Worm.Brontok

By GoldSparrow in Worms

Translate To:

Threat Scorecard

Ranking:	1,908
Threat Level:	50 % (Medium)
Infected Computers:	56,931

First Seen:	July 24, 2009
Last Seen:	April 18, 2024
OS(es) Affected:	Windows

Worm.Brontok is a mass mailing worm that is spread through an email attachment. The subject of the infected email will be either "Fotoku yg Paling Cantik" or "My Best Photo". The Worm.Brontok's email text reads:

From: "angelina_ph@[recipientâ€™s domain]" or "jennifer_sh@[recipientâ€™s domain]"

Subject: "Fotoku yg Paling Cantik" or "My Best Photo"

Message text:

"Hi,

Aku lg iseng aja pengen kirim foto ke kamu.

Jangan lupain aku ya !.

Thanks"

"Hi,

I want to share my photo with you.

Wishing you all the best.

Regards,"

Attachment name: Photo.zip

Once the Worm.Brontok file is executed it replicates itself to Windows system folder and to other folders such as:

csrss.exe

inetinfo.exe

lsass.exe

services.exe

smss.exe

norBtok.exe

cvt.exe

IDTemplate.exe

3D Animation.scr

A.kotnorB.com

Empty.pif

KANGEN.EXE

winlogon.exe

The Worm.Brontok also changes the registry run section so it may load automatically on subsequent startups. Below are the registry modifications:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Tok-Cirrhatus = "%UserProfile%\Application Data\smss.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Bron-Spizaetus = "%Windows%\INF\norBtok.exe"

Worm.Brontok can disable the user's system registry tools and the command line (cmd.exe) in order to avoid detection and to make manual removal difficult. Worm.Brontok is a malicious worm and should be removed from the users PC immediately.

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software	Detection
TrendMicro	WORM_RONTOKBRO.H
Sophos	W32/Brontok-DB
Panda	W32/Brontok.CX.worm
NOD32	Win32/Brontok.G
Microsoft	Worm:Win32/Brontok@mm
Fortinet	W32/Rontokbro.H@mm
eTrust-Vet	Win32/Robknot.H
DrWeb	BackDoor.Generic.2341
Comodo	Worm.Win32.Brontok.G
ClamAV	Worm.Brontok.Y
BitDefender	Worm.Generic.73749
Avast	Win32:Rontokbr-H2
Authentium	W32/Brontok.D@mm
AntiVir	Worm/Rontok.D
AhnLab-V3	Win-Trojan/Xema.variant

