Associated Malware Groups
The filename is associated with the malware groups:
File Behavior
SETUP_351_6777_[n].EXE has been seen to perform the following behavior:
- Can communicate with other computer systems using HTTP protocols
- Writes to another Process's Virtual Memory (Process Hijacking)
- Adds products to the system registry
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Creates system tray popups, messages, errors and security warnings
- Visits web sites on your PC without you knowing
- Looks at the contents of the autoexec.bat file
- Reads email address and phone book details
SETUP_351_6777_[n].EXE has been the subject of the following behavior:
- Added as a Registry auto start to load Program on Boot up
- Has code inserted into its Virtual Memory space by other programs
- Executed as a Process
- Created as a process on disk
- Deleted as a process from disk
- Executed by Internet Explorer
- Terminated as a Process
Country Of Origin
The filename SETUP_351_6777_[n].EXE was first seen on Oct 19 2008 in the following geographical regions of the Prevx community:
- SPAIN on Oct 19 2008
- The EUROPEAN UNION on Oct 19 2008
- The UNITED STATES on Oct 21 2008
File Name Aliases
SETUP_351_6777_[n].EXE can also use the following file names:
- 57871001.EXE
- 70871497.EXE
- SETUP_100783_6777_[n].EXE
- 34851629.EXE
- SETUP_351_6777_.EXE
- SETUP_204_6777_[n].EXE
- SETUP_244_3777_[n].EXE
- SETUP_377_3777_[n].EXE
- SETUP_10271_3777_.EXE
- 51592555.DAT
- SETUP_10178_6777_[n].EXE
- SETUP_1_2777_.EXE
- SETUP_100543_3777_.EXE
- 57340778.SVD
- SETUP_10299_3777_[n].EXE
- SETUP_246_3777_[n].EXE
- 99930057.EXE
- SETUP_241_3777_[n].EXE
- SETUP_10069_3777_[n].EXE
Filesizes
The following file size has been seen:
- 111,616 bytes
- 112,640 bytes
- 25,611 bytes
- 122,880 bytes
File Type
The filename SETUP_351_6777_[n].EXE refers to many versions of an executable program.
File Activity
One or more files with the name SETUP_351_6777_[n].EXE creates, deletes, copies or moves the following files and folders:
- Opens/modifes c:\autoexec.bat
Website Activity
One or more files with the name SETUP_351_6777_[n].EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- int .vbvyu .com / stat .php?func=installrun&id=3&landing=-1&lang=EN
- Port 80 IP:193.142.244.203
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.