Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Crypt.Xpack.47754
Date discovered:24/08/2013
Type:Trojan
In the wild:No
Reported Infections:Medium
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:117.032 Bytes
MD5 checksum:122BB892BEAFE9FDDAD9E9397474380B
VDF version:7.11.97.248 - Saturday, August 24, 2013
IVDF version:7.11.97.248 - Saturday, August 24, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: Artemis!122BB892BEAF
   •  Sophos: Troj/Agent-ADGV
     Avast: Win32:Injector-BJP [Trj]
     AVG: Win32/Cryptor
   •  Grisoft: Win32/Cryptor
   •  Eset: Win32/PSW.Fareit.A
AhnLab: Trojan/Win32.Inject
     DrWeb: Trojan.PWS.Stealer.1932


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Drops a malicious file
   • Registry modification
   • Steals information
   • Pricetrap function - user is fooled into making a costly subscription


Right after execution the following information is displayed:


 Registry The following registry key is added:

[HKCU\Software\WinRAR]
   New value:
   • "HWID"=%hex values%

 File details Programming language:
The malware program was written in MS Visual C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX V2.00-V2.90


Compilation date:
Date: 23/08/2013

Description inserted by Alexander Bauer on Sunday, August 25, 2013
Description updated by Alexander Bauer on Sunday, August 25, 2013

Back . . . .