Gen.Variant.Strictor.34937_fd029c3f25

by malwarelabrobot on January 28th, 2014 in Malware Descriptions.

Gen:Variant.Strictor.34937 (BitDefender), Gen:Variant.Strictor.34937 (B) (Emsisoft), Gen:Variant.Strictor.34937 (FSecure), Gen:Variant.Strictor.34937 (AdAware), Trojan-PSW.Win32.MSNPassword.FD (Lavasoft MAS)
Behaviour: Trojan-PSW, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary
Technical Details
Removal Recommendations

MD5: fd029c3f25bb9b87639e6e5b346d4ab0
SHA1: f30a592d411fc252e102316cae02df80c5a3e029
SHA256: 22e76c29d6b4bc9029a973c8b3951f1a42f208d4503f80c9c95022a713d1a0f8
SSDeep: 6144:Xc9cflNq1a5Y633qfpFZmtrUUMXyCff4f:sKflNqr6HspFCUzO
Size: 729088 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: StarApp
Created at: 2013-11-06 12:44:49
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan-PSW. Trojan program intended for stealing users passwords.

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

%original file name%.exe:1068

The Trojan injects its code into the following process(es):
No processes have been created.

File activity

The process %original file name%.exe:1068 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\byteFirewall.dat (253184 bytes)

Registry activity

The process %original file name%.exe:1068 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 BE 50 9C B6 4C 9C D3 4A E9 64 7C F2 C1 91 E7"

Network activity (URLs)

No activity has been detected.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\byteFirewall.dat" the Trojan substitutes IRP handlers to control devices of tcpip.sys driver:

MJ_CREATE
MJ_CREATE_NAMED_PIPE
MJ_CLOSE
MJ_READ
MJ_WRITE
MJ_QUERY_INFORMATION
MJ_SET_INFORMATION
MJ_QUERY_EA
MJ_SET_EA
MJ_FLUSH_BUFFERS
MJ_QUERY_VOLUME_INFORMATION
MJ_SET_VOLUME_INFORMATION
MJ_DIRECTORY_CONTROL
MJ_FILE_SYSTEM_CONTROL
MJ_DEVICE_CONTROL
MJ_INTERNAL_DEVICE_CONTROL
MJ_SHUTDOWN
MJ_LOCK_CONTROL
MJ_CLEANUP
MJ_CREATE_MAILSLOT
MJ_QUERY_SECURITY
MJ_SET_SECURITY
MJ_POWER
MJ_SYSTEM_CONTROL
MJ_DEVICE_CHANGE
MJ_QUERY_QUOTA
MJ_SET_QUOTA

Propagation


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Scan a system with an anti-rootkit tool.
  2. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:1068

  3. Delete the original Trojan file.
  4. Delete or disinfect the following files created/modified by the Trojan:

    %System%\byteFirewall.dat (253184 bytes)

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now