TrojanSpy:Win64/Ursnif.A

Topic locked

#14873 by thisisu
Wed Jul 25, 2012 11:25 pm

Hello, I'm looking for the following file with MD5: 7B1C08BCBD6F75EE924448CF1015E5C6

Creation and modification date: 2012-07-21 11:28 - 2012-07-21 11:28
Size: 0062464
Attributes: ---AC
Company Name: FRISK Software International
Internal Name: F-PROT
Original Name: FPROT.DLL
Product Name: F-PROT Antivirus
Description: F-PROT Antivirus
File Version: 3.6.2
Product Version: 3.6.2
Copyright: FRISK Software International, 1993-2012

Code: Select all

[SUSP PATH] HKCU\[...]\Run : findSTAT (rundll32 "C:\Users\Tiffany\AppData\Local\Temp\dllhpand.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKCU\[...]\Run : cmstcaui (rundll32 "C:\Users\Tiffany\AppData\Local\Temp\dllhpand64.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1833796289-1936695377-2858367867-1000[...]\Run : findSTAT (rundll32 "C:\Users\Tiffany\AppData\Local\Temp\dllhpand.dll",CreateProcessNotify) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1833796289-1936695377-2858367867-1000[...]\Run : cmstcaui (rundll32 "C:\Users\Tiffany\AppData\Local\Temp\dllhpand64.dll",CreateProcessNotify) -> FOUND

Thank you.

Username

thisisu

Posts

362

Joined

Sun Feb 26, 2012 8:57 am

Contact

Re: Malware Requests, part 2

#14874 by thisisu
Thu Jul 26, 2012 12:53 am

thisisu wrote:Hello, I'm looking for the following file with MD5: 7B1C08BCBD6F75EE924448CF1015E5C6

I got the user to upload it, please disregard my request

http://forums.majorgeeks.com/showpost.p ... stcount=10