Troj/Agent-AAOO

Category:	Viruses and Spyware	Protection available since:	10 Mar 2013 02:14:02 (GMT)
Type:	Trojan	Last Updated:	10 Mar 2013 02:14:02 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-AAOO include:

Example 1

File Information

Size: 855K
SHA-1: 1593123fbc678fbdb4c348a2d8921dd577dbcb3b
MD5: bbc826b94d4384bd43ebdc2dfe1f783e
CRC-32: 9dd9f7ab
File type: Windows executable
First seen: 2013-03-09

Example 2

File Information

Size: 701K
SHA-1: 5e469b1face1c296d49943cf54161ce285477cf5
MD5: ddf8b7945d828a93174e2aa1bdaf217a
CRC-32: 7a815135
File type: Windows executable
First seen: 2013-03-08

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Application Data\Temp\q5nva9z.exe
Size
855K
SHA-1
1593123fbc678fbdb4c348a2d8921dd577dbcb3b
MD5
bbc826b94d4384bd43ebdc2dfe1f783e
CRC-32
9dd9f7ab
File type
Windows executable
First seen
2013-03-09
c:\Documents and Settings\test user\Local Settings\Application Data\Temp\sample.pdf
Size
20
SHA-1
7d9a577acfaa533a9c479f88d466929180576447
MD5
da3427767b8164b069b7f1cead5afd02
CRC-32
1e8b48db
File type
ASCII text / 8-bit Unicode Transformation Format
First seen
2012-10-28
c:\Documents and Settings\test user\Local Settings\Application Data\{BS40FU1U-9OD4-VGUG-6E2X-Q1SDSU0RZUJU}\t3quqhj4ut.exe
Size
2.3M
SHA-1
b744b62517d86dfca3e8329c17d89391f9e5572d
MD5
39f06ee0cf5b1fc6dc0df7cec512cb39
CRC-32
7cbc7bc4
File type
Windows executable
First seen
2013-03-09
C:\bin\sample.pdf
Size
20
SHA-1
7d9a577acfaa533a9c479f88d466929180576447
MD5
da3427767b8164b069b7f1cead5afd02
CRC-32
1e8b48db
File type
ASCII text / 8-bit Unicode Transformation Format
First seen
2012-10-28

Registry Keys Created

HKCU\Software\Microsoft\Windows\Windows SpInforme
CmSpx
0.1
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSN Skype
C:\DOCUME~1\support\LOCALS~1\APPLIC~1\{BS40F~1\t3quqhj4ut.exe

Processes Created

c:\docume~1\support\locals~1\applic~1\temp\q5nva9z.exe
c:\docume~1\support\locals~1\applic~1\{bs40f~1\t3quqhj4ut.exe
c:\windows\system32\cmd.exe

HTTP Requests

http://23.22.217.68/past/Action.bmp
http://23.22.217.68/past/Tplock.bmp

IP Connections

23.22.217.68:80
54.235.77.179:80

Example 3

File Information

Size: 2.3M
SHA-1: b744b62517d86dfca3e8329c17d89391f9e5572d
MD5: 39f06ee0cf5b1fc6dc0df7cec512cb39
CRC-32: 7cbc7bc4
File type: Windows executable
First seen: 2013-03-09

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Agent-AAOO

Example 1

File Information

Example 2

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Processes Created

HTTP Requests

IP Connections

Example 3

File Information

Free Mac Anti-Virus

Popular topics