PDF

Print

ThreatScope Analysis Report

For file qAz575t.exe uploaded 2013-07-15 at 09:37:35 AM

Threat level: Malicious

Recommendation: Do not allow this file to be run in your network. Perform remediation on machines on which the file may have run.

Threat Assessment

Drops and runs executable file(s) in a directory of the user profile often used by malware

Drops executable file(s)

Possibly injects code into remote process(es)

Writes to the filesystem in a directory of the user profile often used by malware

Executes the Windows command shell program

Screenshots: None

File details:

Hash MD5

38993908e25b04e9f54947d5805245d6

File size

0 B

Hash SHA-1

2f762688355cb18a3b604cf0ebff5c59279f9dcd

File uploaded

2013-07-15 09:37:35 AM

Hash SHA-256

3a66011b63927e96ef3f02fcf34b6c54d6597dd815bd11a4927535dfb4e3b7bc

Report created

2013-07-15 09:39:10 AM

Technical Details

Requested HTTP URLs


No HTTP communications were detected.

Resolved hostnames


DNS was not used to resolve any hostnames.

IP addresses


No IP addresses were requested.

File system modifications

The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.

Event

File path

Writes file

C:\Documents and Settings\victimo\NTUSER.DAT.LOG

Writes file

C:\Documents and Settings\victimo\NTUSER.DAT

Writes file

C:\Documents and Settings\victimo\Application Data\Ijze\anbid.exe

Writes file

C:\Documents and Settings\victimo\Local Settings\Temp\GTH8161.bat

Process modifications

The analyzed file affected the following system processes.

Event

File path

Creates Process

C:\WINDOWS\system32\cmd.exe

Registry


No Windows Registry changes were made.

Global system events


No global system events were detected.

Forcepoint has made an effort to determine if your submission is malicious however, Forcepoint cannot guarantee the accuracy of the result