w32_downloader1.ex_               : W32/Downloader
====> Sandbox output:

 [ DetectionInfo ]
    * Sandbox name: W32/Downloader
    * Signature name: NO_VIRUS

 [ General information ]

    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.

    * File length:        32413 bytes.

    * MD5 hash: 7aa6ea653e67637dfbf987f481457fff.

 [ Changes to filesystem ]

    * Deletes file C:WINDOWSTEMPac3275.exe.

    * Creates file C:WINDOWSTEMPac3275.exe.

 [ Changes to registry ]

    * Sets value "dmix"="" in key "HKLMSoftwareMicrosoftWindowsCurrentVersion".

    * Creates value "scrbmk"=""C:SAMPLE.EXE"" in key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun".

    * Sets value "Dvalx"="A" in key "HKLMSoftwareMicrosoftWindowsCurrentVersion".

 [ Changes to system settings ]

    * Enumerates RAS devices.

 [ Network services ]

    * Downloads file from http://200.73.174.182/5/x.y as C:WINDOWSTEMPac3275.exe.

 [ Security issues ]

    * Starting downloaded file - potential security problem.

 [ Process/window information ]

    * Will automatically restart after boot (I'll be back...).

 [ Signature Scanning ]

    * C:WINDOWSTEMPac3275.exe (4096 bytes) : no signature detection.