#1
Variant 1
Service
Possible displaynames and file locations
ServiceDll C:\Documents and Settings\NetworkService\1e0219eb.dll
ServiceDll C:\Documents and Settings\%user%\42ecacd.dll - Virustotal
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1e0219eb
Imagepath %SystemRoot%\System32\svchost.exe -k "1e0219eb"
File 1e0219eb.dll received on 2010.05.13 16:52:44 (UTC)
http://www.virustotal.com/analisis/75361b610426287685d57fb7e2947f52b1fe740cb6d3f5ac8e9c98fea0b7c7e7-1273769564
Result: 23/41 (56.10%)
a-squared 4.5.0.50 2010.05.10 Trojan.Win32.Agent!IK
AhnLab-V3 2010.05.13.01 2010.05.13 Win-Trojan/Mdmbot.30720
AntiVir 8.2.1.242 2010.05.13 TR/CryptRedol.30720.3
Antiy-AVL 2.0.3.7 2010.05.13 Trojan/Win32.Agent.gen
Avast 4.8.1351.0 2010.05.13 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.13 Win32:Malware-gen
AVG 9.0.0.787 2010.05.13 Agent2.ASUL
BitDefender 7.2 2010.05.13 Trojan.CryptRedol.Gen.3
Comodo 4832 2010.05.13 UnclassifiedMalware
F-Secure 9.0.15370.0 2010.05.13 Trojan.CryptRedol.Gen.3
Fortinet 4.1.133.0 2010.05.13 W32/Agent.DXTO!tr
GData 21 2010.05.13 Trojan.CryptRedol.Gen.3
Ikarus T3.1.1.84.0 2010.05.13 Trojan.Win32.Agent
Kaspersky 7.0.0.125 2010.05.13 Trojan.Win32.Agent.dxto
McAfee-GW-Edition 2010.1 2010.05.13 Artemis!E40670E6A0AD
Microsoft 1.5703 2010.05.13 Backdoor:Win32/Mdmbot.D
nProtect 2010-05-13.01 2010.05.13 Trojan.CryptRedol.Gen.3
Panda 10.0.2.7 2010.05.13 Suspicious file
Sunbelt 6298 2010.05.13 Trojan.Win32.Generic!BT
TheHacker 6.5.2.0.280 2010.05.13 Trojan/Agent.dxto
TrendMicro 9.120.0.1004 2010.05.13 BKDR_MDMBOT.A
TrendMicro-HouseCall 9.120.0.1004 2010.05.13 BKDR_MDMBOT.A
VBA32 3.12.12.4 2010.05.13 Trojan.Win32.Agent.dxto
Additional information
File size: 30720 bytes
MD5 : e40670e6a0ad1c41211f38b92bfe436a
e40670e6a0ad1c41211f38b92bfe436a
Variant 2
Also known as AppMgmt.dll
Service
Displayname Application Management
Service name Application Management
Description Processes installation, removal, and enumeration requests
for Active Directory IntelliMirror group policy programs. If the service
is disabled, users will be unable to install, remove, or enumerate any
IntelliMirror programs. If this service is disabled, any services that
explicitly depend on it will fail to start.
Default - Manual
Legitimate key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters\ServiceDll\%SystemRoot%\System32\appmgmts.dll
Service starts - Manual
Compromised key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt\Parameters\ServiceDll
C:\Documents and Settings\Default User\AppMgmt.dll
Service starts - automatic
C\Documents and Settings\Default User
File AppMgmt.dll received on 2010.05.06 03:57:39 (UTC)
Result: 5/40 (12.5%)
BitDefender 7.2 2010.05.06 Trojan.CryptRedol.Gen.3
F-Secure 9.0.15370.0 2010.05.06 Trojan.CryptRedol.Gen.3
GData 21 2010.05.06 Trojan.CryptRedol.Gen.3
Microsoft 1.5703 2010.05.05 Backdoor:Win32/Mdmbot.D
nProtect 2010-05-05.01 2010.05.05 Trojan.CryptRedol.Gen.3
Additional information
File size: 30720 bytes
MD5...: e40670e6a0ad1c41211f38b92bfe436a
Result: 5/40 (12.5%)
BitDefender 7.2 2010.05.06 Trojan.CryptRedol.Gen.3
F-Secure 9.0.15370.0 2010.05.06 Trojan.CryptRedol.Gen.3
GData 21 2010.05.06 Trojan.CryptRedol.Gen.3
Microsoft 1.5703 2010.05.05 Backdoor:Win32/Mdmbot.D
nProtect 2010-05-05.01 2010.05.05 Trojan.CryptRedol.Gen.3
Additional information
File size: 30720 bytes
MD5...: e40670e6a0ad1c41211f38b92bfe436a
========================================================================
========================================================================
No comments:
Post a Comment