Trojan

1.  
2. Threat name: CRDF.Trojan.Trojan.Win32.Yoddos94159864
3. File size: 215 kB (219 749 Bytes)
4. MD5 Signature: d47e1f8d4331b4772d4fab7326b70521
5. SHA1 Signature: ac02f52d0e3f09dafa4cebc9ba2e92d07b05e14c
6. SHA256 Signature: 70187342995ad75a0d76206db5ce29c24d431642249605307d57785a10140d45
7. Threat Status: Threat confirmed
8. Reputation: 66 %
9. Date added: Friday 24 August 2012 at 07:02:17
10. Program Content
11.  
12. TrID/32 - File Identifier v2.00/Linux - (C) 2003-06 By M.Pontello
13. Definitions found: 4035
14. Analyzing...
15.  
16. Collecting data from file: /home/crdf-network/threatcenter/tmp.virus/649498041.malware.sample
17. 60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
18. 16.6% (.EXE) Win32 Executable Generic (8527/13/3)
19. 14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
20. 3.9% (.EXE) Generic Win/DOS Executable (2002/3)
21. 3.8% (.EXE) DOS Executable Generic (2000/1)
22.  
23. File disassembler
24.  
25. Information not available for this threat.
26. Report detection of virus (VirusTotal)
27.  
28. nProtect Trojan/W32.Agent.219749
29. CAT-QuickHeal Nothing FOUND
30. McAfee Generic.dx!bfnf
31. K7AntiVirus Trojan
32. TheHacker Trojan/Jorik.Yoddos.oa
33. VirusBuster Nothing FOUND
34. F-Prot Nothing FOUND
35. Norman W32/Agent.AEIQP
36. TotalDefense Nothing FOUND
37. TrendMicro-HouseCall TROJ_GEN.R47CDHL
38. Avast Win32:Malware-gen
39. eSafe Nothing FOUND
40. ClamAV Nothing FOUND
41. Kaspersky Trojan.Win32.Jorik.Yoddos.oa
42. BitDefender Trojan.Agent.AVXV
43. SUPERAntiSpyware Nothing FOUND
44. Emsisoft Trojan.Win32.Yoddos!IK
45. Comodo UnclassifiedMalware
46. F-Secure Trojan.Agent.AVXV
47. DrWeb Nothing FOUND
48. AntiVir TR/Yoddos.C.1
49. TrendMicro TROJ_GEN.R47CDHL
50. McAfee-GW-Edition Generic.dx!bfnf
51. Sophos Nothing FOUND
52. Jiangmin Heur:Worm/Mydoom
53. Antiy-AVL Trojan/Win32.Jorik.gen
54. Microsoft Trojan:Win32/Yoddos.C
55. ViRobot Nothing FOUND
56. GData Trojan.Agent.AVXV
57. Commtouch Nothing FOUND
58. AhnLab-V3 Trojan/Win32.Jorik
59. VBA32 TScope.Malware-Cryptor.SB.gen
60. PCTools Trojan.Gen
61. ESET-NOD32 Win32/Agent.PDD
62. Rising Nothing FOUND
63. Ikarus Nothing FOUND
64. Fortinet W32/Jorik_Yoddos.OA!tr
65. AVG Generic28.CEDS
66. Panda Trj/Resdec.c
67. CRDF Anti Malware CRDF.Trojan.Trojan.Win32.Yoddos94159864
68. Sandbox report (Comodo SandBox)
69.  
70.  
71.  
72. * File Info
73.  
74. NAME
75. VALUE
76.  
77. Size
78. 219749
79.  
80. MD5
81. d47e1f8d4331b4772d4fab7326b70521
82.  
83. SHA1
84. ac02f52d0e3f09dafa4cebc9ba2e92d07b05e14c
85.  
86. SHA256
87. 70187342995ad75a0d76206db5ce29c24d431642249605307d57785a10140d45
88.  
89. Process
90. Exited
91.  
92. * Keys Created
93.  
94. * Keys Changed
95.  
96. * Keys Deleted
97.  
98. * Values Created
99.  
100. * Values Changed
101.  
102. NAME
103. TYPE
104. SIZE
105. VALUE
106.  
107. CUSoftwareMicrosoftWindowsCurrentVersionInternet
108. SettingsConnectionsSavedLegacySettings
109. REG_BINARY/REG_BINARY
110. 56/56
111. ?/?
112.  
113. LMSoftwareMicrosoftDrWatsonNumberOfCrashes
114. REG_DWORD/REG_DWORD
115. 4/4
116. 0x0/0x1
117.  
118. * Values Deleted
119.  
120. * Directories Created
121.  
122. NAME
123. LAST WRITE TIME
124. CREATION TIME
125. LAST ACCESS TIME
126. ATTR
127.  
128. C:Documents and SettingsAll UsersApplication DataMicrosoftDr Watson
129. 2009.01.09 10:37:29.796
130. 2009.01.09 10:37:29.578
131. 2009.01.09 10:37:29.796
132. 0x10
133.  
134. C:Program Files7rar
135. 2009.01.09 10:37:26.000
136. 2009.01.09 10:37:26.000
137. 2009.01.09 10:37:26.000
138. 0x10
139.  
