PDF

Print

ThreatScope Analysis Report

For file KLM-e-Ticket.pdf.exe uploaded 2012-09-17 at 08:14:15 AM

Threat level: Suspicious

This file is suspicious. Monitor communications from any machine that has run the file to detect suspicious behavior.

Threat Assessment

Drops executable file(s)

Adds a registry key to automatically start an executable when the system starts

Screenshots: None

File details:

Hash MD5

09fc629dd6efbea1e98136c9e7d19917

File size

61.00 KB

Hash SHA-1

62bd7e2c17d7f14d455111b3a1be63bdadc4eee5

File uploaded

2012-09-17 08:14:15 AM

Hash SHA-256

fa4e10dfadcf590060870d7974b81f648f78626d49785e780a26672b2728cedc

Report created

2012-09-17 08:15:55 AM

Technical Details

Requested HTTP URLs


No HTTP communications were detected.

Resolved hostnames


DNS was not used to resolve any hostnames.

IP addresses


No IP addresses were requested.

File system modifications

The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.

Event

File path

Creates file

c:\Documents and Settings\All Users\svchost.exe

Writes file

c:\Documents and Settings\All Users\svchost.exe

Process modifications

The analyzed file affected the following system processes.

Event

File path

Creates process

Sample started

Registry

The analyzed file made the following changes to the Windows Registry. Malicious files often alter the registry to ensure that the malicious software runs at system startup.

Event

Key

Value

Changes value

HKLM\software\microsoft\windows\currentversion\run

Data:

C:\Documents and Settings\All Users\svchost.exe

Global system events


No global system events were detected.

Forcepoint has made an effort to determine if your submission is malicious however, Forcepoint cannot guarantee the accuracy of the result

Copyright © 2024 Forcepoint, Inc. All rights reserved