13.09.2012, 06:08
Malware info:
SHA256: 121ebf11bb1bcb77b6e6cb2fedbf1631db55f5782d5304e3413014cab84f343f
SHA1: a53efd642f191be492e3ea27f74f34ce12daa80b
MD5: da9e23912e82eaa865527cdaebef49e5
File size: 93.0 KB ( 95232 bytes )
VT info (21/42):
Changes in the system:
SHA256: 121ebf11bb1bcb77b6e6cb2fedbf1631db55f5782d5304e3413014cab84f343f
SHA1: a53efd642f191be492e3ea27f74f34ce12daa80b
MD5: da9e23912e82eaa865527cdaebef49e5
File size: 93.0 KB ( 95232 bytes )
VT info (21/42):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKCU\Software\Microsoft\Command Processor\AutoRun: ""C:\Documents and Settings\Administrator\Local Settings\Application Data\byshcdzyuhso.exe""
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: "Explorer.exe, %Appdata%\byshcdzyuhso"
Files:
%Appdata%\byshcdzyuhso.exe
%Local Appdata%\byshcdzyuhso.exe
%Temp%\1.tmp\img\bg.jpg
%Temp%\1.tmp\img\button.png
%Temp%\1.tmp\img\logo1.png
%Temp%\1.tmp\index.hta
%Temp%\1.tmp\index2.hta
%Temp%\3.tmp\img\bg.jpg
%Temp%\3.tmp\img\button.png
%Temp%\3.tmp\img\logo1.png
%Temp%\3.tmp\index.hta
%Temp%\3.tmp\index2.hta
%Common Appdata%\byshcdzyuhso.exe
Treść widoczna jedynie dla zarejestrowanych użytkowników