Systweak Spyware Library
Systweak Spyware Library text
More than 1309737 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Trojan.midgare.hhn Analysis Report
Threat Submitted On: 8/13/2008 2:04:49 PM
Threat Analysed On: 8/13/2008 7:04:49 PM
Threat Updated On: 11/10/2009 6:02:11 AM
Type : Trojan
Symptoms of midgare.hhn
  • Performs illicit activities under the disguise of a useful program.
  • Download malicious code and programs such as keyloggers.
  • It is capable of fetching user’s personal and confidential information.
Information
Alias : trojan.win32.midgare.hhn
Md5 Hash : [6824b84b20bb17880fdb39f32dba2b7f]
File Size : (57852 bytes)

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: antivir.exe
Path : %programfiles%\anti virus
Md5Hash :1dba3f94ff5259750cb24f96bd00a430 ( 57734 bytes)
File: kakita.exe
Path : %programfiles%\bifrost
Md5Hash :7808ab726fd0c90689b932f491ff6091 ( 58552 bytes)
File: server.exe
Path : %programfiles%\bifrost
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
485227406675404726cfbcfc67bf2137 ( 32637 bytes)
57c93d05f9e85d8be103384dda4cfd12 ( 57725 bytes)
632a461dc3dac2bd75ea4408a1eea5fb ( 57909 bytes)
7b90aa96a186075751384001b2973ad3 ( 32637 bytes)
9f0209a278d55092b2240c8a33114097 ( 32637 bytes)
ad6486753a482cdac4f91dfcb9438a39 ( 32637 bytes)
b5d74227bb2a729aa8b4e82c5b097bc6 ( 57708 bytes)
d1506214af0779ec7815923a1b830da5 ( 32637 bytes)
d27310d79ab189eea0f6df81a0728afe ( 32637 bytes)
d9f9e80d39c329e552abeef6e6aa7127 ( 57829 bytes)
e4d7ce766619efe1f744737a980f448b ( 32637 bytes)
File: svchost.exe
Path : %programfiles%\java
Md5Hash :8982e2a77560bc0d3d08fce64fe84443 ( 32637 bytes)
File: server.exe
Path : %programfiles%\kasber
Md5Hash :68102184576019e2ca00f4704605a200 ( 32637 bytes)
File: msnlive.exe
Path : %programfiles%\msnlive
Md5Hash :3d4260a01b3ec836e72f6584f3fe5dcc ( 32637 bytes)
File: firefox
Path : %programfiles%\windows
Md5Hash :02a0f8fcc2a4516221875bb654b5a304 ( 57693 bytes)
File: svchost
Path : %programfiles%\windows
Md5Hash :3050d6b7a97671816530598e5832fea5 ( 32637 bytes)
File: 119f_appcompat.txt
Path : %temp%
Md5Hash :97fd50ab557e4b2146406b41cfc07183 ( 2590 bytes)
File: 11de_appcompat.txt
Path : %temp%
Md5Hash :d219a7169f874770147eb22fc1e6cf0d ( 2590 bytes)
File: 12f8_appcompat.txt
Path : %temp%
Md5Hash :a16d9f072094b234a1db93d7b7d70e9a ( 2590 bytes)
File: 13d71.dmp
Path : %temp%
Md5Hash :a032ada61d0283f7f7a3b0f7a288a82a ( bytes)
File: 185d_appcompat.txt
Path : %temp%
Md5Hash :6110f1cf9114c006e4ccc1e1f9b2ff84 ( 2590 bytes)
File: 189f_appcompat.txt
Path : %temp%
Md5Hash :a8d9a631c1588aea615232d3aa313ee5 ( 2590 bytes)
File: 1a1d8.dmp
Path : %temp%
Md5Hash :5945625f546ed51efe1529300e24d49c ( bytes)
File: 1a69b.dmp
Path : %temp%
Md5Hash :51b8ee33ce2bfbdbbef0d35b96ff1213 ( bytes)
File: 1ed7_appcompat.txt
Path : %temp%
Md5Hash :1c188b34478ab8701d1078533f54cce7 ( 4352 bytes)
File: 214e5.dmp
Path : %temp%
Md5Hash :fe9af5e202a4e17659fb92c14c4c341d ( bytes)
File: 2407_appcompat.txt
Path : %temp%
Md5Hash :4a2c60a7f9051f0611408d48ae6bde8a ( 2590 bytes)
File: 247b_appcompat.txt
Path : %temp%
Md5Hash :e304c2be5c070c0e99546576d00fb2c4 ( 2590 bytes)
File: 252e_appcompat.txt
Path : %temp%
