Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).

 

Technical Details:

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Windir%\inf\asynceql.inf 10,092 bytes MD5: 0xB43E3086A33709C334104A24AF08F053
SHA-1: 0xA9FB54975BD274D7C2636BB9F015EEE14C30C1D0
(not available)
2 %Windir%\Media\joys.cpl 424,960 bytes MD5: 0x6750256C271E174FBDB7D9B7DF4C08E3
SHA-1: 0x462F8BC3568958255728561EF6F8477952D1EA07
packed with UPX [Kaspersky Lab]
3 %Windir%\Media\lsass.cpl 488,448 bytes MD5: 0xBDF9142CCBD374BC70694A3A921F108B
SHA-1: 0xDC125F6FD0E7AB9983972897B7AA6CDD86F3FD96
Suspect-AB!BDF9142CCBD3 [McAfee]
Mal/Banker-U, Mal/Banker-U [Sophos]
packed with UPX [Kaspersky Lab]
4 %Windir%\system\mkp.dll 5 bytes MD5: 0x943849A7F0653DA1A4CD3857250C48D8
SHA-1: 0x818712F83358DF20001A2445B90E4B908631CB00
(not available)
5 %System%\javan.dll 1,424,896 bytes MD5: 0xD97C269C7DE03BCACAF44378303AD779
SHA-1: 0xE9F711A3BE90337E0B7FD7CC2E0548FE53712DD1
Trojan-Downloader.Win32.Banload [Ikarus]
packed with UPX [Kaspersky Lab]
6 [file and pathname of the sample #1] 129,087 bytes MD5: 0xFDA3B43FEBDA04EDAD0C8BCB456734BF
SHA-1: 0xFC66F62FB35732E64B4F771AC93D60D3F1FD4F98
packed with PE_Patch [Kaspersky Lab]

 

Registry Modifications

 

Other details

Brazil

Remote HostPort Number
187.45.214.13880

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.