PDF

Print

ThreatScope Analysis Report

For file usHuoew.exe uploaded 2013-07-19 at 11:39:26 AM

Threat level: Malicious

Recommendation: Do not allow this file to be run in your network. Perform remediation on machines on which the file may have run.

Threat Assessment

Drops and runs executable file(s) in a directory of the user profile often used by malware

Drops executable file(s)

Possibly injects code into remote process(es)

Writes to the filesystem in a directory of the user profile often used by malware

Executes the Windows command shell program

Screenshots: None

File details:

Hash MD5

6ff28b7bc3c238051be2a3187ea928ea

File size

0 B

Hash SHA-1

e3f8085758306d8f3f2816beec0fb34331d60b52

File uploaded

2013-07-19 11:39:26 AM

Hash SHA-256

33dd4347f5385449dfe8f937e7ee516b7286f664444924b9be32c75086ac993b

Report created

2013-07-19 11:41:06 AM

Technical Details

Requested HTTP URLs


No HTTP communications were detected.

Resolved hostnames


DNS was not used to resolve any hostnames.

IP addresses


No IP addresses were requested.

File system modifications

The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.

Event

File path

Writes file

C:\Documents and Settings\victimo\NTUSER.DAT.LOG

Writes file

C:\Documents and Settings\victimo\NTUSER.DAT

Writes file

C:\Documents and Settings\victimo\Application Data\Moaswo\pouda.exe

Process modifications

The analyzed file affected the following system processes.

Event

File path

Creates Process

C:\WINDOWS\system32\cmd.exe

Registry


No Windows Registry changes were made.

Global system events


No global system events were detected.

Forcepoint has made an effort to determine if your submission is malicious however, Forcepoint cannot guarantee the accuracy of the result