ThreatExpert Report: Trojan.Gen, Hoax.MSIL.ArchSMS.nfv, Trojan.Win32.SMSSend, Hoax.MSIL.ArchSMS.ngr..

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 7 August 2012, 08:44:47
Processing time: 11 min 5 sec
Submitted sample:

File MD5: 0xDFDB8533A89B82B62960CD3B193E4F67
File SHA-1: 0x4CF92C3DAD1CD5A860A741F9500AD1513884449F
Filesize: 3,610,847 bytes
Alias:

Trojan.Gen [Symantec]
Hoax.MSIL.ArchSMS.nfv [Kaspersky Lab]
Trojan.Win32.SMSSend [Ikarus]

Summary of the findings:

What's been found	Severity Level
Contains characteristics of an identified security risk.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\7z.dll	914,432 bytes	MD5: 0x04AD4B80880B32C94BE8D0886482C774 SHA-1: 0x344FAF61C3EB76F4A2FB6452E83ED16C9CCE73E0	(not available)
2	%Temp%\archive.xml	480 bytes	MD5: 0xD17A957E3C48990630678F90983FE96A SHA-1: 0x3DFC3C5151E1B72F1BE7889FD18C3DEA84EDCED5	(not available)
3	%Temp%\html\images\bramus\percentImage.gif	151 bytes	MD5: 0x9D0E6FCB4838CF593ED52C8763403332 SHA-1: 0x93D8545FF61D704EC50DB26114376DF777B634A0	(not available)
4	%Temp%\html\images\bramus\percentImage.png	190 bytes	MD5: 0x8109CA2AEC3E610DF122E15643C0BB94 SHA-1: 0x519EBADA72A057D3E786B1094FFB319239F8C8C7	(not available)
5	%Temp%\html\images\bramus\percentImage_back.png	533 bytes	MD5: 0x4BF93BB179BBA35F7ACFC7920780B7B1 SHA-1: 0x15F666F36A30036D9C5C58E5E9FD32B3A4E0525A	(not available)
6	%Temp%\html\images\btn-bg-active.png	182 bytes	MD5: 0xBFBC256B34B2EAC3039D6C0AE3127597 SHA-1: 0xB16D8414B66A385984A54124CF9B8418C16F59F3	(not available)
7	%Temp%\html\images\btn-bg.png	187 bytes	MD5: 0xDF6389F4676A99C481CBBAED9D0179FE SHA-1: 0xF386F5FD4BBAB6FE738230B4A02066FE649F7AA1	(not available)
8	%Temp%\html\images\icons\add.gif	990 bytes	MD5: 0x108619AA8A5B363CBDDA706ECCDDEC8C SHA-1: 0xE3C450068C7ECA3A19B535D5C677C5F2D7415B17	(not available)
9	%Temp%\html\images\icons\empty.gif	963 bytes	MD5: 0x046F216FCE5148F91AE13688BDD21484 SHA-1: 0x103C7B8A083BC4745EE69667D1A74D297D0F7978	(not available)
10	%Temp%\html\images\icons\fill.gif	1,003 bytes	MD5: 0xF31AB043C890A60BFFFE115E2AE83DE2 SHA-1: 0xE0C46F2ECAFAA7F65757D942C3743240F32FA5ED	(not available)
11	%Temp%\html\images\icons\get.gif	991 bytes	MD5: 0xFD8582BB764C43FBF261DFD2FE71E77C SHA-1: 0x40145DDBBCD05CA2F25DF5F32DBAC6A3EE55B9B3	(not available)
12	%Temp%\html\images\icons\minus.gif	991 bytes	MD5: 0xF983A4988C7DF406794FA17F5D235B61 SHA-1: 0xFD8267A00666D47854958B7B61DB51AE71C577FC	(not available)
13	%Temp%\html\images\icons\set.gif	1,006 bytes	MD5: 0x81B7C8A9025E4BBCCCA689AA331E4221 SHA-1: 0x23D35C36EA84CD36D10517DD62CE2B21E62CD100	(not available)
14	%Temp%\html\images\loading.gif	4,046 bytes	MD5: 0x91866A46200C4A5AD3711A3C6DAC57C8 SHA-1: 0xC0B5F98EBAFE13762C2EB84892FF7318840458B8	(not available)
15	%Temp%\html\images\loading3.gif	5,886 bytes	MD5: 0xC33734A1BF58BEC328FFA27872E96AE1 SHA-1: 0x2BB50E01775289C24BF71D4F3E696B46925F20A3	(not available)
16	%Temp%\html\images\windows.png	5,076 bytes	MD5: 0x2394E0DD25D41F212B377BD693D3B79B SHA-1: 0xCE2F08ECE3E0D44241A66FED9058AA965DF03C40	(not available)
17	%Temp%\html\images\windows2.png	5,964 bytes	MD5: 0x7BE48B789473444C585662BFA2043B99 SHA-1: 0x4A51C13B82ECEE994ECA1AE524F8E71A983C7D07	(not available)