SpyHunter Detects & Remove Worm.Brontok

File System Details

Worm.Brontok may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	NetMailTmp.bin	c943ae4292f2ea5d3a9fea05d9af4039	26,360
Name: NetMailTmp.bin MD5: c943ae4292f2ea5d3a9fea05d9af4039 Size: 51B (51 bytes) Detections: 26,360 Type: Binary File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Local\NetMailTmp.bin Group: Malware file Last Updated: April 18, 2024
2.	Bron.tok.A8.em.bin	7b41ac483cfde60a7467a338d8f76175	6,248
Name: Bron.tok.A8.em.bin MD5: 7b41ac483cfde60a7467a338d8f76175 Size: 6.75 KB (6751 bytes) Detections: 6,248 Type: Binary File Path: %SystemDrive%\Documents and Settings\sona\Local Settings\Application Data Group: Malware file Last Updated: July 21, 2016
3.	sempalong.exe	181ac164444c9d56b22507e7f7d258a6	3,454
Name: sempalong.exe MD5: 181ac164444c9d56b22507e7f7d258a6 Size: 49.15 KB (49152 bytes) Detections: 3,454 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: November 17, 2016
4.	bronstab.exe	14e039f1d469c0a1e05b3a9aea370f41	349
Name: bronstab.exe MD5: 14e039f1d469c0a1e05b3a9aea370f41 Size: 322.96 KB (322965 bytes) Detections: 349 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: November 17, 2016
5.	sempalong.exe	27cf6bbe068dac970c7f9c7eb5768aaa	233
Name: sempalong.exe MD5: 27cf6bbe068dac970c7f9c7eb5768aaa Size: 270.02 KB (270026 bytes) Detections: 233 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: November 17, 2016
6.	bronstab.exe	24a16f71bad9e8ae83246abea4ac4a66	154
Name: bronstab.exe MD5: 24a16f71bad9e8ae83246abea4ac4a66 Size: 127.48 KB (127488 bytes) Detections: 154 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: November 17, 2016
7.	sempalong.exe	4c0c85d815a2dc079bb21c7f31950f58	60
Name: sempalong.exe MD5: 4c0c85d815a2dc079bb21c7f31950f58 Size: 123.39 KB (123392 bytes) Detections: 60 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
8.	RakyatKelaparan.exe	cddb5bd741c5e40d515ac0fd49c558fa	34
Name: RakyatKelaparan.exe MD5: cddb5bd741c5e40d515ac0fd49c558fa Size: 126.97 KB (126976 bytes) Detections: 34 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: November 17, 2016
9.	sempalong.exe	dd751f23e4146922ba02d4eed1e1ad6a	31
Name: sempalong.exe MD5: dd751f23e4146922ba02d4eed1e1ad6a Size: 211.45 KB (211456 bytes) Detections: 31 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
10.	bronstab.exe	69c0f1dcbee67fe99fbb571b61761f43	30
Name: bronstab.exe MD5: 69c0f1dcbee67fe99fbb571b61761f43 Size: 130.56 KB (130560 bytes) Detections: 30 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: November 17, 2016
11.	sempalong.exe	0b0f915ac3aae72ce408cf976d91fdf2	30
Name: sempalong.exe MD5: 0b0f915ac3aae72ce408cf976d91fdf2 Size: 102.91 KB (102912 bytes) Detections: 30 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
12.	sempalong.exe	a6c7b2e3c8db29ccab3baa206329713f	25
Name: sempalong.exe MD5: a6c7b2e3c8db29ccab3baa206329713f Size: 151.04 KB (151040 bytes) Detections: 25 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
13.	sempalong.exe	1e1ae4a10fd99320db3c9a9158d6071a	24
Name: sempalong.exe MD5: 1e1ae4a10fd99320db3c9a9158d6071a Size: 114.17 KB (114176 bytes) Detections: 24 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
14.	sempalong.exe	99644a26400105721817196f958c3a17	23
Name: sempalong.exe MD5: 99644a26400105721817196f958c3a17 Size: 237.05 KB (237056 bytes) Detections: 23 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
15.	sempalong.exe	69d08df1444e33e4d6934f7ab44034bf	22
Name: sempalong.exe MD5: 69d08df1444e33e4d6934f7ab44034bf Size: 2.16 MB (2162688 bytes) Detections: 22 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
16.	sempalong.exe	66573046fb8f3c7e179b4dbd6fa9ec84	22
Name: sempalong.exe MD5: 66573046fb8f3c7e179b4dbd6fa9ec84 Size: 163.32 KB (163328 bytes) Detections: 22 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
17.	sempalong.exe	b090fdfc4942fc1c9191c48ac537e95f	21
Name: sempalong.exe MD5: b090fdfc4942fc1c9191c48ac537e95f Size: 355.53 KB (355530 bytes) Detections: 21 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
18.	sempalong.exe	9a6aedf8ad4514c3be627996845a51c4	16
Name: sempalong.exe MD5: 9a6aedf8ad4514c3be627996845a51c4 Size: 159.23 KB (159232 bytes) Detections: 16 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
19.	sempalong.exe	fa92ffcbfb0b56be12fd6b0b03482cca	12
Name: sempalong.exe MD5: fa92ffcbfb0b56be12fd6b0b03482cca Size: 123.39 KB (123392 bytes) Detections: 12 Type: Executable File Path: %WINDIR%\ShellNew Group: Malware file Last Updated: April 13, 2017
20.	sempalong.exe	7f51a975f282d62526b3477f6c8509b2	9
Name: sempalong.exe MD5: 7f51a975f282d62526b3477f6c8509b2 Size: 130.56 KB (130560 bytes) Detections: 9 Type: Executable File Path: C:\WINDOWS\ShellNew Group: Malware file Last Updated: April 13, 2017
21.	file.exe	6c08bd41f70d51662df04eb4ecd2f9ee	0
Name: file.exe MD5: 6c08bd41f70d51662df04eb4ecd2f9ee Size: 61.44 KB (61440 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: December 29, 2016
22.	file.exe	11e1ca436a0389f9518ffa9ffe459912	0
Name: file.exe MD5: 11e1ca436a0389f9518ffa9ffe459912 Size: 220.64 KB (220642 bytes) Detections: 0 Type: Executable File Group: Malware file
23.	file.exe	4bd356e923aa748e4c01832452f7ec5c	0
Name: file.exe MD5: 4bd356e923aa748e4c01832452f7ec5c Size: 42.62 KB (42627 bytes) Detections: 0 Type: Executable File Group: Malware file
24.	file.exe	f930413f494fe63ad01487916c617563	0
Name: file.exe MD5: f930413f494fe63ad01487916c617563 Size: 154.78 KB (154783 bytes) Detections: 0 Type: Executable File Group: Malware file
25.	file.exe	e042a3dc5132a3e9dd2be0cbbd9d7345	0
Name: file.exe MD5: e042a3dc5132a3e9dd2be0cbbd9d7345 Size: 81.92 KB (81920 bytes) Detections: 0 Type: Executable File Group: Malware file
26.	file.exe	5aaec9b80e0e8015ea8cede7fc589e6f	0
Name: file.exe MD5: 5aaec9b80e0e8015ea8cede7fc589e6f Size: 130.56 KB (130560 bytes) Detections: 0 Type: Executable File Group: Malware file
27.	file.exe	f144bdfdc94b83440841e91d8a589368	0
Name: file.exe MD5: f144bdfdc94b83440841e91d8a589368 Size: 42.02 KB (42028 bytes) Detections: 0 Type: Executable File Group: Malware file
28.	file.exe	b9a894d0f76966512e5472a37777eb8c	0
Name: file.exe MD5: b9a894d0f76966512e5472a37777eb8c Size: 272.12 KB (272128 bytes) Detections: 0 Type: Executable File Group: Malware file
29.	j6235022.exe	3fc2a99453a99947672585715c815032	0
Name: j6235022.exe MD5: 3fc2a99453a99947672585715c815032 Size: 64 KB (64000 bytes) Detections: 0 Type: Executable File Path: %WINDIR%\j6235022.exe Group: Malware file Last Updated: June 26, 2020

