Visit ThreatExpert web site |Close Report

Submission Summary:

What's been foundSeverity Level
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Threat CategoryDescription
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
A hacktool that could be used by attackers to break into a system

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\dddol.dll
%Temp%\ddemi.dll
%Temp%\ddhrn.dll
%Temp%\ddnrj.dll
%Temp%\deish.dll
%Temp%\deoki.dll
%Temp%\deqdq.dll
%Temp%\dfeim.dll
%Temp%\dfloe.dll
%Temp%\dgfdn.dll
%Temp%\dggkh.dll
%Temp%\dgone.dll
%Temp%\dkllp.dll
%Temp%\dkord.dll
%Temp%\dlofr.dll
%Temp%\dndmi.dll
%Temp%\dnfml.dll
%Temp%\dnsqo.dll
%Temp%\doeoo.dll
%Temp%\doijj.dll
%Temp%\dorok.dll
%Temp%\drfrk.dll
%Temp%\drneo.dll
%Temp%\dsrdj.dll
%Temp%\eeldl.dll
%Temp%\efjmo.dll
%Temp%\efnpi.dll
%Temp%\egqni.dll
%Temp%\eimli.dll
%Temp%\eisem.dll
%Temp%\ekjhi.dll
%Temp%\ekqsh.dll
%Temp%\elpgm.dll
%Temp%\emjln.dll
%Temp%\enfml.dll
%Temp%\enfnm.dll
%Temp%\enjhg.dll
%Temp%\enngs.dll
%Temp%\eodfg.dll
%Temp%\eqmph.dll
%Temp%\eqpno.dll
%Temp%\erhkk.dll
%Temp%\erord.dll
%Temp%\esnml.dll
%Temp%\ffjfn.dll
%Temp%\ffkfn.dll
%Temp%\fhspo.dll
%Temp%\fjilo.dll
%Temp%\fjkjm.dll
%Temp%\fkdoe.dll
%Temp%\fkssk.dll
%Temp%\fmdmr.dll
%Temp%\fndjn.dll
%Temp%\fniqn.dll
%Temp%\fnldd.dll
%Temp%\fnlki.dll
%Temp%\fnlmk.dll
%Temp%\foopr.dll
%Temp%\fpknr.dll
%Temp%\fqjpe.dll
%Temp%\frkqo.dll
%Temp%\frlrj.dll
%Temp%\frosn.dll
%Temp%\fskqo.dll
%Temp%\gdrmh.dll
%Temp%\gelgj.dll
%Temp%\gfdfq.dll
%Temp%\ghrsj.dll
%Temp%\gifno.dll
%Temp%\gilli.dll
%Temp%\glqmi.dll
%Temp%\glrnj.dll
%Temp%\gndki.dll
%Temp%\gnlrr.dll
%Temp%\gnpfd.dll
%Temp%\gopji.dll
%Temp%\gshmo.dll
%Temp%\gsldm.dll
%Temp%\hgper.dll
%Temp%\hheqr.dll
%Temp%\hhkjf.dll
%Temp%\higll.dll
%Temp%\hjnpi.dll
%Temp%\hjpqe.dll
%Temp%\hjqjl.dll
%Temp%\hljkf.dll
%Temp%\hljqg.dll
%Temp%\hlnqk.dll
%Temp%\hmqir.dll
%Temp%\hnhqn.dll
%Temp%\hpmof.dll
%Temp%\hqdgq.dll
%Temp%\hqkdn.dll
%Temp%\hqoqk.dll
%Temp%\hrnsn.dll
%Temp%\hrqln.dll
%Temp%\hsdqr.dll
%Temp%\ideml.dll
%Temp%\ieirh.dll
%Temp%\iemls.dll 		140,288 bytes MD5: 0xA6C57E7ADDC99CBB8BCCD51585158E16
SHA-1: 0xC9A34D804D13E024BE7D04EEC009274881C75D15		 Trojan.Gen [Symantec]
Trojan.Win32.Smardf.lkt [Kaspersky Lab]
Boaxxe.gen.i [McAfee]
Troj/Boaxxe-S [Sophos]
TrojanDropper:Win32/Boaxxe.G [Microsoft]
Trojan-Dropper.Win32.Boaxxe [Ikarus]
