Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Obfuscate.XY.638
Date discovered:09/06/2012
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:553.984 Bytes
MD5 checksum:07760Dbcec937dbd6268d03ef3858474
VDF version:7.11.32.104 - Saturday, June 9, 2012
IVDF version:7.11.32.104 - Saturday, June 9, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: Generic
   •  Bitdefender: Gen:Variant.Zusy.2962
   •  Eset: probably a variant of Win32/Obfuscated.HZDTWDU trojan
     GData: Gen:Variant.Zusy.2962
     Norman: Trojan W32/Troj_Generic.CENIE


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

 Miscellaneous In order to check for its internet connection the following DNS servers are contacted:
   • www.**********bs.com
   • www.gamerz**********.com
   • ads.**********tion.com
   • ts.**********tion.com
   • bsf.**********tion.com
   • pxses.**********tion.com
   • b.**********research.com
   • pixel.**********serve.com
   • ad.yield**********.com
   • content.yield**********wor/k.net
   • cdn.**********ngtool.com
   • pixer.**********ngtool.com
   • edge.**********serve.com


Checks for an internet connection by contacting the following web sites:
   • http://www.**********esperu.webs.com/rotadores/**********dor1.txt
   • http://www.**********esperu.webs.com/rotadores/**********dor2.txt
   • http://www.**********esperu.webs.com/rotadores/**********dor3.txt
   • http://www.**********esperu.webs.com/rotadores/**********dor4txt
   • 
   • 


Event handler:
It creates the following Event handlers:
   • getprotobyname
   • TaskbarCreated
   • TDragDropEvent
   • TDragOverEvent
   • TKeyPressEvent
   • OnMouseDownp
   • gethostname
   • closesocket
   • TMouseEvent
   • ScreenSnap


String:
Furthermore it contains the following strings:
   • KEEP-ALIVE
   • HELO

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • ASProtect

Description inserted by Wensin Lee on Thursday, July 26, 2012
Description updated by Wensin Lee on Thursday, July 26, 2012

Back . . . .