81e0fa3acbabda50fa1711760a794db3

From aldeid
Jump to navigation Jump to search

Description

INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Global information

  • SHA256: a29cc90ca0f87f929606024f3fefb4d7375215edc589ef52b785dd56c4048636
  • SHA1: d6a68d529c4442f5e46a33e3b3a8b04f7862e7d5
  • MD5: 81e0fa3acbabda50fa1711760a794db3
  • File size: 1.4 MB ( 1490944 bytes )
  • File name: vfbu.exe
  • File type: Win32 EXE

Detection

  • Detection ratio: 30 / 41 (2012-06-27 11:42:09 UTC)
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Buzus 20120627
AntiVir TR/Rimecud.A.472 20120627
Avast Win32:Trojan-gen 20120627
AVG SHeur4.AANS 20120627
BitDefender Trojan.Generic.7500111 20120627
CAT-QuickHeal Trojan.Buzus.lidc 20120627
Comodo UnclassifiedMalware 20120627
DrWeb Win32.HLLW.Autoruner.14264 20120627
Emsisoft Trojan.Win32.Buzus!IK 20120627
F-Secure Trojan.Generic.7500111 20120627
Fortinet W32/Buzus.LIDC!tr 20120627
GData Trojan.Generic.7500111 20120627
Ikarus Trojan.Win32.Buzus 20120627
K7AntiVirus Trojan 20120626
Kaspersky Trojan.Win32.Buzus.lidc 20120627
McAfee Artemis!81E0FA3ACBAB 20120627
McAfee-GW-Edition Artemis!81E0FA3ACBAB 20120626
Microsoft Trojan:Win32/Rimecud.A 20120627
NOD32 probably a variant of Win32/Agent.GGESNKU 20120627
Norman W32/Malware.YAAS 20120627
nProtect Trojan/W32.Agent.1490944.BR 20120627
Panda Generic Malware 20120627
Sophos Mal/Generic-L 20120627
Symantec WS.Reputation.1 20120627
TheHacker Trojan/Buzus.lidc 20120626
TrendMicro TROJ_GEN.R06CDFJ 20120627
TrendMicro-HouseCall TROJ_GEN.R06CDFJ 20120626
VBA32 Trojan.Buzus.lidc 20120626
VIPRE Trojan.Win32.Generic!BT 20120627
VirusBuster Trojan.Buzus!Jjo7cZiA6N8 20120626

Behavior

Key, Mouse, Clipboard, Microphone and Screen Caputering

  • Contains functionality for read data from the clipboard
  • Contains functionality to read the clipboard data

Network

Contacted domains:

  • livesecureupdate.com
  • liveupdates2000.com
  • secureservis.in
  • updatewindows.net
  • winsecureserv.com
  • winsekurityupdaq.co.cc

Urls found in memory or binary data

  • Source: vfbu.exe String found in binary or memory: file://
  • Source: vfbu.exe String found in binary or memory: http://
  • Source: vfbu.exe String found in binary or memory: http://digitalriver.com/digitalright/activatelicense
  • Source: vfbu.exe String found in binary or memory: http://digitalriver.com/digitalright/generatekey
  • Source: vfbu.exe String found in binary or memory: http://digitalriver.com/digitalright/validatelicense
  • Source: vfbu.exe String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
  • Source: vfbu.exe String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
  • Source: vfbu.exe String found in binary or memory: http://webservice.digitalright.digitalriver.com/digitalright
  • Source: vfbu.exe String found in binary or memory: http://webservice.digitalright.digitalriver.com/xsd
  • Source: vfbu.exe String found in binary or memory: http://www.w3.org/2001/xmlschema
  • Source: vfbu.exe String found in binary or memory: http://www.w3.org/2001/xmlschema-instance
  • Source: vfbu.exe String found in binary or memory: https://

Performs DNS lookups

  • Source: unknown DNS traffic detected: queries for: liveupdates2000.com

Links

Comments

Retrieved from "https://www.aldeid.com/w/index.php?title=81e0fa3acbabda50fa1711760a794db3&oldid=28989"