Md5Hash :3bbc4d2bbb2aa548406bcc5b49009daf ( 2590 bytes)
File: 2912_appcompat.txt
Path : %temp%
Md5Hash :7ef6e7289169b9f71d0f58b301ed8551 ( 2590 bytes)
File: 3003_appcompat.txt
Path : %temp%
Md5Hash :e936d74977f10cc948e78a2303b80a1d ( 2590 bytes)
File: 3028_appcompat.txt
Path : %temp%
Md5Hash :62584ade363e3a29e733f158a2ca7f2f ( 2590 bytes)
File: 33f_appcompat.txt
Path : %temp%
Md5Hash :51762e586166a6f2c01250bf9b9931f3 ( 2588 bytes)
File: 3680_appcompat.txt
Path : %temp%
Md5Hash :31fae89f8916cfe87713a3dc789d9f9a ( 2590 bytes)
File: 3ac5_appcompat.txt
Path : %temp%
Md5Hash :18f5da0c042ba2bd167f625bc762b83e ( 2590 bytes)
File: 3ce2_appcompat.txt
Path : %temp%
Md5Hash :5a819ed89dca80a70104c6b5fe749b45 ( bytes)
File: 3dbf_appcompat.txt
Path : %temp%
Md5Hash :31f6cfaf9c030b31bcf4c5c08715a1b6 ( 2588 bytes)
File: 3f4f_appcompat.txt
Path : %temp%
Md5Hash :3c3fbd00c546316ecb1b6af623410829 ( 2588 bytes)
File: 43787.dmp
Path : %temp%
Md5Hash :324f5a36137d02c9b17afbd4f9ab2adc ( bytes)
File: 45a_appcompat.txt
Path : %temp%
Md5Hash :f0fa66f979be8cb53725c6aa3e29c863 ( 2590 bytes)
File: 46dd_appcompat.txt
Path : %temp%
Md5Hash :17bb45decfe1726ff015d212e870b223 ( 2590 bytes)
File: 48fb_appcompat.txt
Path : %temp%
Md5Hash :0468c6999d5d8d3ec69364416250819e ( 2590 bytes)
File: 48ff_appcompat.txt
Path : %temp%
Md5Hash :9f8922f445c5bbba30342f5cd0cf8d09 ( 2590 bytes)
File: 52f8_appcompat.txt
Path : %temp%
Md5Hash :984ab0731587b07f06ec5d0444d27de4 ( 2590 bytes)
File: 6971_appcompat.txt
Path : %temp%
Md5Hash :67a2e114a0ae8e6ec660e5991efcc1b3 ( 2590 bytes)
File: 6a07_appcompat.txt
Path : %temp%
Md5Hash :74b1ee910b25f45372ad8f69ed645cc4 ( 2588 bytes)
File: 7597_appcompat.txt
Path : %temp%
Md5Hash :4298da54bef125f4e232b397ab426464 ( 2590 bytes)
File: 7a07_appcompat.txt
Path : %temp%
Md5Hash :fefcde396fcec20757dfde8d83cefed0 ( 2588 bytes)
File: 7a17_appcompat.txt
Path : %temp%
Md5Hash :707dfab2008eb2d69ef3db2a388c70df ( 2588 bytes)
File: 7b7b_appcompat.txt
Path : %temp%
Md5Hash :79814038a8a476d56896fefb71be268e ( 2582 bytes)
File: 841a_appcompat.txt
Path : %temp%
Md5Hash :f506af922b705456bca59464e1644433 ( 2590 bytes)
File: 9889_appcompat.txt
Path : %temp%
Md5Hash :80736c88c1c603a4cd1aff9a4a8c5f5e ( bytes)
File: 9b40_appcompat.txt
Path : %temp%
Md5Hash :2e5de072c0fc6f3cddd9ec4fe5e94ea0 ( bytes)
File: a06b_appcompat.txt
Path : %temp%
Md5Hash :150f8dc2c82c507472a5e6dfb5f2baed ( 2590 bytes)
File: aea9_appcompat.txt
Path : %temp%
Md5Hash :3fe2b029c571de6176901cdecae87208 ( 2590 bytes)
File: b98_appcompat.txt
Path : %temp%
Md5Hash :e7a47dad21b2cc520fca1012a2fff7f9 ( 2590 bytes)
File: c12a_appcompat.txt
Path : %temp%
Md5Hash :75bccb83de1f983ce24b69b781788103 ( 2590 bytes)
File: c18d_appcompat.txt
Path : %temp%
Md5Hash :5d925f9c83c3c3f96ea16cedfaee4197 ( 2590 bytes)
File: c9f_appcompat.txt
Path : %temp%
Md5Hash :47abba17c7c9912e42a98b442dc40339 ( 2590 bytes)
File: cba_appcompat.txt
Path : %temp%
Md5Hash :ae9acd735fa10c98fa80285f52bdefc1 ( 2590 bytes)
File: d49a_appcompat.txt
Path : %temp%
Md5Hash :ba1878cdcf22f4c0b8e22cebe898b933 ( bytes)
File: da98_appcompat.txt
Path : %temp%
Md5Hash :1919c59a0eaae2ca9fe84f5269a83530 ( 2588 bytes)
File: e0c5_appcompat.txt
Path : %temp%
