ThreatScope Analysis Report
For file 7UNFVh.exe uploaded 2013-07-18 at 07:46:01 AM
Threat level: Malicious
Recommendation: Do not allow this file to be run in your network. Perform remediation on machines on which the file may have run.
Threat | Assessment | |
---|---|---|
Drops and runs executable file(s) in a directory of the user profile often used by malware |
||
Drops executable file(s) |
||
Possibly injects code into remote process(es) |
||
Writes to the filesystem in a directory of the user profile often used by malware |
||
Executes the Windows command shell program |
Screenshots: None
File details:
Hash MD5 |
c084cb7800a56ddb51976535a317e478 |
File size |
0 B |
|
Hash SHA-1 |
2537d699cd1e27373a64fb06ffa57f3999abcd84 |
File uploaded |
2013-07-18 07:46:01 AM |
|
Hash SHA-256 |
ba21f99f6ed273ef024d1e4699db76389e7d5a011528457bc75827a71c7d8d94 |
Report created |
2013-07-18 07:47:41 AM |
Technical Details
Requested HTTP URLs
No HTTP communications were detected.
Resolved hostnames
DNS was not used to resolve any hostnames.
IP addresses
No IP addresses were requested.
File system modifications
The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.
Event |
File path |
|
---|---|---|
Writes file |
C:\Documents and Settings\victimo\Application Data\Ozmufy\uhxio.exe |
|
Writes file |
C:\Documents and Settings\victimo\Local Settings\Temp\MRFF6AF.bat |
|
Writes file |
C:\Documents and Settings\victimo\NTUSER.DAT.LOG |
|
Writes file |
C:\Documents and Settings\victimo\NTUSER.DAT |
Process modifications
The analyzed file affected the following system processes.
Event |
File path |
|
---|---|---|
Creates Process |
C:\WINDOWS\system32\cmd.exe |
Registry
No Windows Registry changes were made.
Global system events
No global system events were detected.
Forcepoint has made an effort to determine if your submission is malicious however, Forcepoint cannot guarantee the accuracy of the result
Copyright © 2023 Forcepoint, Inc. All rights reserved
Follow Forcepoint on Facebook, Twitter and Security Labs
Facebook Twitter Security Labs