Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Threat name: CRDF.Trojan.Trojan.Win32.Yoddos94159864
- File size: 215 kB (219 749 Bytes)
- MD5 Signature: d47e1f8d4331b4772d4fab7326b70521
- SHA1 Signature: ac02f52d0e3f09dafa4cebc9ba2e92d07b05e14c
- SHA256 Signature: 70187342995ad75a0d76206db5ce29c24d431642249605307d57785a10140d45
- Threat Status: Threat confirmed
- Reputation: 66 %
- Date added: Friday 24 August 2012 at 07:02:17
- Program Content
- TrID/32 - File Identifier v2.00/Linux - (C) 2003-06 By M.Pontello
- Definitions found: 4035
- Analyzing...
- Collecting data from file: /home/crdf-network/threatcenter/tmp.virus/649498041.malware.sample
- 60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
- 16.6% (.EXE) Win32 Executable Generic (8527/13/3)
- 14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
- 3.9% (.EXE) Generic Win/DOS Executable (2002/3)
- 3.8% (.EXE) DOS Executable Generic (2000/1)
- File disassembler
- Information not available for this threat.
- Report detection of virus (VirusTotal)
- nProtect Trojan/W32.Agent.219749
- CAT-QuickHeal Nothing FOUND
- McAfee Generic.dx!bfnf
- K7AntiVirus Trojan
- TheHacker Trojan/Jorik.Yoddos.oa
- VirusBuster Nothing FOUND
- F-Prot Nothing FOUND
- Norman W32/Agent.AEIQP
- TotalDefense Nothing FOUND
- TrendMicro-HouseCall TROJ_GEN.R47CDHL
- Avast Win32:Malware-gen
- eSafe Nothing FOUND
- ClamAV Nothing FOUND
- Kaspersky Trojan.Win32.Jorik.Yoddos.oa
- BitDefender Trojan.Agent.AVXV
- SUPERAntiSpyware Nothing FOUND
- Emsisoft Trojan.Win32.Yoddos!IK
- Comodo UnclassifiedMalware
- F-Secure Trojan.Agent.AVXV
- DrWeb Nothing FOUND
- AntiVir TR/Yoddos.C.1
- TrendMicro TROJ_GEN.R47CDHL
- McAfee-GW-Edition Generic.dx!bfnf
- Sophos Nothing FOUND
- Jiangmin Heur:Worm/Mydoom
- Antiy-AVL Trojan/Win32.Jorik.gen
- Microsoft Trojan:Win32/Yoddos.C
- ViRobot Nothing FOUND
- GData Trojan.Agent.AVXV
- Commtouch Nothing FOUND
- AhnLab-V3 Trojan/Win32.Jorik
- VBA32 TScope.Malware-Cryptor.SB.gen
- PCTools Trojan.Gen
- ESET-NOD32 Win32/Agent.PDD
- Rising Nothing FOUND
- Ikarus Nothing FOUND
- Fortinet W32/Jorik_Yoddos.OA!tr
- AVG Generic28.CEDS
- Panda Trj/Resdec.c
- CRDF Anti Malware CRDF.Trojan.Trojan.Win32.Yoddos94159864
- Sandbox report (Comodo SandBox)
- * File Info
- NAME
- VALUE
- Size
- 219749
- MD5
- d47e1f8d4331b4772d4fab7326b70521
- SHA1
- ac02f52d0e3f09dafa4cebc9ba2e92d07b05e14c
- SHA256
- 70187342995ad75a0d76206db5ce29c24d431642249605307d57785a10140d45
- Process
- Exited
- * Keys Created
- * Keys Changed
- * Keys Deleted
- * Values Created
- * Values Changed
- NAME
- TYPE
- SIZE
- VALUE
- CUSoftwareMicrosoftWindowsCurrentVersionInternet
- SettingsConnectionsSavedLegacySettings
- REG_BINARY/REG_BINARY
- 56/56
- ?/?
