Mal/VBCheMan-C

    Category: Viruses and SpywareProtection available since:29 Mar 2012 07:19:11 (GMT)
    Type: Malicious behaviorLast Updated:07 Jun 2017 05:47:10 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Examples of Mal/VBCheMan-C include:

    Example 1

    File Information

    Size
    106K
    SHA-1
    04bf3ff34cab27f81447309fb81b92df2d6da2b6
    MD5
    f3f99b4872b6ca4e8554b4a026eb081e
    CRC-32
    aee91e71
    File type
    Windows executable
    First seen
    2016-11-10

    Runtime Analysis

    Copies Itself To
    • c:\Documents and Settings\test user\Application Data\Candycam.exe
    Registry Keys Created
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      SubmitCrashReport
      c:\Documents and Settings\test user\Application Data\Candycam.exe
    Processes Created
    • c:\Documents and Settings\test user\application data\candycam.exe
    • c:\windows\system32\cmd.exe

    Example 2

    File Information

    Size
    356K
    SHA-1
    32944fc995f25ad73721a9a77065c54a4b6de437
    MD5
    8ee19733908a5d0d0bbbf74e22fb6475
    CRC-32
    71d0c9b5
    File type
    Windows executable
    First seen
    2007-10-29

    Example 3

    File Information

    Size
    108K
    SHA-1
    33047f42de05262a8313deda5a9bbc3d62c4552c
    MD5
    d02d50053ca35be08f6e1a84a65c117f
    CRC-32
    4b3465d9
    File type
    Windows executable
    First seen
    2010-11-03

    Runtime Analysis

    Copies Itself To
    • C:\WINDOWS\Sontiwin.exe
    • F:/YNKTYU/NHERTY/uyhjhgj.EXE
    Dropped Files
    • F:/YNKTYU/NHERTY/Desktop.ini
    • F:/autorun.inf
    Registry Keys Created
    • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
      c:\test_item.exe
      c:\test_item.exe:*:Enabled:Ci Servs
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      Ci Servs
      Sontiwin.exe
    • HKLM\SOFTWARE\Microsoft\Tracing\FWCFG
      MaxFileSize
      0x00100000
    • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr
      Guid
      710adbf0-ce88-40b4-a50d-231ada6593f0
    • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh
      ControlFlags
      0x00000001
    • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
      Ci Servs
      Sontiwin.exe
    Registry Keys Modified
    • HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance
      Error Count
      0x0000000e
    Processes Created
    • c:\windows\sontiwin.exe
    • c:\windows\system32\netsh.exe
    DNS Requests
    • irc.metraiciono.com

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection