Wire0

Tech news, tips, tricks & tutorials

    • Home Unlabelled Malware Analysis: Havij_Load.exe

    Malware Analysis: Havij_Load.exe

    9/26/2016

    Is Havij_Load.exe a virus?

    After listening to this inquiry from numerous readers, I've chosen to post a in depth report on Havij_load.exe. In straightforward words it is not an infection itself but rather can be binded with a malware. Here, we're checking the original file.


    This file was executed on windows 7 under administrator privileges.

    Actions:

    No alarming behaviours, doesn't delete or modify system files.

    Creates 'C:\Windows\SysWOW64\HavijPro\' folder and adds non-infected files into it.

    OCX files are registered.

     Registry is not affected.

    No startup entries and IFEO hijacks are made.

    Size
    File Size:
    24241 bytes (23.67 KB)

    Hashes
    MD5:C54226211F2A5C979BA14B7B8D3C6B3A
    SHA-1:5D36A6C38DB9F6A25B6D975FE867C19CBE678101

     Created files:
    • %SysDir%\HavijPro\columns.txt
      %SysDir%\HavijPro\Havij.exe
      %SysDir%\HavijPro\Havij_Load.exe
      %SysDir%\HavijPro\Help.chm
      %SysDir%\HavijPro\Read Me.txt

      Autostart registry keys:

      HKLM\Software\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\: “%SysDir%\Mswinsck.ocx”
      HKLM\Software\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32\: “%SysDir%\Mswinsck.ocx”
      HKLM\Software\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32\: “%SysDir%\RICHTX32.OCX”
      HKLM\Software\Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32\: “%SysDir%\MSINET.OCX”
      HKLM\Software\Classes\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\InprocServer32\: “%SysDir%\MSINET.OCX”
      HKLM\Software\Classes\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\InprocServer32\: “%SysDir%\MSINET.OCX”
      HKLM\Software\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32\: “%SysDir%\RICHTX32.OCX”
      HKLM\Software\Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32\: “%SysDir%\TABCTL32.OCX”
      HKLM\Software\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}\InprocServer32\: “%SysDir%\RICHTX32.OCX”
      HKLM\Software\Classes\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}\InprocServer32\: “%SysDir%\RICHTX32.OCX”
      HKLM\Software\Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32\: “%SysDir%\TABCTL32.OCX”
      HKLM\Software\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”
      HKLM\Software\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32\: “%SysDir%\MSCOMCTL.OCX”

    • Overall Rating: 100% safe

    Read more
    Posted by at

    No comments:

    Post a Comment