W32/Cridex

Posted: 2015-12-01 by Admin
File size: 92.0 KB File type: Win32 EXE MD5: 0e1e288bdb2883b56c3523a4897f2937 SHA1: 53957bd7364e1d78703f8ba165e7ca3373aed460 SHA256: 2ef8ac01220d4a33d01dd8d1749ae6f03e36aec4e27045d96c5ebec855c9bf13 W32/Cridex comes attached to an e-mail. It creates 2 Files: 
C:\Documents and Settings\Administrator\Application Data\KB00026291.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\exp1.tmp.bat
KB00026291.exe writes to the Virtual Memory of several Processes: 
Explorer.EXE
ctfmon.exe
msmsgs.exe
reader_sl.exe
wscntfy.exe
DNS Requests: 
updatecheck.co.ua
masterupdate.ru 
pianiykrolik.ru	
montierco.ru
This is just a small overview, a detailed analysis follows.
BACK TO TOP