ThreatScope Analysis Report
For file KLM-e-Ticket.pdf.exe uploaded 2012-09-17 at 08:14:15 AM
Threat level: Suspicious
This file is suspicious. Monitor communications from any machine that has run the file to detect suspicious behavior.
Threat | Assessment | |
---|---|---|
Drops executable file(s) |
||
Adds a registry key to automatically start an executable when the system starts |
Screenshots: None
File details:
Hash MD5 |
09fc629dd6efbea1e98136c9e7d19917 |
File size |
61.00 KB |
|
Hash SHA-1 |
62bd7e2c17d7f14d455111b3a1be63bdadc4eee5 |
File uploaded |
2012-09-17 08:14:15 AM |
|
Hash SHA-256 |
fa4e10dfadcf590060870d7974b81f648f78626d49785e780a26672b2728cedc |
Report created |
2012-09-17 08:15:55 AM |
Technical Details
Requested HTTP URLs
No HTTP communications were detected.
Resolved hostnames
DNS was not used to resolve any hostnames.
IP addresses
No IP addresses were requested.
File system modifications
The analyzed file changes the following items in the file system. This type of change can be performed by both malicious and benign files.
Event |
File path |
|
---|---|---|
Creates file |
c:\Documents and Settings\All Users\svchost.exe |
|
Writes file |
c:\Documents and Settings\All Users\svchost.exe |
Process modifications
The analyzed file affected the following system processes.
Event |
File path |
|
---|---|---|
Creates process |
Sample started |
Registry
The analyzed file made the following changes to the Windows Registry. Malicious files often alter the registry to ensure that the malicious software runs at system startup.
Event |
Key |
Value |
---|---|---|
Changes value |
HKLM\software\microsoft\windows\currentversion\run |
|
Data: C:\Documents and Settings\All Users\svchost.exe |
Global system events
No global system events were detected.
Forcepoint has made an effort to determine if your submission is malicious however, Forcepoint cannot guarantee the accuracy of the result
Copyright © 2024 Forcepoint, Inc. All rights reserved
Follow Forcepoint on Facebook, Twitter and Security Labs
Facebook Twitter Security Labs