Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Malware Dropper
- System Back Door
File Behavior
TEST1.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Looks at the contents of the autoexec.bat file
- Reads email address and phone book details
- Uses DNS to retrieve the IP address for web sites
- Uses your PC to connect to Chat rooms
- The Process is polymorphic and can change its structure
- Executes a Process
- This process creates other processes on disk
- Terminates Processes
TEST1.EXE has been the subject of the following behavior:
- Created as a process on disk
- Deleted as a process from disk
- Executed as a Process
- Added as a Registry auto start to load Program on Boot up
- Copied to multiple locations on the system
- Has code inserted into its Virtual Memory space by other programs
- Terminated as a Process
- Downloaded from covert web sites without the user knowing
- This program is often downloaded from the web
- Created by processes which appear to be checking for interception by security products
- Registered as a Dynamic Link Library File
Country Of Origin
The filename TEST1.EXE was first seen on Sep 30 2007 in the following geographical regions of the Prevx community:
- The EUROPEAN UNION on Sep 30 2007
- The UNITED STATES on Jan 26 2008
- SERBIA AND MONTENEGRO on Feb 12 2008
- SPAIN on Jul 10 2008
- BELGIUM on Jul 10 2008
File Name Aliases
TEST1.EXE can also use the following file names:
- 16727571.EXE
- SETUP_VER1.1427.0[n].EXE
- CB2[n].EXE
- SETUP_VER1.1427.0.EXE
- JWXUJOBD.EXE
- JQKUCEMN.EXE
- HREPXO.EXE
- AGALJO.EXE
- CYJFNOYW.EXE
- ZFUJTXHZ.EXE
- YXTMJKBW.EXE
- SZJWCBXX.EXE
- PJGB.EXE
- AMWGK.EXE
- DNPVQ.EXE
- USBHELP.EXE
- 52306926.EXE
- 4436.EXE
- 81317837.EXE
- 30189645.EXE
- 44977829.EXE
- 84140372.EXE
Filesizes
The following file size has been seen:
- 2,102,338 bytes
- 108,162,943 bytes
- 567,808 bytes
- 273,970 bytes
- 16,384 bytes
- 194,345 bytes
- 655,360 bytes
- 571,221 bytes
File Type
The filename TEST1.EXE is used by multiple object types including objects,executable programs,objects,objects.
File Activity
One or more files with the name TEST1.EXE creates, deletes, copies or moves the following files and folders:
- Creates c:\docume~1\user\locals~1\temp\77bc_appcompat.txt
- Creates c:\docume~1\user\locals~1\temp\174EC.dmp
- Opens/modifes c:\autoexec.bat
- Copies filec:\windows\system32\test1.exe to \Program Files\LimeWire\Shared
- Copies filec:\windows\system32\test1.exe to \Program Files\eDonkey2000\incoming
- Copies filec:\windows\system32\test1.exe to \Program Files\KAZAA
- Copies filec:\windows\system32\test1.exe to \Program Files\Morpheus\My Shared Folder\
- Copies filec:\windows\system32\test1.exe to \Program Files\BearShare\Shared\
- Copies filec:\windows\system32\test1.exe to \Program Files\ICQ\Shared Files\
- Copies filec:\windows\system32\test1.exe to \Program Files\Grokster\My Grokster\
- Copies filec:\windows\system32\test1.exe to \My Downloads\
Network Activity
One or more files with the name TEST1.EXE performs the following network events:
- DNS Lookup193.41.214.130 mgmg.dnsalias.com
Website Activity
One or more files with the name TEST1.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- TCP:193.41.214.130:1066 Port:16
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.