cdnews2010.com(malware hosted with Brazil Comite Gestor Da Internet No Brasil)

DNS Lookup
Host Name IP Address
cdnews2010.com 187.17.98.13
Download URLs
http://187.17.98.13/cpic1.jpg (cdnews2010.com)
http://187.17.98.13/cpic2.jpg (cdnews2010.com)
http://187.17.98.13/cpic3.jpg (cdnews2010.com)
http://187.17.98.13/cpic4.jpg (cdnews2010.com)

Outgoing connection to remote server: cdnews2010.com TCP port 80
Outgoing connection to remote server: cdnews2010.com TCP port 80
Outgoing connection to remote server: cdnews2010.com TCP port 80
Outgoing connection to remote server: cdnews2010.com TCP port 80

Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareEnigma Protector29AEB4A0365755F6-B862CAE984EA4D0E2F01F553A112DCE-00C9DB38C18D5FD1 “8BD0F9B1” = [REG_BINARY, size: 14 bytes]
HKEY_CURRENT_USERSoftwareEnigma Protector29AEB4A0365755F6-B862CAE984EA4D0E “Options” = [REG_BINARY, size: 112 bytes]
Reads HKEY_CURRENT_USERSoftwareEnigma Protector29AEB4A0365755F6-B862CAE984EA4D0E “Options”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”

File Changes by all processes
New Files c:dokumente und einstellungenadministratorlokale einstellungentemp80EB2F5C
c:windowsavg.exe
DeviceRasAcd
c:windowsmcitane.exe
c:windowsatualiza.exe
c:windowsmsnmgt.exe
Opened Files .Scsi0:
c:dokumente und einstellungenadministratorlokale einstellungentemp80EB2F5C
c:dokumente und einstellungenadministratorlokale einstellungentemp80EB2F5C
Deleted Files
Chronological Order Find File: c:debts.scr
Find File: C:DOKUME~1ADMINI~1LOKALE~1Temp
Find File: C:DOKUME~1ADMINI~1LOKALE~1
Find File: C:DOKUME~1ADMINI~1
Find File: C:DOKUME~1
Find File: C:DOKUME~1
Find File: C:Dokumente und EinstellungenADMINI~1
Find File: C:Dokumente und EinstellungenAdministratorLOKALE~1
Find File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemp
Find File: C:Dokumente und EinstellungenAdministratorLokale EinstellungenTemp
Get File Attributes: C:DOKUME~1ADMINI~1LOKALE~1Temp Flags: (SECURITY_ANONYMOUS)
Open File: .Scsi0: (OPEN_EXISTING)
Open File: c:dokumente und einstellungenadministratorlokale einstellungentemp80EB2F5C (OPEN_EXISTING)
Open File: c:dokumente und einstellungenadministratorlokale einstellungentemp80EB2F5C (TRUNCATE_EXISTING)
Get File Attributes: c:dokumente und einstellungenadministratorlokale einstellungentemp Flags: (SECURITY_ANONYMOUS)
Create/Open File: c:dokumente und einstellungenadministratorlokale einstellungentemp80EB2F5C (OPEN_ALWAYS)
Create File: c:windowsavg.exe
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Create File: c:windowsmcitane.exe
Create File: c:windowsatualiza.exe
Create File: c:windowsmsnmgt.exe

infos about hosting:
http://whois.domaintools.com/187.17.98.13