412D78EBAFD88DFB3F4C744AF	(not available)
39	%Temp%\AppInstaller\text\loading.txt %Temp%\AppInstaller\text_ru_megafon\loading.txt	54 bytes	MD5: 0xC1DAD824025531C008A4BDE9090D9107 SHA-1: 0x439C63B3A2B786E0532CE4B847BCD486447BFDFF	(not available)
40	%Temp%\AppInstaller\text_ru_megafon\firstScreen.txt	67 bytes	MD5: 0x37BDDE750A1B5B3D157AE348355FE5E0 SHA-1: 0x166BB06883DD474EDC571FFE9B04DA2E7035F999	(not available)
41	%Temp%\AppInstaller\ui.cfg	1,015 bytes	MD5: 0x05BCF20DDF952A95A0843F228DAE6B5E SHA-1: 0x20A09D2A2079AAD0F1DE8F2A5A09DF9820D6EE99	(not available)
42	%Temp%\b.class	307 bytes	MD5: 0x991716233DBBAB75F8B5E1DCED41ADA1 SHA-1: 0x626309870A5B7E8D09C3C5725384A456C7A200CA	(not available)
43	%Temp%\c.class	135 bytes	MD5: 0x3B69F47D679D3791DEE7E6F35515F2CC SHA-1: 0xFB01F304168D47F62CA5B4B672295512CA7054DA	(not available)
44	%Temp%\d.class	5,800 bytes	MD5: 0x05EC1619B900B45D39AD0A985626FAF4 SHA-1: 0xFA420C44ACC8C8B3C7DFB1E684F78E7D3DDFE3D6	(not available)
45	%Temp%\e.class	347 bytes	MD5: 0xF0BDAC9052C3122B29532EA370998198 SHA-1: 0xC89F77AF0EF0F1A771C6E7783D36B4B3BB986890	(not available)
46	%Temp%\f.class	850 bytes	MD5: 0xE1B67A780413065F9C69D1C0FB36F901 SHA-1: 0xADFCA8B3ED3DF66AE0794445B361F06B64099790	(not available)
47	%Temp%\g.class	506 bytes	MD5: 0x487C5D61433003D9091A05C6F279CA0C SHA-1: 0x12E280B44F00E67E5F291258D6D3C99D555CA769	(not available)
48	%Temp%\h.class	3,014 bytes	MD5: 0x0C849286C2E8A0ADB3CBD9BAEED28533 SHA-1: 0xBEC4A6B435FB9A51AD93B58F0E061A7B4119E9AA	(not available)
49	%Temp%\i.class	241 bytes	MD5: 0x0647A28E544D4DBAF75F72B0D3C2027B SHA-1: 0x7B23FACBEB46D2147FFD5817CF8695499C741A68	(not available)
50	%Temp%\j.class	3,038 bytes	MD5: 0x086E340D07BCCF4AA48BF19CD925F822 SHA-1: 0x3EEAE4286F4DA08203CFF5768068A72B81C57017	(not available)
51	%Temp%\k.class	1,363 bytes	MD5: 0x13D6A3DC7807825F20F229B5E5448C5F SHA-1: 0x51484068A6DC5C6C03A42AF4B81EDB1D2C0A9565	(not available)
52	%Temp%\l.class	96 bytes	MD5: 0x53DF038BF57D40AE7AB87473ADED0B15 SHA-1: 0x5AB290D26C410CEFBE777D5987303A730A879644	(not available)
53	%Temp%\m.class	1,390 bytes	MD5: 0x7E130464FC900CFB3C7584944F9B0179 SHA-1: 0x8032DC8ABCAD102AA4B5AA58C6DA47C7C5C537D6	(not available)
54	%Temp%\META-INF\MANIFEST.MF	366 bytes	MD5: 0xA6F5439A576FB113E9E0C27F422E0DF3 SHA-1: 0x814535EFEB81B4998F4E3C30CC6A8696842C0990	(not available)
55	%Temp%\n.class	469 bytes	MD5: 0x3E35148A320252CF421893F755B3D94F SHA-1: 0xA2632660C35473380697E5280FE1EB4408D121C4	(not available)
56	%Temp%\o.class	224 bytes	MD5: 0x2DBF6556A20600C37A6F8ACB0C314A08 SHA-1: 0x0645E0E6B2634232DC3881901CDD778399C37F7D	(not available)
57	%Temp%\p.class	735 bytes	MD5: 0xB947FB13CF428449947FD7F011ADD0F9 SHA-1: 0x77D391A35769E9ACED39C463701EBC6B56E8267A	(not available)
58	[file and pathname of the sample #1]	69,463 bytes	MD5: 0x81AC25D24429671A95BAF8E62CF48709 SHA-1: 0xFD68F69515ABD2BDEE5FACF54DB979B142AC33BB	Java.Trojan.SMSSend [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\AppInstaller
%Temp%\AppInstaller\res
%Temp%\AppInstaller\rules
%Temp%\AppInstaller\rules\default
%Temp%\AppInstaller\text
%Temp%\AppInstaller\text_ru_megafon
%Temp%\META-INF

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.