140. * Directories Changed
141.  
142. * Directories Deleted
143.  
144. * Files Created
145.  
146. NAME
147. SIZE
148. LAST WRITE TIME
149. CREATION TIME
150. LAST ACCESS TIME
151. ATTR
152.  
153. C:Documents and SettingsAll UsersApplication DataMicrosoftDr
154. Watsondrwtsn32.log
155. 36682
156. 2009.01.09 10:37:30.140
157. 2009.01.09 10:37:29.578
158. 2009.01.09 10:37:29.578
159. 0x20
160.  
161. C:Documents and SettingsAll UsersApplication DataMicrosoftDr
162. Watsonuser.dmp
163. 20044
164. 2009.01.09 10:37:29.984
165. 2009.01.09 10:37:29.796
166. 2009.01.09 10:37:29.796
167. 0x20
168.  
169. * Files Changed
170.  
171. NAME
172. SIZE
173. LAST WRITE TIME
174. CREATION TIME
175. LAST ACCESS TIME
176. ATTR
177.  
178. C:WINDOWSsystem32configAppEvent.Evt
179. 65536/131072
180. 2009.01.09 10:22:47.250/2009.01.09 10:37:29.781
181. 2008.08.01 08:01:10.703/2008.08.01 08:01:10.703
182. 2008.08.08 10:20:18.234/2008.08.08 10:20:18.234
183. 0x20/0x20
184.  
185. * Files Deleted
186.  
187. * Directories Hidden
188.  
189. * Files Hidden
190.  
191. * Drivers Loaded
192.  
193. * Drivers Unloaded
194.  
195. * Processes Created
196.  
197. * Processes Terminated
198.  
199. * Threads Created
200.  
201. PID
202. PROCESS NAME
203. TID
204. START
205. START MEM
206. WIN32 START
207. WIN32 START MEM
208.  
209. 0x2b0
210. lsass.exe
211. 0x674
212. 0x7c810856
213. MEM_IMAGE
214. 0x75738e06
215. MEM_IMAGE
216.  
217. 0x2b0
218. lsass.exe
219. 0x6ac
220. 0x7c810856
221. MEM_IMAGE
222. 0x77e76bf0
223. MEM_IMAGE
224.  
225. 0x424
226. svchost.exe
227. 0x5d0
228. 0x7c810856
229. MEM_IMAGE
230. 0x77df9981
231. MEM_IMAGE
232.  
233. * Modules Loaded
234.  
235. * Windows Api Calls
236.  
237. * DNS Queries
238.  
239. DNS QUERY TEXT
240.  
241. howsdk.com IN A +
242.  
243. back.darkshellnew.com IN A +
244.  
245. * HTTP Queries
246.  
247. HTTP QUERY TEXT
248.  
249. back.darkshellnew.com GET /down.txt HTTP/1.1
250.  
251. * Verdict
252.  
253. AUTO ANALYSIS VERDICT
254.  
255. Undetected
256.  
257. * Mutexes Created Or Opened
258.  
259. PID
260. IMAGE NAME
261. ADDRESS
262. MUTEX NAME
263.  
264. 0x4ac
265. C:TESTsample.exe
266. 0x76ee3a34
267. RasPbFile
268.  
269. 0x4ac
270. C:TESTsample.exe
271. 0x771ba3ae
272. _!MSFTHISTORY!_
273.  
274. 0x4ac
275. C:TESTsample.exe
276. 0x771bc21c
277. WininetConnectionMutex
278.  
279. 0x4ac
280. C:TESTsample.exe
281. 0x771bc23d
282. WininetProxyRegistryMutex
283.  
284. 0x4ac
285. C:TESTsample.exe
286. 0x771bc2dd
287. WininetStartupMutex
288.  
289. 0x4ac
290. C:TESTsample.exe
291. 0x771d9710
292. c:!documents and settings!user!cookies!
293.  
294. 0x4ac
295. C:TESTsample.exe
296. 0x771d9710
297. c:!documents and settings!user!local settings!history!history.ie5!
298.  
299. 0x4ac
300. C:TESTsample.exe
301. 0x771d9710
302. c:!documents and settings!user!local settings!temporary internet
303. files!content.ie5!
304.  
305. 0x4ac
306. C:TESTsample.exe
307. 0x7c859add
308. DBWinMutex
309.  
310. 0x4ac
311. C:TESTsample.exe
312. 0x9a3677
313. howsdk.com:2012
314.  
315. * Events Created Or Opened
316.  
317. PID
318. IMAGE NAME
319. ADDRESS
320. EVENT NAME
321.  
322. 0x4ac
323. C:TESTsample.exe
324. 0x769c4ec2
325. Globaluserenv: User Profile setup event
326.  
327. 0x4ac
328. C:TESTsample.exe
329. 0x77a89422
330. Globalcrypt32LogoffEvent
331.  
332. 0x4ac
333. C:TESTsample.exe
334. 0x77de5f48
335. GlobalSvcctrlStartEvent_A3752DX
336.  
337. 0x768
338. C:WINDOWSsystem32drwtsn32.exe
339. 0x6d626725
340. DbgEngEvent_00000768