More files

Registry Details

Worm.Brontok may create the following registry entry or registry entries:

File name without path

about.Brontok.A.html

brengkolang.com

BronFoldNetDomList.txt

BronNetDomList.bat

BronNPath0.txt

bronstab.exe

Cara Membasmi Brontok.exe

eksplorasi.pif

Kosong.Bron.Tok.txt

Sejarah Pembuat Virus Brontok.exe

WowTumpeh.com

yesbron.com

Regexp file mask

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif

%APPDATA%\Microsoft\Windows\Templates\A.kotnorB.com

%LOCALAPPDATA%\[RANDOM CHARACTERS]bron.tok[RANDOM CHARACTERS].bin

%LOCALAPPDATA%\inetinfo.exe

%LOCALAPPDATA%\JunkAtx.bin

%LOCALAPPDATA%\ListHost[NUMBERS].txt

%LOCALAPPDATA%\lsass.exe

%LOCALAPPDATA%\services.exe

%LOCALAPPDATA%\winlogon.exe

%USERPROFILE%\Local Settings\Application Data\[RANDOM CHARACTERS]bron.tok[RANDOM CHARACTERS].bin

%USERPROFILE%\Local Settings\Application Data\inetinfo.exe

%USERPROFILE%\Local Settings\Application Data\JunkAtx.bin

%UserProfile%\Local Settings\Application Data\ListHost[NUMBERS].txt

%USERPROFILE%\Local Settings\Application Data\lsass.exe

%USERPROFILE%\Local Settings\Application Data\services.exe

%UserProfile%\Local Settings\Application Data\winlogon.exe

%WINDIR%\eksplorasi.exe

%WINDIR%\inf\norBtok.exe

%WINDIR%\KesenjanganSosial.exe

%WINDIR%\ShellNew\bbm-[RANDOM CHARACTERS].exe

%WINDIR%\ShellNew\bronstab.exe

%WINDIR%\ShellNew\RakyatKelaparan.exe

%WINDIR%\ShellNew\sempalong.exe

%WINDIR%\System32\IExplorer.exe

%WINDIR%\System32\shell.exe

%WINDIR%\SysWOW64\IExplorer.exe

%WINDIR%\SysWOW64\shell.exe

HKEY..\..\..\..{RegistryKeys}

Software\Microsoft\Windows\CurrentVersion\Run\Bron-Spizaetus

Software\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus

Run keys

Tok-Cirrhatus

Tok-Cirrhatus-1761

Tok-Cirrhatus-1860

Directories

Worm.Brontok may create the following directory or directories:

%LOCALAPPDATA%\Loc.Mail.Bron.Tok

%LOCALAPPDATA%\Ok-SendMail-Bron-tok

%USERPROFILE%\Local Settings\Application Data\Loc.Mail.Bron.Tok

%USERPROFILE%\Local Settings\Application Data\Ok-SendMail-Bron-tok

%WINDIR%\SysWOW64\n4431

EnigmaSoft's SpyHunter Scores 100% with AV-TEST in 2024

Search

Change Region

Worm.Brontok

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Worm.Brontok

File System Details

Registry Details

Directories

Submit Comment

Related Posts

Worm.Brontok.L@mm

Worm.Brontok.DC

Worm.Brontok.B@mm

Worm.Brontok.N@mm

Worm.Brontok.BJ

Worm.Brontok.AK@mm

Trending

Uazq Ransomware

Uajs Ransomware

PDFSpark

Most Viewed

Discord Shows Black Screen when Sharing Screen

How To Fix 'Printer Driver is Unavailable' Error

What is Msedge.exe?