| Visit ThreatExpert web site | | | Close Report |
 | Possible Security Risk |
| Threat Category | Description |
 |
A hacktool that could be used by attackers to break into a system |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %Temp%\7ydrrJ | 18,944 bytes | MD5: 0x35178B1B3C404CD05F639A5DE74177DC SHA-1: 0x627E6DA1C3E109755E40EC627B19E5E1C23EF638 |
Mal/Agent-IR [Sophos] Packer.Malware.NSAnti.H  [Ikarus] |
| 2 | %Temp%\A1.zip | 19,968 bytes | MD5: 0x90AFFACB3C4F110BA63DF2BE93F2E41A SHA-1: 0xA1F071AE9ED951B1EB7EFB040E9CC7204A967E76 |
(not available) |
| 3 | %Temp%\B1.zip | 19,456 bytes | MD5: 0x0B14DFD82A538CF8933435397DBC4925 SHA-1: 0x82AC612BF9A1C832BF75B8FA8D38714E28640A94 |
(not available) |
| 4 | %Temp%\C1.zip | 18,944 bytes | MD5: 0x743CAC2A53BA132D086853141246D7D7 SHA-1: 0xDAF54FE899EA885CD8E70F8BCDB1E3349F4C4526 |
(not available) |
| 5 | %Temp%\Coor.bat | 151 bytes | MD5: 0x5055D8342408F688ADA50B3BEEBDB365 SHA-1: 0x50DDA9BCC77911C0CBBA1B3B90F0F25D037E117B |
(not available) |
| 6 | %Temp%\H9Ueh3J.dll | 162,304 bytes | MD5: 0x6BEBCA98F6CD5E533C349D6882EB424B SHA-1: 0x86A564CEF1403E0E30560E9E5758E87BD8F71AD8 |
Mal/GamePSW-C [Sophos] PWS:Win32/OnLineGames.AH [Microsoft] |
| 7 | %Temp%\jwHfj4d7K.dll | 162,304 bytes | MD5: 0xACA362AF1208223DFBBD1A079E2F8022 SHA-1: 0xDC9942873438D3D8C1AC4A6BBBF191CCC603C2C5 |
Mal/GamePSW-C [Sophos] PWS:Win32/OnLineGames.AH [Microsoft] |
| 8 | %System%\drivers\28253900.sys | 26,208 bytes | MD5: 0x515D6E6AEA365640A71D45E28F8B8663 SHA-1: 0x6CBC99E72530814376C004FF41E7BA866A3B3F1A |
Hacktool.Rootkit [Symantec] PWS:WinNT/OnLineGames.D [Microsoft] Trojan-PWS.WinNT.OnLineGames [Ikarus] |
| 9 | %System%\kakuzd.dll | 225,280 bytes | MD5: 0x7BAAECFD871232B9126E0BB5636AC7A9 SHA-1: 0xDB9C1100B087340B03E2D4B62EE186FEB3EEADC3 |
(not available) |
| 10 | [file and pathname of the sample #1] | 211,968 bytes | MD5: 0x98E65E0D00624734161AFDC4BCBAA3DB SHA-1: 0x72A322503AD96EB933B97B54EA8A75309E8141B6 |
TrojanDropper:Win32/Festi.A [Microsoft] packed with PE_Patch [Kaspersky Lab] |
| 11 |
%System%\TfhyyuGrf
%System%\wshtcpzd.dll |
19,968 bytes | MD5: 0xA7F95A53EE055115DF03588997A47D4D SHA-1: 0x81C4564E21F028A0E968B3FB1822C3485BA46E84 |
(not available) |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 888,832 bytes |
| [generic host process] | [generic host process filename] | 20,480 bytes |
| Module Name | Module Filename | Address Space Details |
| kakuzd.dll | %System%\kakuzd.dll | Process name: IEXPLORE.EXE Process filename: %ProgramFiles%\internet explorer\iexplore.exe Address space: 0x1090000 - 0x10CE000 |
 | Registry Modifications |
 | Other details |
 |
Republic of Korea |
 |
China |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.