Troj/Agent-AAFG

Category: Viruses and Spyware Protection available since:18 Feb 2013 16:00:14 (GMT)
Type: Trojan Last Updated:18 Feb 2013 16:00:14 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-AAFG exhibits the following characteristics:

File Information

Size
3.5M
SHA-1
718ec99f5c96542eb6297a16351bc591f50d9bda
MD5
4c287597258bd6f301bbfce95664f355
CRC-32
96aab20d
File type
Windows executable
First seen
2013-02-18

Other vendor detection

Kaspersky
not-a-virus:PSWTool.Win32.PasswordRecovery.af

Runtime Analysis

Dropped Files
  • C:\users\public\Public Document\iewes.bat
    Size
    1006
    SHA-1
    6196a903b90a1c03da1d26778f678d5826b6eae1
    MD5
    0665df1cd369f3f4fc8d8dbf9f0375f3
    CRC-32
    8923057f
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-02-18
  • C:\users\public\Public Document\icts.bat
    Size
    50
    SHA-1
    ffb8579466f7117cf0f506b1085b526afa27a269
    MD5
    21d5f70e10bdfecefc75905846180f95
    CRC-32
    ee44274d
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-01-23
  • C:\Documents and Settings\All Users\Msn\Msn2\conf.reg
    Size
    771
    SHA-1
    6c02eb28e0f8bba9a39df17c9ac6ae93b5c1c0c8
    MD5
    23f7f72401cdaa705605a3f539e3ffd7
    CRC-32
    b27594bf
    File type
    Windows regedit file (.reg)
    First seen
    2013-01-23
  • C:\users\public\Public Document\ics.bat
    Size
    1.1K
    SHA-1
    6ec8047e6e8ebd73123366482d4c7c4c8d3c69da
    MD5
    ced4d0230463d42a603765b3187e4a52
    CRC-32
    e5aae234
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-02-08
  • C:\Documents and Settings\All Users\Msn\Msn2\bms.klm
    Size
    78
    SHA-1
    ccdd7ab7c8324418a428bdb24e25fdf73df8bf13
    MD5
    9e304a9e25228047b3c894dbd34aa6e3
    CRC-32
    1c203ec3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-02-18
  • C:\users\public\Public Document\conf.reg
    Size
    771
    SHA-1
    6c02eb28e0f8bba9a39df17c9ac6ae93b5c1c0c8
    MD5
    23f7f72401cdaa705605a3f539e3ffd7
    CRC-32
    b27594bf
    File type
    Windows regedit file (.reg)
    First seen
    2013-01-23
  • C:\Documents and Settings\All Users\Msn\Msn2\dk.vbs
    Size
    134
    SHA-1
    f6f3b98069b41fb5c3a565298ba9e327bed5c074
    MD5
    b3dd60d0253bb7a383e70d2ec8bd5d94
    CRC-32
    8bbd28d1
    File type
    Visual Basic Script
    First seen
    2013-01-23
  • C:\users\public\Public Document\aatu.bat
    Size
    205
    SHA-1
    3f2a6de311e829f76521660a7b7a00d21d82753a
    MD5
    abc077f89cd831f02f0a3ace51b3b250
    CRC-32
    fc08d45d
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-01-23
  • C:\Documents and Settings\All Users\Msn\Msn2\iewes.bat
    Size
    1006
    SHA-1
    6196a903b90a1c03da1d26778f678d5826b6eae1
    MD5
    0665df1cd369f3f4fc8d8dbf9f0375f3
    CRC-32
    8923057f
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-02-18
  • C:\Documents and Settings\All Users\Msn\Msn2\ies.bat
    Size
    42
    SHA-1
    d1c005f425b5318aa70800250945b252dfbf264f
    MD5
    73d6aeba7c8bbb715c300f2710cfc5e8
    CRC-32
    fa11b090
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-01-23
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF3214.tmp
    Size
    16K
    SHA-1
    da01dc8b965402ecc416e976674681fcd8e20db6
    MD5
    0e8cf50e9bab2ef9865a00a876f4c0bf
    CRC-32
    76844679
    File type
    Microsoft OLE2 file format
    First seen
    2012-09-27
  • C:\Documents and Settings\All Users\Msn\Msn2\aatu.bat
    Size
    205
    SHA-1
    3f2a6de311e829f76521660a7b7a00d21d82753a
    MD5
    abc077f89cd831f02f0a3ace51b3b250
    CRC-32
    fc08d45d
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-01-23
  • C:\users\public\Public Document\PIC_20130218_ _1300290 .001
    Size
    621
    SHA-1
    71549d5f4d5f87a466bbf64ca7e28a42ef19f17c
    MD5
    d317158b6d3a3bbc80f7936f92e403bf
    CRC-32
    9d83ba2d
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-09-27
  • C:\Documents and Settings\All Users\Msn\Msn2\sas.vbs
    Size
    133
    SHA-1
    2b8e43230c17fb2f11eb57fdc924ab681ec9ae5f
    MD5
    fdffc0696a2e2554a418f57f1011e634
    CRC-32
    715cc516
    File type
    Visual Basic Script
    First seen
    2013-01-23
  • C:\Documents and Settings\All Users\Msn\Msn2\ics.bat
    Size
    1.1K
    SHA-1
    6ec8047e6e8ebd73123366482d4c7c4c8d3c69da
    MD5
    ced4d0230463d42a603765b3187e4a52
    CRC-32
    e5aae234
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-02-08
  • C:\users\public\Public Document\bms.klm
    Size
    78
    SHA-1
    ccdd7ab7c8324418a428bdb24e25fdf73df8bf13
    MD5
    9e304a9e25228047b3c894dbd34aa6e3
    CRC-32
