Mal/Agent-DK

Category: Viruses and Spyware Protection available since:03 Sep 2010 00:32:48 (GMT)
Type: Malicious behavior Last Updated:03 Sep 2010 00:32:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Agent-DK include:

Example 1

File Information

Size
364K
SHA-1
2b715a6508e2becbe88293d59eca21d22c3d5f09
MD5
39a81722c61e00cd5e67e28431fb6d80
CRC-32
bb81b5e2
File type
application/x-ms-dos-executable
First seen
2010-08-25

Runtime Analysis

Copies Itself To
  • C:\Program Files\Windows Alerter\WinAlert.exe
  • C:\Program Files\Windows Common Files\Commgr.exe
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
  • F:/RECYCLER .exe
  • F:/RECYCLER/PnPlYvB.exe
Dropped Files
  • F:/RECYCLER/BNFO
  • F:/RECYCLER/dEsKtOp.InI
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\wndsvc.dll
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\info
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\bnf0342
  • F:/Autorun.inf
    Size
    502
    SHA-1
    05e6a2c454ddc44187a22ca758dc4d2f03caa484
    MD5
    946716cbb89c27b3babda2fa182100be
    CRC-32
    542992fc
    File type
    application/octet-stream
    First seen
    2010-09-03
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows Common Files Manager
    C:\Program Files\Windows Common Files\Commgr.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Common Files Manager
    C:\Program Files\Windows Common Files\Commgr.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    SuperHidden
    0x00000000
Processes Created
  • c:\program files\windows alerter\winalert.exe
  • c:\program files\windows common files\commgr.exe
  • c:\recycler\x-1-5-21-1960408961-725345543-839522115-1003\winsysapp.exe

Example 2

File Information

Size
376K
SHA-1
4eb81c24d83de817e7ba0aaec98a5f294d899762
MD5
99fbd8a9b941a4bfc396e792d5e1520b
CRC-32
0066fe53
File type
application/x-ms-dos-executable
First seen
2010-09-06

Runtime Analysis

Copies Itself To
  • C:\Program Files\Windows Alerter\WinAlert.exe
  • C:\Program Files\Windows Common Files\Commgr.exe
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
  • F:/RECYCLER .exe
  • F:/RECYCLER/LdIsLoX.exe
Dropped Files
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\bnf0342
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\wndsvc.dll
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\info
  • F:/RECYCLER/BNFO
  • F:/Autorun.inf
    Size
    502
    SHA-1
    c0651f75979adcde302760053c7bd58cb168ee60
    MD5
    93691368d8b760c247a424f5da66b7dc
    CRC-32
    a11096c8
    File type
    application/octet-stream
    First seen
    2010-09-06
  • F:/RECYCLER/dEsKtOp.InI
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows Common Files Manager
    C:\Program Files\Windows Common Files\Commgr.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Common Files Manager
    C:\Program Files\Windows Common Files\Commgr.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    SuperHidden
    0x00000000
Processes Created
  • c:\program files\windows alerter\winalert.exe
  • c:\program files\windows common files\commgr.exe
  • c:\recycler\x-1-5-21-1960408961-725345543-839522115-1003\winsysapp.exe

Example 3

File Information

Size
301K
SHA-1
8d9cea5c371e69bf0bb75fd29ce42fbb1a512662
MD5
4acfef0aa8896f016b7fda1e8670662a
CRC-32
50b2fe31
File type
application/x-ms-dos-executable
First seen
2010-09-05

Runtime Analysis

Copies Itself To
  • C:\Program Files\Windows Alerter\WinAlert.exe
  • C:\Program Files\Windows Common Files\Commgr.exe
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\WinSysApp.exe
  • F:/RECYCLER .exe
  • F:/RECYCLER/XrUmCzH.exe
Dropped Files
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\wndsvc.dll
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\info
  • C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003\bnf0342
  • F:/RECYCLER/BNFO
  • F:/RECYCLER/dEsKtOp.InI
  • F:/Autorun.inf
    Size
    502
    SHA-1
    2b5e2a1c86d930119df74bf80f9dbaae48060ce3
    MD5
    691673d598d74dca6784422c6146792d
    CRC-32
    cca29375
    File type
    application/octet-stream
    First seen
    2010-09-05
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Common Files Manager
    C:\Program Files\Windows Common Files\Commgr.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows Common Files Manager
    C:\Program Files\Windows Common Files\Commgr.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    SuperHidden
    0x00000000
Processes Created
  • c:\program files\windows alerter\winalert.exe
  • c:\program files\windows common files\commgr.exe
  • c:\recycler\x-1-5-21-1960408961-725345543-839522115-1003\winsysapp.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy