ThreatExpert Report: Trojan.Win32.Midgare, Trojan.ADH.2, BackDoor-CEP!b2p, Mal/Generic-L..

Submission Summary:

Submission details:

Submission received: 24 September 2012, 16:20:30
Processing time: 10 min 3 sec
Submitted sample:

File MD5: 0x8283E62AC14A23B02681DD1D8063EAC8
File SHA-1: 0x3365888A2B0B108F904E4972ACD6C51285D74005
Filesize: 372,090 bytes
Alias: Trojan.Win32.Midgare [Ikarus]

Summary of the findings:

What's been found	Severity Level
Contains characteristics of an identified security risk.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\BBB.nfo	34,401 bytes	MD5: 0xF7C63BAB45B4C09F5893817A74335607 SHA-1: 0x7A17FA71B2A632249904AA79E49EC457C8238785	(not available)
2	%Temp%\file_id.diz	3,467 bytes	MD5: 0xD4B060065ECD81129247C2E3EF1C3C7B SHA-1: 0xD8C72003A98722E735468F8FE0844E963EE1315D	(not available)
3	%Temp%\nFO Viewer.exe	33,792 bytes	MD5: 0x5B83B9E50B3442F4AC37BD62730E5D99 SHA-1: 0xB1E322F1901773BD5BC5D8A612F44BE7C3747E0C	packed with UPX [Kaspersky Lab]
4	%Temp%\Patch.exe	365,940 bytes	MD5: 0x48DFD981274D37197B7997DEDA1ECB2C SHA-1: 0x949BDCD11460DCE2FA18971CA58A573A0A294092	Trojan.ADH.2 [Symantec] BackDoor-CEP!b2p [McAfee] Mal/Generic-L [Sophos] Backdoor:Win32/Bifrose [Microsoft] Trojan.Win32.Midgare [Ikarus]
5	[file and pathname of the sample #1]	372,090 bytes	MD5: 0x8283E62AC14A23B02681DD1D8063EAC8 SHA-1: 0x3365888A2B0B108F904E4972ACD6C51285D74005	Trojan.Win32.Midgare [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
Patch.exe	%Temp%\patch.exe	294,912 bytes
nFO Viewer.exe	%Temp%\nfo viewer.exe	176,128 bytes

Other details

The following Host Name was requested from a host database:

192.5.5.241

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.