ThreatExpert Report: Trojan-PWS.Win32.Gamec, Mal/KeyGen-W, Mal/EncPk-ZC

Technical Details:

File System Modifications

The following files were created in the system:

Filename(s)

File Size

File Hash

Alias

%Temp%\31.exe

22,528 bytes

MD5: 0xDC22D10F52134A0FB3D85389271F96AC
SHA-1: 0xEF9D63F55F0C552A3F77EE95362B18F653003E22

Mal/KeyGen-W [Sophos]
packed with UPX [Kaspersky Lab]

%Temp%\32.exe

22,528 bytes

MD5: 0x8795B194FAC4EA3E97F4B6092539046D
SHA-1: 0x2E2C0482AA1B71F2C0DE2A9A49E159C486A9308F

Mal/KeyGen-W [Sophos]
packed with UPX [Kaspersky Lab]

%Temp%\33.exe

61,952 bytes

MD5: 0x1AD6EFC046B144281BAA4FFF25F52169
SHA-1: 0xC3CAEEFBB902A1872C4F53D4DC40F11EA69CDD0E

Trojan-PWS.Win32.Gamec

[Ikarus]
packed with UPX [Kaspersky Lab]

%Temp%\34.exe

9,216 bytes

MD5: 0xCF9B85C29A867600FE52C5BB96B37ADC
SHA-1: 0x235C651831B519CA7584AAD28D49F7121AF85927

(not available)

%Temp%\35.exe

24,576 bytes

MD5: 0x75D594907A3C9ADE14CD86C376654315
SHA-1: 0x60C19B64E9F96D2D2A92EBF0AA49CFFABD2511A2

(not available)

%Temp%\36.exe

20,480 bytes

MD5: 0xE76EF853447F80817F53801C4DFB40A1
SHA-1: 0x3D6A1CFF6A758B2675EB2B30B758AE0F54160F2D

Mal/EncPk-ZC [Sophos]

%Temp%\37.exe

37,376 bytes

MD5: 0x60970149CDA929435A5B2AFC4FFF144D
SHA-1: 0xB627AB29E6F8F1D83696DAA8718A368D3F684E1B

(not available)

[file and pathname of the sample #1]

153,747 bytes

MD5: 0xA149B394E84F5739EC274B5A789A7DE0
SHA-1: 0xBF318C3FBFC5BE169111252250C05F4710DA7B3E

Trojan-PWS.Win32.Gamec

[Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Memory Modifications

There were new processes created in the system:

Process Name

Process Filename

Main Module Size

37.exe

%Temp%\37.exe

126,976 bytes

31.exe

%Temp%\31.exe

77,824 bytes

32.exe

%Temp%\32.exe

77,824 bytes

33.exe

%Temp%\33.exe

212,992 bytes

36.exe

%Temp%\36.exe

57,344 bytes

34.exe

%Temp%\34.exe

N/A

35.exe

%Temp%\35.exe

N/A

Registry Modifications

The following Registry Key was created:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD

The newly created Registry Value is:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MCD]

Enable = 0x00000001
SwapSync = 0x00000001
Palettized Formats = 0x00000001
IO Priority = 0x00000000
Use Generic Stencil = 0x00000001
Enumerate as ICD = 0x00000000

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Submission Summary:

Technical Details: