Troj/Agent-AAHW

Category: Viruses and Spyware Protection available since:25 Feb 2013 16:15:11 (GMT)
Type: Trojan Last Updated:25 Feb 2013 16:15:11 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-AAHW exhibits the following characteristics:

File Information

Size
67K
SHA-1
4ff67edc8f37e42c752e0a65b33e8c18a8f5f5e1
MD5
3a52f18d21e2da07b48eec32b196c0e0
CRC-32
ce3b2482
File type
Windows executable
First seen
2013-02-25

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\pcdfdata\test_item.exe
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\pcdfdata\support.ico
    Size
    5.4K
    SHA-1
    3591902ad791749bc41b6b9b88b1404133a40a24
    MD5
    b7ffd811a9e7ba588fdd6afa04cc1f45
    CRC-32
    5d8cc29a
    File type
    Unspecified binary - probably data
    First seen
    2012-10-10
  • C:\Documents and Settings\All Users\Application Data\pcdfdata\vl.bin
    Size
    1.2M
    SHA-1
    b2c7b6fa7061535ae7190e851cce99511c8090f1
    MD5
    eb87c7b09d54ca9e3b3505851f04e1c2
    CRC-32
    bf307d51
    File type
    application/octet-stream
    First seen
    2013-02-25
  • C:\Documents and Settings\All Users\Application Data\pcdfdata\app.ico
    Size
    5.4K
    SHA-1
    540c4ebf6f046d24ffa08dfa702ac10737b87729
    MD5
    b8e72a9efb6c21e5fbc3325613840d53
    CRC-32
    d8bc596c
    File type
    Unspecified binary - probably data
    First seen
    2012-10-10
  • C:\Documents and Settings\All Users\Start Menu\Programs\Security□Defender\Remove Security□Defender.lnk
    Size
    2.0K
    SHA-1
    11f64370e303d79b13e29c7e22113d62d0f50893
    MD5
    d6d25de682a7f9d55263c6f8a522f31c
    CRC-32
    b02134a9
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-02-25
  • C:\Documents and Settings\All Users\Application Data\pcdfdata\uninst.ico
    Size
    5.4K
    SHA-1
    0f26f26d2164702f8c01fa166f81ed016a1ebaad
    MD5
    b91f284af1cc7ba0c8e4c039b3d6fbdc
    CRC-32
    b6238442
    File type
    Unspecified binary - probably data
    First seen
    2012-10-10
  • C:\Documents and Settings\All Users\Start Menu\Programs\Security□Defender\Security□Defender Help and Support.lnk
    Size
    2.0K
    SHA-1
    cfa37645b19f0efeca4dbab14bc8392c0b0c77d8
    MD5
    2624915b47aa0046924d24fbc4b979e1
    CRC-32
    edc7489a
    File type
    application/octet-stream
    First seen
    2013-02-25
  • C:\Documents and Settings\All Users\Desktop\Security□Defender.lnk
    Size
    1.9K
    SHA-1
    0944d9b62ceaea61af40eef079a23c7f960043be
    MD5
    c8ca09cb949a640eefef9d361c66670e
    CRC-32
    cb161447
    File type
    application/octet-stream
    First seen
    2013-02-25
  • C:\Documents and Settings\All Users\Start Menu\Programs\Security□Defender\Security□Defender.lnk
    Size
    1.9K
    SHA-1
    12e1d58a6d71bf03d61c3a11e9a3f874ccb4165e
    MD5
    46e8113564176404a5108c7ca03db443
    CRC-32
    acb8b016
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-02-25
  • C:\Documents and Settings\All Users\Application Data\pcdfdata\defs.bin
    Size
    659K
    SHA-1
    a9f22ca9b079abcb86ad814abe9c6451723c2e63
    MD5
    eeae32e7cb611b5a64292b2fdb4cd3e3
    CRC-32
    48cad0c7
    File type
    application/octet-stream
    First seen
    2013-02-25
Registry Keys Created
  • HKCU_Classes\.exe\shell\runas\command
    IsolatedCommand
    "%1" %*
  • HKCU\Software\Classes\.exe\DefaultIcon
    (Default)
    %1
  • HKCU_Classes\.exe
    Content Type
    ap□□l□□c□□t□□o□□/□□-□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pcdfdata
    DisplayIcon
    C:\Documents and Settings\All Users\Application Data\pcdfdata\test_item.exe,0
  • HKCU_Classes\.exe\shell\open\command
    IsolatedCommand
    "%1" %*
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    pcdfsvc
    C:\Documents and Settings\All Users\Application Data\pcdfdata\test_item.exe /min
  • HKCU_Classes\.exe\DefaultIcon
    (Default)
    %1
  • HKCU\Software\Classes\.exe
    Content Type
    ap□□l□□c□□t□□o□□/□□-□□
  • HKCU\Software\Classes\.exe\shell\runas\command
    IsolatedCommand
    "%1" %*
  • HKCU\Software\Classes\.exe\shell\open\command
    IsolatedCommand
    "%1" %*
HTTP Requests
  • http://namare.biz/content/scc
  • http://olegon.biz/api/ping
  • http://olegon.biz/api/test
  • http://olegon.biz/html/viruslist/
  • http://olegon.biz/load/
DNS Requests
  • namare.biz
  • olegon.biz

download Try Sophos products for free
Download now