| Visit ThreatExpert web site | | | Close Report |
[Ikarus]| What's been found | Severity Level |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Threat Category | Description |
 |
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment |
 |
A virus capable to modify other files by infecting, prepending, or overwriting them them with its own body |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 |
%Temp%\1.exe
|
28,672 bytes | MD5: 0xFD91CD31EC75E1C74BA99EDFE22F3ACE SHA-1: 0x0044A3BEE99382934AA711DF3AE504F350FE125F |
Mal/KeyGen-W [Sophos] Trojan.Win32.Agent [Ikarus]packed with UPX [Kaspersky Lab] |
| 2 |
%Temp%\10.exe
|
1,748,992 bytes | MD5: 0xF9A36E2A6C9D198DB443FBB0DAD10EDB SHA-1: 0xF32C01F967FD50B113B47679A4B36D67347E53D2 |
(not available) |
| 3 |
%Temp%\2.exe
|
68,608 bytes | MD5: 0xE3D8B92C8520CFF0AE054F6F88C6C2FE SHA-1: 0x1B3C3225842685543DBBF3B825759231095E8E73 |
(not available) |
| 4 |
%Temp%\3.exe
|
344,576 bytes | MD5: 0x6FF823A9B0E9BA9479F8E55CC1BB4B36 SHA-1: 0x430F5D84F1D2FA6E5FE5E1B9958EE16F336B65B3 |
Trojan.Gen.2 [Symantec] Troj/QPatch-A [Sophos]Trojan.SuspectCRC [Ikarus] |
| 5 |
%Temp%\4.exe
|
146,944 bytes | MD5: 0xDB96016B0E2567F4C569785EA94DC3A6 SHA-1: 0x9B828A596D6A7A88A77B3F0041D2A446049A6100 |
Mal/Behav-053 [Sophos] Virus.Win32.Agent.YOR [Ikarus] |
| 6 |
%Temp%\5.exe
|
71,680 bytes | MD5: 0xF6199F146D9C7C20D3B5474A147E0044 SHA-1: 0xABA429E9234AA4DA77208977BF8C43A852CB4311 |
Mal/KeyGen-W [Sophos] Trojan.SuspectCRC [Ikarus] |
| 7 |
%Temp%\6.exe
|
332,800 bytes | MD5: 0x96B6D7DAB7E51048F6C319DBDC94D05D SHA-1: 0x77E2F6CD550BDB0DB0BFDA018BD3F1F4CC42C11D |
W32.Sality.AE [Symantec] W32/Sality.gen [McAfee]PE_SALITY.BU [Trend Micro]Mal/Sality-B [Sophos]Virus.Win32.Sality [Ikarus] |
| 8 |
%Temp%\7.exe
|
56,832 bytes | MD5: 0xFDADA0D81943D60B8C6768F5105107CA SHA-1: 0xCCE5AAC3E8DB79B3DB3D01E5846C57F130AFAA0D |
Mal/Packer [Sophos] |
| 9 |
%Temp%\8.exe
|
1,629,636 bytes | MD5: 0x5F51E02EE049FB17FA304AEF3BA59EA2 SHA-1: 0xCA7FB456296564E9ECA5BA3A2B3410D2A8AAF8F4 |
(not available) |
| 10 |
%Temp%\9.exe
|
23,552 bytes | MD5: 0x3289078A7CC377A924B274BC87DC9056 SHA-1: 0xAFDC3FC1CB85EBD667A07CD58D1B3415F3B6A0EE |
packed with UPX [Kaspersky Lab] |
| 11 | %Temp%\Acknowledge -BRK-.FON | 3,552 bytes | MD5: 0xBDB01B6410847CD7FD73391A36CF8696 SHA-1: 0x2236374097E671917AB813CCBF48B15AE0B6FDFB |
(not available) |
| 12 |
%Temp%\bassmod.dll
|
9,728 bytes | MD5: 0x780D14604D49E3C634200C523DEF8351 SHA-1: 0xE208EF6F421D2260070A9222F1F918F1DE0A8EEB |
(not available) |
| 13 | [file and pathname of the sample #1] | 3,105,572 bytes | MD5: 0xDF638361415566BC86623F8D41E8C06B SHA-1: 0xCBE400678074FE8CA8DABCBAA1E1DFBD5205BD75 |
Virus.Win32.Sality.aa [Kaspersky Lab] Trojan.SuspectCRC [Ikarus] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| 6.exe | %Temp%\6.exe | 851,968 bytes |
| 7.exe | %Temp%\7.exe | 73,728 bytes |
| 9.exe | %Temp%\9.exe | 73,728 bytes |
| 1.exe | %Temp%\1.exe | 90,112 bytes |
| 2.exe | %Temp%\2.exe | 266,240 bytes |
| 3.exe | %Temp%\3.exe | 1,458,176 bytes |
| 5.exe | %Temp%\5.exe | 143,360 bytes |
| 8.exe | %Temp%\8.exe | 401,408 bytes |
 | Registry Modifications |
 | Other details |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2013 ThreatExpert. All rights reserved.