Submission Summary:
Submission details:
Submission received: 14 July 2010, 19:47:39
Processing time: 10 min 21 sec
Submitted sample:
File MD5: 0x6FDB2935AFAA00D36D09974C85347060
File SHA-1: 0x0B67DC9A1168B2C25FAD0E2D30651B71E2747E07
Filesize: 43,814 bytes
Summary of the findings:
What's been found Severity Level
Creates a startup registry entry.
Technical Details:
File System Modifications
The following file was created in the system:
# Filename(s) File Size File Hash
1 %System%\Bifrost\server.exe
[file and pathname of the sample #1] 43,814 bytes MD5: 0x6FDB2935AFAA00D36D09974C85347060
SHA-1: 0x0B67DC9A1168B2C25FAD0E2D30651B71E2747E07
Note:
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
The following directory was created:
%System%\Bifrost
Registry Modifications
The following Registry Keys were created:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
HKEY_CURRENT_USER\Software\Bifrost
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836}]
stubpath = "%System%\Bifrost\server.exe s"
so that server.exe runs every time Windows starts
[HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost]
nck = ED 1B E6 27 B9 28 D6 32 74 C3 CD 74 FA 93 5B 67
[HKEY_CURRENT_USER\Software\Bifrost]
klg = 00