Friday, July 6, 2012

C:\$372,580.00.SCR

  Parentname:  C:\WINDOWS\system32\cmd.exe
  Command Line:  "c:\$372,580.00.exe"
  MD5:  de09a9d2a152d2592f585079eb061848
  SHA1: 7502dacc575c497222b1a15070dbb852526a188a

 Message:   Startup behavior anomalies observed    Detail:   A new process has been launched   
Imagepath:  C:\$372,580.00.exe   DLL Name:  kernel32


 Message:   Cryptographic operations performed    Detail:   Malware performing cryptographic operations 
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\"Seed" = 12 90 24 b6 63 1d 08 93 e4 06 fa 4b 3 b 37 d6 d2 76 cc ad 5b 61 19 de be 3d 87 dc 45 ce 3a 11 29 52 d3 fd 87 67 37 95 44 0f 54 55 76 b7 21 1d 7f 9d 43 0a 36 01 fe 92 b2 ee 4a ab 12 64 32 f6 43 de f4 3b 69 37 3c f8 ad 7b 79 97 5a 85  d9 ed 2a

Message:   Malware trying to detect the presence of a debugger    Detail:   Debugger awareness detected
   API Name:  IsDebuggerPresent   Address:  0x5ad78a58

Message:   Internet Explorer cookie index read    Detail:   Malware reading IE cookie index
File: Open : C:\Documents and Settings\admin\Cookies\index.dat

Message:   Internet Explorer history index read    Detail:   Malware reading IE history index

Message:   Startup services added    Detail:   Malware adding itself (non-DLL) to windows startup areas
\REGISTRY\USER\S-1-5-21-1409082233-688789844-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"Desktop" = C:\Documents and Settings\admin\Desktop\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"don" = C:\Documents and Settings\Al l Users\Common Files\don.exe

Message:   New command prompt started    Detail:   Malware starting command prompt
   Command Line:  cmd.exe /c C:\DOCUME~1\admin\LOCALS~1\Temp\slip.jpg

Message:   Tracking Sleep/SleepEx API Call    Detail:   Malware Sleep     
Message:   Suspicious Win32 Sleep() call observed    Detail:   Malware calling Win32 Sleep() in a suspicious manner    

C:\Program Files\Internet Explorer\IEXPLORE.EXE
  Parentname:  C:\WINDOWS\system32\cmd.exe
  Command Line:  "C:\Program Files\Internet Explorer\iexplore.exe" C:\DOCUME~1\admin\LOCALS~1\Temp\slip.jpg


Message:   Suspicious browser loading    Detail:   Malware suspiciously loading browser via command prompt
Message:   Browser settings tampered    Detail:   Malware modifying browser helper objects


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)