PDF

Print

ThreatScope Analysis Report

For file 7UNFVh.exe uploaded 2013-07-18 at 07:46:01 AM

Threat level: Malicious

Recommendation: Do not allow this file to be run in your network. Perform remediation on machines on which the file may have run.

Threat Assessment

Drops and runs executable file(s) in a directory of the user profile often used by malware

Drops executable file(s)

Possibly injects code into remote process(es)

Writes to the filesystem in a directory of the user profile often used by malware

Executes the Windows command shell program

Screenshots: None

File details:

Hash MD5

c084cb7800a56ddb51976535a317e478

File size

0 B

Hash SHA-1

2537d699cd1e27373a64fb06ffa57f3999abcd84

File uploaded

2013-07-18 07:46:01 AM

Hash SHA-256

ba21f99f6ed273ef024d1e4699db76389e7d5a011528457bc75827a71c7d8d94

Report created

2013-07-18 07:47:41 AM

Technical Details

Requested HTTP URLs


No HTTP communications were detected.

Resolved hostnames


DNS was not used to resolve any hostnames.

IP addresses


No IP addresses were requested.

File system modifications

The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.

Event

File path

Writes file

C:\Documents and Settings\victimo\Application Data\Ozmufy\uhxio.exe

Writes file

C:\Documents and Settings\victimo\Local Settings\Temp\MRFF6AF.bat

Writes file

C:\Documents and Settings\victimo\NTUSER.DAT.LOG

Writes file

C:\Documents and Settings\victimo\NTUSER.DAT

Process modifications

The analyzed file affected the following system processes.

Event

File path

Creates Process

C:\WINDOWS\system32\cmd.exe

Registry


No Windows Registry changes were made.

Global system events


No global system events were detected.

Forcepoint has made an effort to determine if your submission is malicious however, Forcepoint cannot guarantee the accuracy of the result