Md5Hash :7d4a3fc54d3498d07cf060266bb4466f ( 2590 bytes)
File: e178_appcompat.txt
Path : %temp%
Md5Hash :c6094003b772b1c5cacbb092eca89d86 ( 2588 bytes)
File: ed54_appcompat.txt
Path : %temp%
Md5Hash :fd2842dbde5ebb0415ef0ff46ba14492 ( 2590 bytes)
File: f250_appcompat.txt
Path : %temp%
Md5Hash :742deff06c45791fb537415d1eb1120f ( 2582 bytes)
File: f9cf_appcompat.txt
Path : %temp%
Md5Hash :dd14949fda662057e44af67be6270c44 ( 2582 bytes)
File: faad_appcompat.txt
Path : %temp%
Md5Hash :c92a2ef683dfb901ab4f8858905650b5 ( 2590 bytes)
File: fc9_appcompat.txt
Path : %temp%
Md5Hash :8b5b5e79c419c0f7b15599dca5cb4642 ( 2590 bytes)
File: fe4f_appcompat.txt
Path : %temp%
Md5Hash :da2ac14e2100bb5ae84b02e0ca977de3 ( 2582 bytes)
File: ff2c_appcompat.txt
Path : %temp%
Md5Hash :93b3dc418a6b097623920a57eed7974d ( 29006 bytes)
File: ffa7_appcompat.txt
Path : %temp%
Md5Hash :419b3e799dd0cd903d4bd2b6e42bd229 ( bytes)
File: ffba_appcompat.txt
Path : %temp%
Md5Hash :578eb95a4458db739fe20f557de74df4 ( 2590 bytes)
File: fileinfo.who
Path : %temp%
Md5Hash :ca655ec1515117f39ad99a3ce6acd0c4 ( 81 bytes)
File: server.exe
Path : %temp%
Md5Hash :58110db65d5725edffd5ba26b9e01570 ( 57541 bytes)
File: tmp1.exe
Path : %temp%
Md5Hash :9880080c5ec1819e15dcb254f31c9585 ( 57865 bytes)
File: tmpfile678.exe
Path : %temp%
Md5Hash :f050c1cf7e68cb1b49547e7454340d22 ( 32637 bytes)
File: addon.dat
Path : %userprofile%\application data
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
064aef53c3344c5e428f370dafda6238 ( 24753 bytes)
155f4e40545493931ad0317075abe840 ( 25138 bytes)
1663463cdc2d14cfc8d2c4647671d2cb ( 25067 bytes)
1c5d38999d43040958b266a0b6fa92fb ( 25016 bytes)
21537f98bee234da0acd7375c38d0a0d ( 24957 bytes)
2204fc2c39c14d7dbf20ef946b54dc09 ( 24734 bytes)
28127f1f3239fc18e5b4ff0d5f473043 ( 25114 bytes)
299d2153915bb755c9e38152e1d13ef2 ( 24734 bytes)
2e4578df45270b7df08a2d144bc7b9d5 ( 24974 bytes)
30a9be206040faf3d857a8a5a346e3f1 ( 25261 bytes)
31804261aae88e30f0f0aa316c664739 ( 25211 bytes)
3c723d765b4c9495deb74eb01f97360a ( 24762 bytes)
3dd9394a738d150dea6804b34b00209f ( 25104 bytes)
3f2a38389826c22305a4190ed8e351cb ( 24909 bytes)
43bcbdf3526dfc1767344bf0656622c9 ( 24952 bytes)
49ef0571c22baa53b3c3ddd92954c8ca ( 25234 bytes)
4dfde0c5d28ae763978c0f7283692885 ( 24930 bytes)
5037ee557e71eefc4f292a54672d8637 ( 25018 bytes)
50646b6b8df0784c125d60e1c7e11f03 ( 24019 bytes)
5dcae92c595c65c87cd76ff9add58c9e ( 25293 bytes)
60aafce39950fef3e32b2b6df7de49a2 ( 25035 bytes)
6a61bb611af5f2376cf7f3b40a304154 ( 25060 bytes)
7a38bd4c30c006cfe7b650aec3589604 ( 23760 bytes)
937366889f3b292ec1ebd22db6d18f85 ( 23718 bytes)
94e6a5c7288029c9dae9ae054474c4de ( 25028 bytes)
9b9e10cd376dc1afae77e4154887f765 ( 23996 bytes)
a0ed890774bd147abc25b2de02452d5a ( 24832 bytes)
a0fb6af8be6b8920892c2cf43346b56f ( 25210 bytes)
a918409b8ed9a715f96a09b169ba28a1 ( 25287 bytes)
b21fd671d95ccb49b12bdd4026e38119 ( 25328 bytes)
b287c6b7ec6d2d8a1c667b8bc73c3963 ( 24714 bytes)
b77009b0e0c17757c8ce1fdec3422d0a ( 24843 bytes)
b88646d8079ca0cea0c7fbcd4e0f7566 ( 24835 bytes)
c0f9ab54920cc79523e7e072f488a57f ( 24642 bytes)
c416f6d61b2b36023567908b6b6808f3 ( 24790 bytes)
d6f1de4b38eaff358072add06c5b735a ( 24915 bytes)
e5c17d02615dacaf5d65a4e7b69c6c64 ( 25088 bytes)
ecb5e2c3fbc1704dd1a411d1330020c6 ( 24637 bytes)
edf744948733800671599d10a83473e2 ( 25183 bytes)
f3dcfea86474c5391fdbdb5b5d062d35 ( 25025 bytes)
fd260914971a412520114a68e06904e8 ( 25252 bytes)
File: addono.dat
Path : %userprofile%\application data
Md5Hash :bf62b5a7f4fbe0a99379e6e5798cb032 ( 24830 bytes)
File: addons.dat
Path : %userprofile%\application data
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0c4249f590e302f103f7a0228fe6569d ( 25260 bytes)
1ca734a0f22ae2a8b268d3acae709ec2 ( 25188 bytes)
24cb6fd100b0c6e11025534457516203 ( 25195 bytes)
257405f44d3259119526ac93be6ff3ac ( 24688 bytes)
264c11aac185413635f5a23595226c7a ( 24966 bytes)
341bd08233b3edb72c70c41f89372721 ( 25154 bytes)
358063793e21ba27268debe297ca8c03 ( 24832 bytes)
36b26adfbce5a8d788419073d058f129 ( 24711 bytes)
37378535f3384855bdd3a16c0358100b ( 24900 bytes)
3da3bf0dddfd5f8e65252896794edb99 ( 24911 bytes)
47124328cd816c0b3e2bff916ed075d6 ( 24770 bytes)
548d1ce1b4f08f512ff84f9e8d7a3ee4 ( 25016 bytes)
68bb76f68691eb67aaa8d6f08a79a33b ( 25205 bytes)
6c663ca8280a455838f7bfc2add0966c ( 25101 bytes)
6cd9b26028f6582c44d2cb3edd22363d ( 24901 bytes)
74dbf146bffefcf7c3018b8ced720e31 ( 25184 bytes)
7725a3f2b0d9c71fa1e764bb8818cd5d ( 25220 bytes)
798a3e31466517679461f63a72e12d6f ( 24184 bytes)
798acfaa99b598507868091ae89b2d15 ( 25000 bytes)
7e1360e4e28809c972f08cecf5ea2ce1 ( 25169 bytes)
7e5beb63d5cab1d66181fb088f3a60f5 ( 25093 bytes)
816b6208faf9107fc85f2a59c1ecc690 ( 25021 bytes)
83260df6bc4409250516fc523dc732d8 ( 24773 bytes)
86076d6d21e005019df22781d31cdc91 ( 24788 bytes)
90385d120b329baa8173db15f879606e ( 25215 bytes)
913e482b9d5787252ce9a8ef016e3c12 ( 24721 bytes)
9b13024e07faed3880f29da28235a4e5 ( 24923 bytes)
a58a402fe80220847955787638285fd7 ( 24747 bytes)
a63aecd6acd42f228b85d787bc406993 ( 25224 bytes)
a7dc56876039aa3c716c172776487523 ( 24741 bytes)
a8067808a8f3e1a1cbc6686805bf4d2d ( 24781 bytes)
b90673eb4db658ed1dab17e246e381aa ( 25263 bytes)
bc92b7bb8b36619792b378dce0d82afb ( 25268 bytes)
bcdc2f0489bd848a7eb745fe5761be4c ( 25074 bytes)
c4f7f141fa4f2816695249e1c343a9cd ( 25080 bytes)
cf231e8aea6d8cb682a24380e4225638 ( 25031 bytes)
ee2321d96791ab932693e6527e136170 ( 24653 bytes)
f7c383fe348e4a2a75dd44f411ef4b25 ( 25030 bytes)
fb2b1e11b48c131454036470ef8b6b5a ( 25095 bytes)
fedeee97f705851eeca4ca84dac504f2 ( 25235 bytes)
File: ads.dat
Path : %userprofile%\application data
Md5Hash :e952e9b8b756bfba2ccb6d923930c2a6 ( 24877 bytes)
File: config.dat
Path : %userprofile%\application data
Md5Hash :5699dee1836370292362aec81acd94fa ( 25058 bytes)
File: windir32.dat
Path : %userprofile%\application data
Md5Hash :946d62d666431ab026f559c8b594b6cf ( 25021 bytes)
File: msn messeng.exe
Path : %windir%\%system%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
42ee9d8badc88d4fa8a9a15b671bdb7c ( 57883 bytes)
a00bc0271a9c727571b5e7f25d7c5e11 ( 57979 bytes)
cc1fb567fb5b23c4cdc30789fee24047 ( 57773 bytes)
ce41d6792cfe0cdd267221bb736364e1 ( 57773 bytes)
e2fa93a2b51da27776632f6c7c76726f ( 57852 bytes)
f2f05bf35974c571acc0763366bac12c ( 57773 bytes)
File: msn.exe
Path : %windir%\%system%
