29 Aug 12, 11:23PM
I put some Trojan/Win32.Chifrax.gen in my coffee grinder...
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment.
A malicious backdoor trojan that runs in the background and allows remote access to the compromised system.
File System Modifications
The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 %Windir%\555555.exe 426,184 bytes MD5: 0x1E89B1A2446C9BD5B0AC35CFEB60469D
SHA-1: 0x829C28062137F4F14F1989949F59C4A4AF215AE4 Backdoor.Bifrose!gen
Trojan-Dropper.Win32.VB.ahht
Mal/Buzus-E
VirTool:Win32/VBInject.gen!CI
Virus.Win32.VB
2 [file and pathname of the sample #1] 505,977 bytes MD5: 0xF73AD858D5441F27F4FC69CD471A7C5E
SHA-1: 0x9248972AD45E9DC62111CDE985D861C21CEC718E Trojan.Win32.Chifrax.cmb
Memory Modifications
There were new processes created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 147,456 bytes
555555.exe %Windir%\555555.exe 425,984 bytes
Registry Modifications
The following Registry Key was created:
HKEY_CURRENT_USER\Software\WinRAR SFX
The newly created Registry Value is:
[HKEY_CURRENT_USER\Software\WinRAR SFX]
C%%Windows = "C:\Windows"
Other details
To mark the presence in the system, the following Mutex objects were created:
_SHuassist.mtx
_x_X_UPDATE_X_x_
_x_X_PASSWORDLIST_X_x_
_x_X_BLOCKMOUSE_X_x_
Now My coffee tastes like goat pee
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment.
A malicious backdoor trojan that runs in the background and allows remote access to the compromised system.
File System Modifications
The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 %Windir%\555555.exe 426,184 bytes MD5: 0x1E89B1A2446C9BD5B0AC35CFEB60469D
SHA-1: 0x829C28062137F4F14F1989949F59C4A4AF215AE4 Backdoor.Bifrose!gen
Trojan-Dropper.Win32.VB.ahht
Mal/Buzus-E
VirTool:Win32/VBInject.gen!CI
Virus.Win32.VB
2 [file and pathname of the sample #1] 505,977 bytes MD5: 0xF73AD858D5441F27F4FC69CD471A7C5E
SHA-1: 0x9248972AD45E9DC62111CDE985D861C21CEC718E Trojan.Win32.Chifrax.cmb
Memory Modifications
There were new processes created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 147,456 bytes
555555.exe %Windir%\555555.exe 425,984 bytes
Registry Modifications
The following Registry Key was created:
HKEY_CURRENT_USER\Software\WinRAR SFX
The newly created Registry Value is:
[HKEY_CURRENT_USER\Software\WinRAR SFX]
C%%Windows = "C:\Windows"
Other details
To mark the presence in the system, the following Mutex objects were created:
_SHuassist.mtx
_x_X_UPDATE_X_x_
_x_X_PASSWORDLIST_X_x_
_x_X_BLOCKMOUSE_X_x_
Now My coffee tastes like goat pee