- LMSoftwareMicrosoftDrWatsonNumberOfCrashes
- REG_DWORD/REG_DWORD
- 4/4
- 0x0/0x1
- * Values Deleted
- * Directories Created
- NAME
- LAST WRITE TIME
- CREATION TIME
- LAST ACCESS TIME
- ATTR
- C:Documents and SettingsAll UsersApplication DataMicrosoftDr Watson
- 2009.01.09 10:37:29.796
- 2009.01.09 10:37:29.578
- 2009.01.09 10:37:29.796
- 0x10
- C:Program Files7rar
- 2009.01.09 10:37:26.000
- 2009.01.09 10:37:26.000
- 2009.01.09 10:37:26.000
- 0x10
- * Directories Changed
- * Directories Deleted
- * Files Created
- NAME
- SIZE
- LAST WRITE TIME
- CREATION TIME
- LAST ACCESS TIME
- ATTR
- C:Documents and SettingsAll UsersApplication DataMicrosoftDr
- Watsondrwtsn32.log
- 36682
- 2009.01.09 10:37:30.140
- 2009.01.09 10:37:29.578
- 2009.01.09 10:37:29.578
- 0x20
- C:Documents and SettingsAll UsersApplication DataMicrosoftDr
- Watsonuser.dmp
- 20044
- 2009.01.09 10:37:29.984
- 2009.01.09 10:37:29.796
- 2009.01.09 10:37:29.796
- 0x20
- * Files Changed
- NAME
- SIZE
- LAST WRITE TIME
- CREATION TIME
- LAST ACCESS TIME
- ATTR
- C:WINDOWSsystem32configAppEvent.Evt
- 65536/131072
- 2009.01.09 10:22:47.250/2009.01.09 10:37:29.781
- 2008.08.01 08:01:10.703/2008.08.01 08:01:10.703
- 2008.08.08 10:20:18.234/2008.08.08 10:20:18.234
- 0x20/0x20
- * Files Deleted
- * Directories Hidden
- * Files Hidden
- * Drivers Loaded
- * Drivers Unloaded
- * Processes Created
- * Processes Terminated
- * Threads Created
- PID
- PROCESS NAME
- TID
- START
- START MEM
- WIN32 START
- WIN32 START MEM
- 0x2b0
- lsass.exe
- 0x674
- 0x7c810856
- MEM_IMAGE
- 0x75738e06
- MEM_IMAGE
- 0x2b0
- lsass.exe
- 0x6ac
- 0x7c810856
- MEM_IMAGE
- 0x77e76bf0
- MEM_IMAGE
- 0x424
- svchost.exe
- 0x5d0
- 0x7c810856
- MEM_IMAGE
- 0x77df9981
- MEM_IMAGE
- * Modules Loaded
- * Windows Api Calls
- * DNS Queries
- DNS QUERY TEXT
- howsdk.com IN A +
- back.darkshellnew.com IN A +
- * HTTP Queries
- HTTP QUERY TEXT
- back.darkshellnew.com GET /down.txt HTTP/1.1
- * Verdict
- AUTO ANALYSIS VERDICT
- Undetected
- * Mutexes Created Or Opened
- PID
- IMAGE NAME
- ADDRESS
- MUTEX NAME
- 0x4ac
- C:TESTsample.exe
- 0x76ee3a34
- RasPbFile
- 0x4ac
- C:TESTsample.exe
- 0x771ba3ae
- _!MSFTHISTORY!_
- 0x4ac
- C:TESTsample.exe
- 0x771bc21c
- WininetConnectionMutex
- 0x4ac
- C:TESTsample.exe
- 0x771bc23d
- WininetProxyRegistryMutex
- 0x4ac
- C:TESTsample.exe
- 0x771bc2dd
- WininetStartupMutex
- 0x4ac
- C:TESTsample.exe
- 0x771d9710
- c:!documents and settings!user!cookies!
- 0x4ac
- C:TESTsample.exe
- 0x771d9710
- c:!documents and settings!user!local settings!history!history.ie5!
- 0x4ac
- C:TESTsample.exe
- 0x771d9710
- c:!documents and settings!user!local settings!temporary internet
- files!content.ie5!
- 0x4ac
- C:TESTsample.exe
- 0x7c859add
- DBWinMutex
- 0x4ac
- C:TESTsample.exe
- 0x9a3677
- howsdk.com:2012
- * Events Created Or Opened
- PID
- IMAGE NAME
- ADDRESS
- EVENT NAME
- 0x4ac
- C:TESTsample.exe
- 0x769c4ec2
- Globaluserenv: User Profile setup event
- 0x4ac
- C:TESTsample.exe
- 0x77a89422
- Globalcrypt32LogoffEvent
- 0x4ac
- C:TESTsample.exe
- 0x77de5f48
- GlobalSvcctrlStartEvent_A3752DX
- 0x768
- C:WINDOWSsystem32drwtsn32.exe
- 0x6d626725
- DbgEngEvent_00000768
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement