Virus Profile:W32/Almanahe.b

Risk Assessment:	Home Low \| Corporate Low
Date Discovered:	4/1/2013
Date Added:	7/12/2013
Origin:	Unknown
Length:	48640
Type:	Virus
Subtype:	Win32
DAT Required:	7031

This is a Virus

File Properties	Property Values
Amzkomp Detection	W32/Almanahe.b
Length	48640 bytes
MD5	215f9064eb731688713a2111ff9a27bd
SHA1	62b34e208db7bea62a5be5e5927eaa9abd8d0039

Other Common Detection Aliases

Company Names	Detection Names
ahnlab	Win32/Alman
avast	Win32:Alman
AVG (GriSoft)	Win32/Alman
avira	W32/Almanahe.a
Kaspersky	Virus.Win32.Alman.a
BitDefender	Generic.IRCBot.87E052BB
clamav	W32.Alman.cd-1
Dr.Web	Win32.Alman.2
F-Prot	W32/Alman.D
FortiNet	W32/Alman.DB
Microsoft	trojan:win32/almanahe.a.dll
Symantec	W32.Spybot.Worm
Eset	Win32/Alman.A virus
norman	Agent.VEHZ
panda	W32/Almanahe.b
rising	Win32.Almanahe.C
Sophos	W32/Alman-B
Trend Micro	PE_ALMANAHE.A
vba32	Virus.Alman.a
V-Buster	Win32.Agent.HAC
Vet (Computer Associates)	Win32/Almanahe.C

Other brands and names may be claimed as the property of others.

Activities	Risk Levels
Enumerates many system files and directories.
Adds or modifies a COM object.
Adds or modifies Internet Explorer cookies
No digital signature is present

Amzkomp Scans	Scan Detections
Amzkomp Security Essentials	W32/Almanahe.b

System Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files

The following files were analyzed:

62B34E208DB7BEA62A5BE5E5927EAA9ABD8D0039

	The following files have been added to the system:
	%WINDIR%\AppPatch\deamon.dll %WINDIR%\img4851.zip %WINDIR%\c_095.nls %WINDIR%\winnt.exe

The following files have been added to the system:

%WINDIR%\AppPatch\deamon.dll

%WINDIR%\img4851.zip

%WINDIR%\c_095.nls

%WINDIR%\winnt.exe

	The following files were temporarily written to disk then later removed:
	C:\a.bat

	The following registry elements have been created:
	HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C111980D-B372-44B4-8095-1B6060E8C647}\ HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C111980D-B372-44B4-8095-1B6060E8C647}\INPROCSERVER32\

The following registry elements have been created:

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C111980D-B372-44B4-8095-1B6060E8C647}\

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C111980D-B372-44B4-8095-1B6060E8C647}\INPROCSERVER32\

	The following registry elements have been changed:
	HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C111980D-B372-44B4-8095-1B6060E8C647}\INPROCSERVER32\THREADINGMODEL = Apartment HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AUDIO DEVICE MANAGER = WinNT.exe

The following registry elements have been changed:

HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{C111980D-B372-44B4-8095-1B6060E8C647}\INPROCSERVER32\THREADINGMODEL = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\AUDIO DEVICE MANAGER = WinNT.exe

Amzkomp Virus Information

Amzkomp Security Essentials Version 1.0.1

Amzkomp Security Essentials Version 1.0.1

Amzkomp Security Essentials Version 1.0.1

Amzkomp Security Essentials Version 1.0.1

Amzkomp Security Essentials Version 1.0.1

Amzkomp Security Essentials Version 1.0.1

Rabu, 11 Desember 2013

W32/almanahe.b

Virus Profile:W32/Almanahe.b

0 komentar:

Posting Komentar

Most Viewed

Mengenai Saya

Arsip Blog

Blog Archive

Blogroll

About