Md5Hash :8761cb1ebcf15bc56bad5e6b1e3797c5 ( 57979 bytes)
File: msngrs.exe
Path : %windir%\%system%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
5390d766b0fb9619ba7fdea2fa371a0e ( 57777 bytes)
64406ab91919f5544f8de4e69ccc2f54 ( 57777 bytes)
File: msnmesseng.exe
Path : %windir%\%system%
Md5Hash :c097fa94c6ed8a820e9442df1fba617c ( 57979 bytes)
File: msnmsgr.exe
Path : %windir%\%system%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1be6e95f3e8c47555784d4c095f2cb8d ( 57979 bytes)
9e546d3cb6b64b4c1d25c712f43c7bac ( 57979 bytes)
c5e865dcadb83f61375db84f16dde860 ( 57979 bytes)
File: omar.exe
Path : %windir%\%system%
Md5Hash :24d54bf8ce70744fbcf342b51b26be71 ( 57761 bytes)
File: msconfigs.exe
Path : %windir%\config
Md5Hash :eaa801bc7b0259b068341f6f623a2308 ( 59866 bytes)
File: server_out.pr
Path : %windir%\softwareprotector
Md5Hash :3ae6218e51390ad7172960da1e883554 ( 37 bytes)
File: svchost.exe
Path : %windir%\system
Md5Hash :47cb0523ebc95557754214ba751559d2 ( 57824 bytes)
File: ctfmon.exe
Path : %windir%\system32\%system%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
650ea976b314056eb55d4cf3901df8c3 ( 57852 bytes)
6824b84b20bb17880fdb39f32dba2b7f ( 57852 bytes)
ddd14534f439f6384b7a04a2b2b50d5d ( 57852 bytes)
File: msn messeng.exe
Path : %windir%\system32\%system%
Md5Hash :d6c37667a8858fcb80efac5a93bcc5c9 ( 57953 bytes)
File: tmp32.exe
Path : %windir%
Md5Hash :a934f4f4d1aa477ceac8c6f0370bfd38 ( 32637 bytes)
File: update32.exe
Path : %windir%
Md5Hash :b0cd6a19e9b7b8ea6e098c7ac27e8c64 ( 95634 bytes)
File: [randomname].exe
Path : %workingdir%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
001acf5575353f1a9fe29dc99935a515 ( 32256 bytes)
0048042b30d9ee9fbb739cfcb72d4dfa ( 31101 bytes)
00ccfd5db48b76c98f3ddea160031a2b ( 57374 bytes)
00fafe5ce7d99110113f815eb0d9b2f6 ( 32637 bytes)
015c3f7e0c8f89734b67685bb119555f ( 32637 bytes)
023e8fa996ccfcb6ad8ccb13d2c6d71b ( 32256 bytes)
02a0f8fcc2a4516221875bb654b5a304 ( bytes)
03bd7cb289010ecd3712fc0512f73007 ( 57473 bytes)
03df4cc6209ad2547a817153b6ea5546 ( 32637 bytes)
0428784bf31c50984cb742e8fd316035 ( 32256 bytes)
04e4134e6b867289509b00d2eae248b4 ( 30208 bytes)
05037e99b0880fcf657efa2273b70845 ( bytes)
05549d819e36c4ed5927797f9f6eb59b ( 30448 bytes)
0580815531da389a24ce3c0ecf756dd8 ( bytes)
0628c0c50ab37a556a0d31aef1c7483f ( 31133 bytes)
077b22252729341fe7b94c43c590bdf6 ( 43389 bytes)
092257962c93fb0c2e1c5b99e1a65fda ( 31165 bytes)
094535774f6490d2bebb785cf30c93cc ( 32637 bytes)
0a135ea696af3a41202624bbd4c15073 ( 32256 bytes)
0a5f4fcd176fe753da0582c560eaac94 ( 57662 bytes)
0a639925b6fd46832e4cffeb28c435c8 ( 32637 bytes)
0a6c1858c5696a45af235fc687b96c2d ( 32637 bytes)
0b91dd5e5fdc52b226947f41a3ac15bc ( 32256 bytes)
0cb39114cae4a28083969426bb15e397 ( 32637 bytes)
0d03d8147ef9d746ebdc44653615e631 ( 32637 bytes)
0d9b7601881dfe7fbb76aaace6303572 ( 58854 bytes)
0da0577590ac98018651d43554c33e1a ( 33637 bytes)
0e06eb86e7b2e42fd900b582efa223b8 ( 40829 bytes)
1012fb282d76b90771671ce0e43936a6 ( 57885 bytes)
10573fa46561748e48a2383aad5980a0 ( 32637 bytes)
107b9d005e6b53f4d0172af670d997e7 ( 32637 bytes)
13ad0dda28c299bde1cd84a0266546dd ( 32256 bytes)
13b4e88edd55a6cda30d295ff23499a3 ( 30720 bytes)