Dropper/Malware.140288.AY [AhnLab]
2 %System%\adpt.dll 118,272 bytes MD5: 0x2D1E67CCD190CA1ED74D57678E86E3F3
SHA-1: 0x11D899693F13E602686386DCBA695C437C7C7286		 Generic Dropper.fz [McAfee]
Troj/Boaxxe-R [Sophos]
TrojanDropper:Win32/Boaxxe.G [Microsoft]
Trojan-Dropper.Win32.Boaxxe [Ikarus]
Win-Trojan/Smardf.Gen [AhnLab]
3 %System%\adptf.dll 118,272 bytes MD5: 0x2E323921829BE91D5F5DB55D7BD12B3F
SHA-1: 0x826319A2EB44393A1795F1EEDEFEC7B6406DD290		 Generic Dropper.fz [McAfee]
Troj/Boaxxe-R [Sophos]
TrojanDropper:Win32/Boaxxe.G [Microsoft]
Trojan-Dropper.Win32.Boaxxe [Ikarus]
Win-Trojan/Smardf.Gen [AhnLab]
4 %System%\adpti.dll 118,272 bytes MD5: 0xE0FEAAB63706520AF3CCB0D88CD13CA8
SHA-1: 0x698F6A48F9FDF5E7564B58FD20B4D329B3DECFE9		 Generic Dropper.fz [McAfee]
Troj/Boaxxe-R [Sophos]
TrojanDropper:Win32/Boaxxe.G [Microsoft]
Trojan-Dropper.Win32.Boaxxe [Ikarus]
Win-Trojan/Smardf.Gen [AhnLab]
5 %System%\adptik.dll 118,272 bytes MD5: 0xEFBE286B3EE73AC91E7AB508EB7FF4D1
SHA-1: 0xC21B74C23FE8B58824EF2B409650E9DA315EB0B2		 Generic Dropper.fz [McAfee]
Troj/Boaxxe-R [Sophos]
TrojanDropper:Win32/Boaxxe.G [Microsoft]
Trojan-Dropper.Win32.Boaxxe [Ikarus]
Win-Trojan/Smardf.Gen [AhnLab]
6 %System%\adptl.dll 118,272 bytes MD5: 0xCC1CB879F9ABCA568EEC646A29CDDB43
SHA-1: 0x52421819C31717ABECFAA4379E65A04B845AE06D		 Generic Dropper.fz [McAfee]
Troj/Boaxxe-R [Sophos]
TrojanDropper:Win32/Boaxxe.G [Microsoft]
Trojan-Dropper.Win32.Boaxxe [Ikarus]
Win-Trojan/Smardf.Gen [AhnLab]
7 %System%\adpto.dll 118,272 bytes MD5: 0xF4B21D756DD9F6899232C0CDCBCD36A5
SHA-1: 0xBB2FDE67B8177877EF83B686606A1D3F030EF47A		 Generic Dropper.fz [McAfee]
Troj/Boaxxe-R [Sophos]
TrojanDropper:Win32/Boaxxe.G [Microsoft]
Trojan-Dropper.Win32.Boaxxe [Ikarus]
Win-Trojan/Smardf.Gen [AhnLab]
8 %System%\ads.dll 118,272 bytes MD5: 0x5E7F357D8E178A09DC269911344FED0A
SHA-1: 0x9134A1051F130AFBD8C166EBAED6C36C18361E55		 Generic Dropper.fz [McAfee]
Troj/Boaxxe-R [Sophos]
TrojanDropper:Win32/Boaxxe.G [Microsoft]
Trojan-Dropper.Win32.Boaxxe [Ikarus]
Win-Trojan/Smardf.Gen [AhnLab]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1]%Temp%\[filename of the sample #1]376,882 bytes
[filename of the sample #1][file and pathname of the sample #1]425,984 bytes

 

Registry Modifications

 

Other details

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2013 ThreatExpert. All rights reserved.