| Visit ThreatExpert web site | | | Close Report |
[Microsoft] [Ikarus]| What's been found | Severity Level |
| Downloads/requests other files from Internet. |  |
| Registers a 32-bit in-process server DLL. | |
| Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module). | |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Security Risk | Description |
| Trojan.Generic |
Common Components that may be used by Trojans Small, DRSN Search, Binet, Euniverse, Adrotator and Dloader among others. |
| Threat Category | Description |
 |
A hacktool that could be used by attackers to break into a system |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 | %Temp%\A1.zip | 19,968 bytes | MD5: 0x90AFFACB3C4F110BA63DF2BE93F2E41A SHA-1: 0xA1F071AE9ED951B1EB7EFB040E9CC7204A967E76 |
(not available) |
| 2 | %Temp%\B1.zip | 19,456 bytes | MD5: 0x0B14DFD82A538CF8933435397DBC4925 SHA-1: 0x82AC612BF9A1C832BF75B8FA8D38714E28640A94 |
(not available) |
| 3 | %Temp%\Coor.bat | 151 bytes | MD5: 0x5055D8342408F688ADA50B3BEEBDB365 SHA-1: 0x50DDA9BCC77911C0CBBA1B3B90F0F25D037E117B |
(not available) |
| 4 | %Temp%\fq2BsU8re.dll | 171,008 bytes | MD5: 0xF0DE5116C98587EC1A92C17A2A255B1C SHA-1: 0xD714947421436A828ECCE50CFC60CD34E2E1D804 |
Troj/GamerPWS-B [Sophos] PWS:Win32/OnLineGames.AH [Microsoft]Trojan-GameThief.Win32.OnLineGames [Ikarus] |
| 5 | %Temp%\Jrv8aE.dll | 171,008 bytes | MD5: 0x6D914DAE7FEAFB50FEA06073A7A930A9 SHA-1: 0x02FF3109BCAC04686F843DA29AB229FECD9A5501 |
Troj/GamerPWS-B [Sophos] PWS:Win32/OnLineGames.AH [Microsoft]Trojan-GameThief.Win32.OnLineGames [Ikarus] |
| 6 | %System%\drivers\28253900.sys | 28,192 bytes | MD5: 0x3CE7B94D00E452C5FC0432CDD1563630 SHA-1: 0x347C448AA4E70DC9C2675D0E9DDF1BAC7D32B6C8 |
Hacktool.Rootkit [Symantec] PWS:WinNT/OnLineGames.D [Microsoft] Trojan-PWS.WinNT.OnLineGames [Ikarus] |
| 7 | %System%\moonwr.dll | 143,872 bytes | MD5: 0x54ABD9F1B847F067B89E42ED73851BB4 SHA-1: 0x1556A24161EDC9E33BB3DD7532A4D5FD124A2948 |
PWS:Win32/OnLineGames.AH [Microsoft] |
| 8 | [file and pathname of the sample #1] | 180,224 bytes | MD5: 0xA4A798DB0612FF500472F834340C4069 SHA-1: 0xB323C26E21058AF1D818C3F127527A5BA5BB31AB |
PWS:Win32/OnLineGames.AH [Microsoft] Packed.Win32.Krap [Ikarus]packed with PE_Patch [Kaspersky Lab] |
| 9 |
%System%\uswH2dT
%System%\wshtcpwr.dll |
19,968 bytes | MD5: 0xA7F95A53EE055115DF03588997A47D4D SHA-1: 0x81C4564E21F028A0E968B3FB1822C3485BA46E84 |
(not available) |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 749,568 bytes |
| [generic host process] | [generic host process filename] | 20,480 bytes |
| Module Name | Module Filename | Address Space Details |
| moonwr.dll | %System%\moonwr.dll | Process name: IEXPLORE.EXE Process filename: %ProgramFiles%\internet explorer\iexplore.exe Address space: 0x1090000 - 0x10B5000 |
 | Registry Modifications |
 | Other details |
 |
Republic of Korea |
 |
China |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.