142347508d7b9cb85b0a325c4179d73b ( 57948 bytes)
149aa054f4eb5bbf3625c9f81bc25278 ( 32637 bytes)
1506c61ff58140577effd36e89400014 ( 32669 bytes)
15b3c3dcedeb20fea1fea3648cfa2cfb ( 52736 bytes)
16232efc53f548f0bb238377389b1aee ( 32637 bytes)
173440c0c200e0cad117f40ab4673c6f ( 32637 bytes)
17502de708091328130cdb28400fccc7 ( 32256 bytes)
175d25e7a9014df8e7167bad774a6d1c ( 32669 bytes)
17c6a5111ca4a0ff24c4cb2bb5c79e38 ( 32637 bytes)
180da32d9cc24f755789d3f2cfdd663a ( 31101 bytes)
1b34e6cc978de4e4d8334b8b9e66f39b ( 32637 bytes)
1be6e95f3e8c47555784d4c095f2cb8d ( 57979 bytes)
1d0e551794fde215045c9d5cb1b44c7d ( 32669 bytes)
1d6019ab6a545d04cfb0162ad87b8ecf ( 64706 bytes)
1dba3f94ff5259750cb24f96bd00a430 ( 57734 bytes)
1e4f6518128d8fbd9c8913cf257efe7b ( 32637 bytes)
1f0678a75cd4550c348f3a049a7e9f5b ( 31101 bytes)
1ff47da7670e7a97161e24fcd8dc670e ( 32669 bytes)
2090019557131f8fd355f90d546fb67a ( 32669 bytes)
21493d60e6c6cab00c9e6586613300a4 ( 57875 bytes)
227355ab81f1da49d16c2205dbe2364f ( 32637 bytes)
22c9559ef4974b6bb297c6cdf5e02a92 ( 59866 bytes)
235d8e52fc95298d0e9d94f9c522710f ( 57672 bytes)
23c9526eda830338f1023e523f6e2c6a ( 32637 bytes)
240ae7dc16b28a80b49e3bf31fd4384d ( 142010 bytes)
2465b402566a2bfdf77c0c65030dc220 ( 40829 bytes)
24d54bf8ce70744fbcf342b51b26be71 ( 57761 bytes)
25286cc6be326c4c6f3eadeca0e46b5e ( 32669 bytes)
257e544e217104e8d33f94d03
File: [randomname].exe /silent /s /s /qn /sp- /passive -s -s
Path : %workingdir%
Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0f3872540e6d9efd13f25fff10dd17f4 ( bytes)
31ca7d885336c569f57b25ba5b25275d ( bytes)
4a86a48d9dbf3d71f2b6c8fc74600d63 ( bytes)
5a91eee790e70c79428e2986e02120a2 ( bytes)
c234aa705991d6b831a95fcdbbdca06a ( bytes)
d2e05949ed5898617cc6a71f645197d2 ( bytes)
d95657f402552e9e8fe63c71fd1acd61 ( bytes)
de00417ae5c8643df7f2f9dadd175fb7 ( bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : desktop.ini
Path : %homepath%\my documents
Md5Hash :869cba0364c55b0c6524419a8b86df88 ( 83 bytes)
File : logg.dat
Path : %programfiles%\anti virus
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : klog.dat
Path : %programfiles%\bifrost
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : logg.dat
Path : %programfiles%\bifrost
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : klog.dat
Path : %programfiles%\java
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : klog.dat
Path : %programfiles%\windows
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 102e9.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 104fc.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1055a.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 10615.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 10961.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 10c8e.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 115b5.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 116fd.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1174c.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1178a.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 118d2.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 11bff.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 11cf9.