    1c203ec3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-02-18
  • C:\users\public\Public Document\ies.bat
    Size
    42
    SHA-1
    d1c005f425b5318aa70800250945b252dfbf264f
    MD5
    73d6aeba7c8bbb715c300f2710cfc5e8
    CRC-32
    fa11b090
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-01-23
  • C:\Documents and Settings\All Users\Msn\Msn2\icts.bat
    Size
    50
    SHA-1
    ffb8579466f7117cf0f506b1085b526afa27a269
    MD5
    21d5f70e10bdfecefc75905846180f95
    CRC-32
    ee44274d
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-01-23
  • C:\users\public\Public Document\dk.vbs
    Size
    134
    SHA-1
    f6f3b98069b41fb5c3a565298ba9e327bed5c074
    MD5
    b3dd60d0253bb7a383e70d2ec8bd5d94
    CRC-32
    8bbd28d1
    File type
    Visual Basic Script
    First seen
    2013-01-23
  • C:\Documents and Settings\All Users\Msn\Msn2\image.exe
    Size
    3.1M
    SHA-1
    8e8af6f4ca472e4269710936f44b20da6edd0d90
    MD5
    29c75805d0ffed3316c721868dd4fda0
    CRC-32
    f5136fea
    File type
    Windows executable
    First seen
    2012-11-08
  • C:\Documents and Settings\All Users\Msn\Msn2\pic.pdf
    Size
    2.4K
    SHA-1
    e5e66dcc5b3d58ded77a9a4c41ee62a5b0323459
    MD5
    b8f696c3865d864980d91c6e1cef12ac
    CRC-32
    4e7819a3
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2013-02-18
  • C:\Documents and Settings\All Users\Msn\Msn2\keeprun.ini
    Size
    423
    SHA-1
    a04414bbea38c08d9cd97117937b87347fb46ee1
    MD5
    07e831c11e34d068f3318894e197c210
    CRC-32
    84c9022e
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-01-23
  • C:\Documents and Settings\All Users\Msn\Msn2\picture viewer.exe
    Size
    2.9M
    SHA-1
    d0000371dd89252605dc9cdce89cb23b7020674d
    MD5
    57c2ded922d5760c92bb16b012a3e3da
    CRC-32
    403b255e
    File type
    Windows executable
    First seen
    2012-05-04
  • C:\users\public\Public Document\pic.pdf
    Size
    2.4K
    SHA-1
    e5e66dcc5b3d58ded77a9a4c41ee62a5b0323459
    MD5
    b8f696c3865d864980d91c6e1cef12ac
    CRC-32
    4e7819a3
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2013-02-18
  • C:\users\public\Public Document\image.exe
    Size
    3.1M
    SHA-1
    8e8af6f4ca472e4269710936f44b20da6edd0d90
    MD5
    29c75805d0ffed3316c721868dd4fda0
    CRC-32
    f5136fea
    File type
    Windows executable
    First seen
    2012-11-08
  • C:\users\public\Public Document\keeprun.ini
    Size
    423
    SHA-1
    a04414bbea38c08d9cd97117937b87347fb46ee1
    MD5
    07e831c11e34d068f3318894e197c210
    CRC-32
    84c9022e
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-01-23
  • C:\users\public\Public Document\picture viewer.exe
    Size
    2.9M
    SHA-1
    d0000371dd89252605dc9cdce89cb23b7020674d
    MD5
    57c2ded922d5760c92bb16b012a3e3da
    CRC-32
    403b255e
    File type
    Windows executable
    First seen
    2012-05-04
  • C:\users\public\Public Document\msnw.exe
    Size
    40K
    SHA-1
    3197711ff528b237c8735915efb4b4781f71e71e
    MD5
    6f506d7adfcc2288631ed2da37b0db04
    CRC-32
    4ba52f8b
    File type
    Windows executable
    First seen
    2012-07-12
  • C:\users\public\Public Document\sas.vbs
    Size
    133
    SHA-1
    2b8e43230c17fb2f11eb57fdc924ab681ec9ae5f
    MD5
    fdffc0696a2e2554a418f57f1011e634
    CRC-32
    715cc516
    File type
    Visual Basic Script
    First seen
    2013-01-23
  • C:\users\public\Public Document\PIC_20130218_ _1300290 .002
    Size
    552
    SHA-1
    4049e18b63ef9366dfdca2b6d21a95b17e10c850
    MD5
    018c76f717ce38df663f621515222ddf
    CRC-32
    db3f06c4
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2011-04-22
  • C:\Documents and Settings\All Users\Msn\Msn2\msnw.exe
    Size
    40K
    SHA-1
    3197711ff528b237c8735915efb4b4781f71e71e
    MD5
    6f506d7adfcc2288631ed2da37b0db04
    CRC-32
    4ba52f8b
    File type
    Windows executable
    First seen
    2012-07-12
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    stat
    c:\Docume~1\AllUse~1\Msn\Msn2\aatu.bat
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    stat2
    c:\Docume~1\AllUse~1\Msn\Msn2\aatu.bat
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
  • c:\users\public\public document\image.exe
  • c:\users\public\public document\msnw.exe
  • c:\users\public\public document\picture viewer.exe
  • c:\windows\regedit.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ftp.exe
  • c:\windows\system32\netsh.exe
  • c:\windows\system32\wscript.exe
  • c:\windows\system32\xcopy.exe
DNS Requests
  • ftp.freehostia.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information