27.04.2012, 16:56
Malware info:
SHA256: c8c45593575f844cf7a711046a56f3557a8e206e425623cc31f966bdf9ab3fec
SHA1: fdf3bb9f8c23b099ac6e0cf8d1d6e2600d13836b
MD5: 96dffa06c38537d2989824e400cb01bd
File size: 85.3 KB ( 87352 bytes )
VT info (34/42):
Changes in the system:
SHA256: c8c45593575f844cf7a711046a56f3557a8e206e425623cc31f966bdf9ab3fec
SHA1: fdf3bb9f8c23b099ac6e0cf8d1d6e2600d13836b
MD5: 96dffa06c38537d2989824e400cb01bd
File size: 85.3 KB ( 87352 bytes )
VT info (34/42):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Classes\CLSID\{D8D2F841-C4FC-4ADE-731A-56E6D1755624}\InprocServer32\: "%WinDir%\SUGUZEFHWD.dll"
HKLM\Software\Classes\TypeLib\{472A988E-2192-5F11-F0C0-ED3419BB40AB}\1.0\0\win32\: "%WinDir%\SUGUZEFHWD.dll"
HKLM\System\CurrentControlSet\Services\AntediluvianSartorial\ImagePath: "%Program Files%\KernelFantasia\TherapeuticAntediluvian.exe ParchmentFantasia"
Files:
%Program Files%\AverTherapeutic\AverNebula.exe - random file name (from list)
%Program Files%\KernelFantasia\TherapeuticAntediluvian.exe - random file name (from list)
%WinDir%\ SUGUZEFHWD.dllVT info(29/42):[Aby zobaczyć linki, zarejestruj się tutaj]
Treść widoczna jedynie dla zarejestrowanych użytkowników