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 12ae3.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 12c6a.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 12ca8.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 12fb6.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 13534.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 13a35.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 13b7d.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1459f.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 145ed.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 14716.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1491a.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 15109.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 155bc.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 15927.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 17412.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 17431.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1821b.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 18538.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1bbe8.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1c60a.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1d04b.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1e9fd.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1f49c.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 1f71c.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 21c38.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 22b7b.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 25bd2.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 2d71c.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 2fbfa.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 433af.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 4ac2a.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : 506cd.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : e9a4.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : fada.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : tmp2.exe
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : tmpfile679.exe
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : klog.dat
Path : %windir%\%system%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : klog.dat
Path : %windir%\config
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : klog.dat
Path : %windir%\system
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
File : klog.dat
Path : %windir%\system32\%system%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)
Creates the following infected Registry Keys on user's System
Note:
Delete these Registries to remove Infection
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
plg1 = "[reg_binary, size: 260 bytes]"
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
plg1 = "[reg_binary, size: 260 bytes]"
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
plg1 = "[reg_binary, size: 260 bytes]"
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
plg1 = "[reg_binary, size: 260 bytes]"
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
plg1 = "[reg_binary, size: 260 bytes]"
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
plg1 = "[reg_binary, size: 260 bytes]"
|__ Value Added :
avhkyxir = "[reg_binary, size: 1064 bytes]"
|__ Value Added :
slcayonv = "[reg_binary, size: 1064 bytes]"
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
plg1 = "[reg_binary, size: 260 bytes]"
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
plg1 = "[reg_binary, size: 260 bytes]"
|__ Value Added :
klg = "[reg_binary, size: 1 bytes]"
|__ Value Added :
plg1 = "[reg_binary, size: 260 bytes]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %programfiles%\bifrost\kakita.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\%system%\msn.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\%system%\msn messeng.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\%system%\omar.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\config\msconfigs.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\system32\%system%\msn messeng.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\%system%\msnmesseng.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %programfiles%\bifrost\server.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %programfiles%\windows\firefox s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %programfiles%\anti virus\antivir.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\system32\%system%\ctfmon.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %programfiles%\msnlive\msnlive.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\%system%\msngrs.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %programfiles%\bifrost\server.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\%system%\msnmsgr.exe s]"
|__ Value Added :
stubpath = "[reg_expand_sz, value: %windir%\system\svchost.exe s]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
|__ Value Added :
nck = "[reg_binary, size: 16 bytes]"
Also creates the following legitmate Registries on user's Systems which are also created by Genuine Software :-
Note:
These Keys can be kept as they are also created by genuine Software
The following Registry Values are added to the provided Registry Keys which are also created by Genuine Software :-
Note:
These Values can be left as they are also created by legitimate Software :-
Creates the following child process(s) on execution:

%windir%\explorer.exe

%programfiles%\internet explorer\iexplore.exe

services.exe

Creates the Following MUTEX(s) on user's System:-
lm_omar
0ok3s
hgfsmutex
Copies the Following Files to Given Location :-

Copies :%workingdir%\[random name].exe

To : %windir%\system32\%system%\ctfmon.exe

NOTE:

1. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
2. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
3. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
4. %windir% Refers to the windows root folder. By default it is 'C:\Windows'
5. %workingdir% Refers to the current directory in which user is working.
6. %allusersprofile% Refers to the windows all users profile folder. By default it is 'C:\Documents and Settings\All Users'
7. %homepath% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.

Microsoft Gold Certified Partner

© Systweak Inc., 1999-2009 All rights reserved.