PDF

Print

ThreatScope Analysis Report

For file msmx21.exe uploaded 2013-01-15 at 09:47:06 AM

Threat level: Malicious

Recommendation: Do not allow this file to be run in your network. Perform remediation on machines on which the file may have run.

Threat Assessment

Drops and runs executable file(s)

Drops executable file(s)

Writes to the filesystem in the Windows Program Files directory

Writes to the filesystem in a directory of the user profile

Executes the Windows command shell program

Screenshots: None

File details:

Hash MD5

1362a54a7560ab7f1cadc7caf21399b5

File size

514.50 KB

Hash SHA-1

83c34d481435a68291fc1b4c765f7838833d4bf5

File uploaded

2013-01-15 09:47:06 AM

Hash SHA-256

ec6096b37a87643f18313d5c6ef9f5ffd7db9299aa813b1e1075eb84bd8cdc7b

Report created

2013-01-15 09:50:09 AM

Technical Details

Requested HTTP URLs


No HTTP communications were detected.

Resolved hostnames


DNS was not used to resolve any hostnames.

IP addresses


No IP addresses were requested.

File system modifications

The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.

Event

File path

Creates file

c:\Program Files\Windows NT\svchost.exe

Writes file

c:\Program Files\Windows NT\svchost.exe

Opens file

c:\Program Files\Windows NT\svchost.exe

Creates file

c:\Documents and Settings\Administrator\Local Settings\Temp\msc.bat

Writes file

c:\Documents and Settings\Administrator\Local Settings\Temp\msc.bat

Opens file

c:\Documents and Settings\Administrator\Local Settings\Temp\msc.bat

Process modifications

The analyzed file affected the following system processes.

Event

File path

Creates process

Sample started

Creates process

C:\Program Files\Windows NT\svchost.exe

Creates process

C:\WINDOWS\system32\cmd.exe

Creates process

C:\WINDOWS\system32\chcp.com

Creates process

C:\WINDOWS\system32\attrib.exe

Registry


No Windows Registry changes were made.

Global system events

The following global system events were detected.

Event

Name

Creates semaphore

shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}99b5.exe

Creates semaphore

shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}

Creates event

WIN_13E06125A235B4F70963D2F256092DA5CA7BD4D7

Creates event

SYS_3ED36C30F6E3A1E2BC2F74A30ED75E2C0057B292

Creates mutex

SHIMLIB_LOG_MUTEX

Creates event

DINPUTWINMM

Creates event

Global\userenv: User Profile setup eventE1}

Websense has made an effort to determine if your submission is malicious however, Websense cannot guarantee the accuracy of the result