18	%Temp%\html\js\bramus\jsProgressBarHandler.js	16,875 bytes	MD5: 0xD645BC10D1D3209E03495BA67D167757 SHA-1: 0x1EA1C520251538032952825E11C55519A039189E	(not available)
19	%Temp%\html\js\jquery.js	85,925 bytes	MD5: 0xE85AED5C30D734F1E30646E030D7A817 SHA-1: 0xB8DCAA1C866905C0BDB0B70C8E564FF1C3FE27AD	(not available)
20	%Temp%\html\js\mask.js	3,343 bytes	MD5: 0x8AC5015164E111D6AEC48B1C72F18A02 SHA-1: 0x5E6D98449520CA0FCC812701B7B5CAFFE2B88FE3	(not available)
21	%Temp%\html\js\prototype\prototype.js	126,127 bytes	MD5: 0xD3A5B20D5368C1BCABE655B57B52D097 SHA-1: 0x015CF89260F3E8F0B86F5A17558125C933692989	(not available)
22	%Temp%\html\lic.html	2,144 bytes	MD5: 0xF2CD888865303BB8692DFCECFFBB89A2 SHA-1: 0x9778CE2561B8913A9297E3F83FDDDC526B5C7981	(not available)
23	%Temp%\html\page.html	1,498 bytes	MD5: 0x906159B5A7C63BADD7B8413D2B41F93D SHA-1: 0x1DDD6DDF7BF02D242FD98C9A1FF43770E05EF0BF	(not available)
24	%Temp%\html\page2.html	1,166 bytes	MD5: 0xFAF3AC44C32A4282488EB019834D9846 SHA-1: 0xFDD4EA6EF678316C01096733E974DE57E92C822E	(not available)
25	%Temp%\html\page21.html	1,527 bytes	MD5: 0x374A3ED79460F9E97F93109F40781DD2 SHA-1: 0x54FDA3047F51CE0C734EEB5A6949182166437A0F	(not available)
26	%Temp%\html\page25.html	1,526 bytes	MD5: 0x29D60B819177FCC16CB988BF4460D14F SHA-1: 0xC4A2D9E15DD79ADBADC6870280A17A15AF0D03E5	(not available)
27	%Temp%\html\page26.html	1,789 bytes	MD5: 0x3FA52222B184F74ECB11647B0618AD3E SHA-1: 0xAC876127EAC55B9376875CF3682FB57E7B0BA6BE	(not available)
28	%Temp%\html\page3.html	1,463 bytes	MD5: 0x2685B66769604B9D762D43AEE306BFF2 SHA-1: 0x4BDB6ADD493B12A5CA165833D29CD6ED8555AE61	(not available)
29	%Temp%\html\page4.html	3,122 bytes	MD5: 0x2CE3980705AAF69792FF867E57FCE35C SHA-1: 0x29514183DDFBE13FEC423FD2E7CCB038EDF15F00	(not available)
30	%Temp%\html\style.css	1,621 bytes	MD5: 0x9FC622E74BFCC010061ADF1E5EB72819 SHA-1: 0x6DEEF7D4E573741509116F955BE55839E6DE513A	(not available)
31	%Temp%\html\style2.css	1,624 bytes	MD5: 0x863523EC3DC86DC7F3A9ADEAC0245186 SHA-1: 0x0743B5149A09657396622470DBD9749ABB1A2F77	(not available)
32	%Temp%\html.zip	97,514 bytes	MD5: 0x2CAF62DCC8F1BEDE3D5B08B262055B3D SHA-1: 0x5F04AB909E24B33320F8BF40E849C2D4FF1C407F	(not available)
33	%Temp%\icon	136,606 bytes	MD5: 0x6F7C17B7B442E4CD2D892B87AE8DC017 SHA-1: 0x04BE440854804D2DC7805A53F6C5CECE4310E58D	(not available)
34	%Temp%\[filename of the sample #1]	3,305,785 bytes	MD5: 0x5A5BB5CA0507F0D07BFE0E946D8C7EA7 SHA-1: 0x4BF97F19A8136D93D2A1A55E133D73BB483C4C70	Hoax.MSIL.ArchSMS.ngr [Kaspersky Lab] Program:MSIL/Pameseg.AC [Microsoft] Hoax.MSIL [Ikarus]
35	[file and pathname of the sample #1]	3,610,847 bytes	MD5: 0xDFDB8533A89B82B62960CD3B193E4F67 SHA-1: 0x4CF92C3DAD1CD5A860A741F9500AD1513884449F	Trojan.Gen [Symantec] Hoax.MSIL.ArchSMS.nfv [Kaspersky Lab] Trojan.Win32.SMSSend [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\html
%Temp%\html\images
%Temp%\html\images\bramus
%Temp%\html\images\icons
%Temp%\html\js
%Temp%\html\js\bramus
%Temp%\html\js\prototype

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	%Temp%\[filename of the sample #1]	N/A

Other details

To mark the presence in the system, the following Mutex object was created:

_!SHMSFTHISTORY!_

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.