[[analysis:norman:c26e17d710cbf7816d7cf2eb22aea60d]]
 
Trace: home » analysis » norman » c26e17d710cbf7816d7cf2eb22aea60d 
Norman Scanner Engine 5.83.  2
Sandbox 05.83, dated 20/05-2005

Your message ID (for later reference): 20050806-138

nepenthes-c26e17d710cbf7816d7cf2eb22aea60d-PopUpBlocker8.exe : [SANDBOX] contains a security risk - W32/Malware (Signature: W32/Spybot.OIT)
 [ General information ]
    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
    * File length:        97280 bytes.

 [ Changes to filesystem ]
    * Creates file C:\WINDOWS\SYSTEM\PopUpBlocker8.exe.
    * Deletes file 1.

 [ Changes to registry ]
    * Creates value "Popup Blocker System8 Monitoring"="PopUpBlocker8.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
    * Creates value "Popup Blocker System8 Monitoring"="PopUpBlocker8.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
    * Creates value "Popup Blocker System8 Monitoring"="PopUpBlocker8.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

 [ Network services ]
    * Connects to "panos.my-wifi.info" on port 3267 (TCP).
    * Connects to IRC Server.

 [ Process/window information ]
    * Creates a mutex Bot-0.8.
    * Will automatically restart after boot (I'll be back...).


(C) 2004 Norman ASA. All Rights Reserved.
The material presented is distributed by Norman ASA as an information source only.
Sent by removed@email.com to sandbox.

Received 6.Aug 2005 at 06.01 - processed 6.Aug 2005 at 06.02.
 
analysis/norman/c26e17d710cbf7816d7cf2eb22aea60d.txt · Last modified: 2006/03/05 20:14
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki