[[analysis:norman:b54cca1a64c46f17067c7f4b08059d5e]]
 
Trace: home » analysis » norman » b54cca1a64c46f17067c7f4b08059d5e 
Norman Scanner Engine 5.83.  7
Sandbox 05.83, dated  3/10-2005

Your message ID (for later reference): 20051109-477

nepenthes-b54cca1a64c46f17067c7f4b08059d5e-hostsers.exe : Not detected by sandbox (Signature: W32/Poebot.J)
 [ General information ]
    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
    * File length:        86016 bytes.

 [ Changes to filesystem ]
    * Deletes file C:\WINDOWS\SYSTEM32\`}! Xp%.
    * Creates file C:\WINDOWS\SYSTEM32\`}! Xp%.
    * Deletes file rikrllu.bat.
    * Creates file rikrllu.bat.

 [ Process/window information ]
    * Creates a mutex .
    * Attemps to open rikrllu.bat NULL.

 [ Signature Scanning ]
    * rikrllu.bat (123 bytes) : no signature detection.


(C) 2004 Norman ASA. All Rights Reserved.
The material presented is distributed by Norman ASA as an information source only.
Sent by removed@email.com to sandbox.

Received 9.Nov 2005 at 13.51 - processed 9.Nov 2005 at 13.51.
 
analysis/norman/b54cca1a64c46f17067c7f4b08059d5e.txt · Last modified: 2006/03/05 20:14
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki