Submission Summary:

What's been foundSeverity Level
Creates a startup registry entry.
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Security RiskDescription
Email-Worm.Brontok!sd5 Email-Worm.Brontok!sd5 is a mass-mailing application that propagates from one system to another by creating a new email message, attaching itself and then sending the message without user's consent.
Backdoor.SdBot.BXR Backdoor.SdBot.BXR installs itself into the registry forcing it to run with windows. It provides a backdoor server which allows a remote intruder to gain access and control over the computer. It spreads via MSN Messenger and sends a message containing a link enticing users to download the worm to all contacts of an infected machine.
Adware.Component.Unrelated These common components have files and keys that are in different threats but the threats are not related to one another in that the author of the signature is not the same. It is recommended that all these entries be removed.

Threat CategoryDescription
A network-aware worm that attempts to replicate across the existing network(s)

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0000920.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0001922.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0001941.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0006114.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0008115.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0009118.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0010115.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0011118.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0014117.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0016121.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0017121.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0018120.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu FeeLCoMz CoMMuNiTy.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mi m?sica.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mi m?sica1.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mis im?genes.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mis im?genes1.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mis v?deos.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mis v?deos1.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\CyBeRz@AllNetwork.Org.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\CyBeRz@AllNetwork1.Org.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\FaTaLisTiCz_Fx@Yahoo.Com.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\FaTaLisTiCz_Fx@Yahoo1.Com.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\FeeLCoMz CoMMuNiTy.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\FeeLCoMz CoMMuNiTy2.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Host_2.com
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\lsass.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\lsass2.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador 01-05.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador 28-10.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador 29-04.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador 29-10.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador 30-10.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador 31-10.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador1.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia SYSTEM 31-10.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\svchost.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\svchost1.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\ViRuZ@AllNetwork.Org.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\ViRuZ@AllNetwork1.Org.exe
%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Winzip.exe
%MyDocuments%\FeeLCoMz CoMMuNiTy\Apa itu FeeLCoMz CoMMuNiTy.exe
%MyDocuments%\FeeLCoMz CoMMuNiTy\CyBeRz@AllNetwork.Org.exe
%MyDocuments%\FeeLCoMz CoMMuNiTy\FaTaLisTiCz_Fx@Yahoo.Com.exe
%MyDocuments%\FeeLCoMz CoMMuNiTy\ViRuZ@AllNetwork.Org.exe
%MyDocuments%\FeeLCoMz CoMMuNiTy.exe
%MyDocuments%\My eBooks\Apa itu My eBooks.exe
%MyDocuments%\My Music\Apa itu My Music.exe
%MyDocuments%\My Pictures\Apa itu My Pictures.exe
%MyDocuments%\Rahasia %UserName%.exe
%Programs%\Startup\Hardware Monitor.exe
c:\Rahasia %UserName% 01-11.exe
%Windir%\system\lsass.exe
%Windir%\system\svchost.exe
%System%\drivers\etc\Host.com
%System%\Winzip.exe
61,440 bytes MD5: 0x6C08BD41F70D51662DF04EB4ECD2F9EE
SHA-1: 0x1E75F3F14DE56B34D503CB92426957999A310F4D
W32.Rontokbro@mm [Symantec]
Email-Worm.Win32.Brontok.u [Kaspersky Lab]
W32/Rontokbro.gen@MM [McAfee]
Mal/VB-F, Mal/VB-F, Mal/VB-F [Sophos]
Virus.Win32.Kangen [Ikarus]
Win32/Brontok.worm.61440.B [AhnLab]
2 %MyDocuments%\About FeeLCoMz.V1.Htm
%MyDocuments%\My Pictures\Wallpaper %UserName%.Htm
%Programs%\About FeeLCoMz.V1.Htm
%Windir%\FeeLCoMz.V1.Htm
444 bytes MD5: 0xF27DC86C10553E1D4608A9EBDF3308CD
SHA-1: 0xE09468D43F8796E145094AB3CCAE6AB8FF0927E5
(not available)
3 %Windir%\FeeLCoMz\a0000920.txt
%Windir%\FeeLCoMz\a0001922.txt
%Windir%\FeeLCoMz\a0001941.txt
%Windir%\FeeLCoMz\a0006114.txt
%Windir%\FeeLCoMz\a0008115.txt
%Windir%\FeeLCoMz\A0009118.txt
%Windir%\FeeLCoMz\A0010115.txt
%Windir%\FeeLCoMz\A0011118.txt
%Windir%\FeeLCoMz\A0014117.txt
%Windir%\FeeLCoMz\A0016121.txt
%Windir%\FeeLCoMz\A0017121.txt
%Windir%\FeeLCoMz\A0018120.txt
%Windir%\FeeLCoMz\Apa itu FeeLCoMz CoMMuNiTy.txt
%Windir%\FeeLCoMz\Apa itu Mi m?sica.txt
%Windir%\FeeLCoMz\Apa itu Mi m?sica1.txt
%Windir%\FeeLCoMz\Apa itu Mis im?genes.txt
%Windir%\FeeLCoMz\Apa itu Mis im?genes1.txt
%Windir%\FeeLCoMz\Apa itu Mis v?deos.txt
%Windir%\FeeLCoMz\Apa itu Mis v?deos1.txt
%Windir%\FeeLCoMz\CyBeRz@AllNetwork.Org.txt
%Windir%\FeeLCoMz\CyBeRz@AllNetwork1.Org.txt
%Windir%\FeeLCoMz\FaTaLisTiCz_Fx@Yahoo.Com.txt
%Windir%\FeeLCoMz\FaTaLisTiCz_Fx@Yahoo1.Com.txt
%Windir%\FeeLCoMz\FeeLCoMz CoMMuNiTy.txt
%Windir%\FeeLCoMz\FeeLCoMz CoMMuNiTy2.txt
%Windir%\FeeLCoMz\Host_2.txt
%Windir%\FeeLCoMz\lsass2.txt
%Windir%\FeeLCoMz\Rahasia Administrador.txt
%Windir%\FeeLCoMz\Rahasia Administrador1.txt
%Windir%\FeeLCoMz\Rahasia SYSTEM 31-10.txt
%Windir%\FeeLCoMz\svchost1.txt
%Windir%\FeeLCoMz\ViRuZ@AllNetwork.Org.txt
%Windir%\FeeLCoMz\ViRuZ@AllNetwork1.Org.txt
51 bytes MD5: 0x6056B1A076BBD0E814A9B570A5BEB25B
SHA-1: 0xA8B08B0197FD4DFE5DF9D37089EAFB088EC5C602
(not available)
4 [file and pathname of the sample #1] 781,896 bytes MD5: 0xE3665C9782FA8AE7E71E78F93B37D091
SHA-1: 0xC228F83BE44897BFD93FFC39F1D92609696E3B34
W32.Rontokbro@mm [Symantec]
Email-Worm.Win32.Brontok.u [Kaspersky Lab]
Virus.Win32.Kangen [Ikarus]

 

Memory Modifications

Process NameProcess FilenameMain Module Size
svchost.exe%Windir%\system\svchost.exe65,536 bytes
lsass.exe%Windir%\system\lsass.exe65,536 bytes
Winzip.exe%System%\winzip.exe65,536 bytes
Rahasia Administrador.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador.exe65,536 bytes
Rahasia SYSTEM 31-10.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia SYSTEM 31-10.exe65,536 bytes
svchost1.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\svchost1.exe65,536 bytes
FaTaLisTiCz_Fx@Yahoo1.Com.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\FaTaLisTiCz_Fx@Yahoo1.Com.exe65,536 bytes
ViRuZ@AllNetwork.Org.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\ViRuZ@AllNetwork.Org.exe65,536 bytes
A0014117.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0014117.exe65,536 bytes
Apa itu Mis im?genes1.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mis im?genes1.exe65,536 bytes
A0011118.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0011118.exe65,536 bytes
A0010115.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0010115.exe65,536 bytes
A0009118.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0009118.exe65,536 bytes
A0000920.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0000920.exe65,536 bytes
Apa itu Mis v?deos1.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mis v?deos1.exe65,536 bytes
Apa itu Mi m?sica.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mi m?sica.exe65,536 bytes
A0017121.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0017121.exe65,536 bytes
A0018120.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0018120.exe65,536 bytes
A0016121.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0016121.exe65,536 bytes
Apa itu FeeLCoMz CoMMuNiTy.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu FeeLCoMz CoMMuNiTy.exe65,536 bytes
A0001922.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0001922.exe65,536 bytes
A0001941.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0001941.exe65,536 bytes
A0006114.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\A0006114.exe65,536 bytes
Apa itu Mi m?sica1.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mi m?sica1.exe65,536 bytes
Apa itu Mis im?genes.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mis im?genes.exe65,536 bytes
Host_2.com%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Host_2.com65,536 bytes
a0008115.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\a0008115.exe65,536 bytes
Rahasia Administrador1.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Rahasia Administrador1.exe65,536 bytes
Apa itu Mis v?deos.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\Apa itu Mis v?deos.exe65,536 bytes
CyBeRz@AllNetwork.Org.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\CyBeRz@AllNetwork.Org.exe65,536 bytes
CyBeRz@AllNetwork1.Org.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\CyBeRz@AllNetwork1.Org.exe65,536 bytes
FaTaLisTiCz_Fx@Yahoo.Com.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\FaTaLisTiCz_Fx@Yahoo.Com.exe65,536 bytes
FeeLCoMz CoMMuNiTy2.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\FeeLCoMz CoMMuNiTy2.exe65,536 bytes
ViRuZ@AllNetwork1.Org.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\ViRuZ@AllNetwork1.Org.exe65,536 bytes
FeeLCoMz CoMMuNiTy.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\FeeLCoMz CoMMuNiTy.exe65,536 bytes
lsass2.exe%Temp%\6c08bd41f70d51662df04eb4ecd2f9ee\lsass2.exe65,536 bytes

 

Registry Modifications

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2017 ThreatExpert. All rights reserved.