w32_spyware2.ex_                  : W32/Spyware
====> Sandbox output:

 [ DetectionInfo ]
    * Sandbox name: W32/Spyware
    * Signature name: NO_VIRUS

 [ General information ]

    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.

    * File might be compressed.

    * Decompressing FSG.

    * Display message box (NULL) : out=charlotte.bjorno@no.abb.comhanne.jensen@bergen.netlinda@zolong.comhanne.johnsen@colorline.nokarin.vestnes@fredolsen.noberit.soe@c2i.netlise.dalen.mcmahon@md.dep.nolisedalen@c2i.netkan@eunet.noVRS@avantor.nokan@norman.noritp¥ÔiA-µ
‘h5ÏZÛ©.

    * File length:         3524 bytes.

    * MD5 hash: b4334159f69a3f7265893b6590c34edb.

 [ Changes to filesystem ]

    * Creates file C: empole320.

    * Creates file C:a.bat.

 [ Changes to registry ]

    * Creates key "HKCUSoftwareghghckmkjh".

    * Sets value "ghghckmkjh"="
" in key "HKCUSoftwareghghckmkjh".

 [ Network services ]

    * Connects to "".

    * Sends a request: POST .

 [ Security issues ]

    * Will uppload harvested email addresses to Internet site.

 [ Process/window information ]

    * Attemps to open c:a.bat "c:sample.exe".

 [ Signature Scanning ]

    * C: empole320 (402 bytes) : no signature detection.

    * C:a.bat (38 bytes) : no signature detection.