Scribd Logo
Upload

Welcome to Scribd!

  • Claro

    Uploaded by

    culiados
    4 views2 pages
    claro sid disudn ydgf7

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    claro sid disudn ydgf7

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views2 pages

    Claro

    Uploaded by

    culiados
    claro sid disudn ydgf7

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Submission Summary:

    Submission details:
    Submission received: 5 June 2008, 08:35:43
    Processing time: 3 min 26 sec
    Submitted sample:
    File MD5: 0x1BCF09F14702C9F68A88FFA073AFA3D8
    File SHA-1: 0xCB62FC01CEB661BB64D1AC1FB81168F3B607744B
    Filesize: 3.724 bytes
    Summary of the findings:
    What's been found
    Severity Level
    Downloads/requests other files from Internet.
    Creates a startup registry entry.
    Packed with a packer that is known to be used by malware (e.g. to complicate thr
    eat analysis or detection).
    Technical Details:

    File System Modifications


    The following file was created in the system:
    #
    Filename(s)
    File Size
    File Hash
    1
    %System%\DLD.exe
    3.724 bytes
    MD5: 0x1BCF09F14702C9F68A88FFA07
    3AFA3D8
    SHA-1: 0xCB62FC01CEB661BB64D1AC1FB81168F3B607744B
    Note:
    %System% is a variable that refers to the System folder. By default, this is C:\
    Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Wi
    ndows\System32 (Windows XP).
    Memory Modifications
    There were new processes created in the system:
    Process Name
    Process Filename
    Main Module Size
    DLD.exe %System%\dld.exe
    86.016 bytes
    [filename of the sample #1]
    [file and pathname of the sample #1]
    86.016 b
    ytes
    Attention! The following process was intentionally hidden from the user:
    Process Name
    Main Module Size
    DLD.exe1.exe
    86.016 bytes
    Registry Modifications
    The newly created Registry Value is:
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    LUOM = "%System%\DLD.exe"
    so that DLD.exe runs every time Windows starts
    Other details
    The following Internet downloads were started (the retrieved bits are saved into
    the local file):
    URL to be downloaded
    Filename for the downloaded bits
    http://www.ccjj68.cn/pz/da0.exe
    ??$
    http://www.ccjj68.cn/pz/da1.exe
    ??$
    http://www.ccjj68.cn/pz/da2.exe
    ??$

    http://www.ccjj68.cn/pz/da3.exe
    http://www.ccjj68.cn/pz/da4.exe
    http://www.ccjj68.cn/pz/da5.exe
    http://www.ccjj68.cn/pz/da6.exe
    http://www.ccjj68.cn/pz/da7.exe
    http://www.ccjj68.cn/pz/da8.exe
    http://www.ccjj68.cn/pz/da9.exe
    http://www.ccjj68.cn/pz/da10.exe
    http://www.ccjj68.cn/pz/da11.exe
    http://www.ccjj68.cn/pz/da12.exe
    http://www.ccjj68.cn/pz/da13.exe
    http://www.ccjj68.cn/pz/da14.exe
    http://www.ccjj68.cn/pz/da15.exe
    http://www.ccjj68.cn/pz/da16.exe
    http://www.ccjj68.cn/pz/da17.exe
    http://www.ccjj68.cn/pz/da18.exe
    http://www.ccjj68.cn/pz/da19.exe
    http://www.ccjj68.cn/pz/da20.exe
    http://www.ccjj68.cn/pz/da21.exe
    http://www.ccjj68.cn/pz/da22.exe
    http://www.ccjj68.cn/pz/da23.exe
    http://www.ccjj68.cn/pz/da24.exe
    http://www.ccjj68.cn/pz/da25.exe
    http://www.ccjj68.cn/pz/da26.exe
    http://www.ccjj68.cn/pz/da27.exe
    http://www.ccjj68.cn/pz/da28.exe
    http://www.ccjj68.cn/pz/da29.exe
    http://www.ccjj68.cn/pz/da30.exe

    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$
    ??$

    You might also like