Troj/Agent-AAOV

Category: Viruses and Spyware Protection available since:10 Mar 2013 20:28:28 (GMT)
Type: Trojan Last Updated:10 Mar 2013 20:28:28 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-AAOV exhibits the following characteristics:

File Information

Size
116K
SHA-1
7e3c0a314b11753d086d5f3a0a4588ad5d87291e
MD5
0d348e02cf2bb457bfbeb0f67383e17a
CRC-32
c7bc18f0
File type
Windows executable
First seen
2013-02-18

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Application Data\elpmas.pad
    Size
    91M
    SHA-1
    ba8a0a433d4c4df68c7b2216088ed4d4b7e2be2d
    MD5
    2464af123daab29473624b1e613ec0f8
    CRC-32
    08e57ff8
    File type
    Unspecified binary - probably data
    First seen
    2013-02-18
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\runctf.lnk
    Size
    740
    SHA-1
    7be07e8b5e212f112c6e1a0e0ff647f6a3f099cd
    MD5
    adf66f5d6b21f7f87ccaef2f26b2d86e
    CRC-32
    e6beca89
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-02-18
  • C:\Documents and Settings\All Users\Application Data\elpmas.js
    Size
    2.4K
    SHA-1
    793977c2d5ea4834c4741af9aa58369406504ae7
    MD5
    4f4ccbf6cdcd37d863d21553635089dc
    CRC-32
    250f23fb
    File type
    JavaScript
    First seen
    2013-01-24
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
IP Connections
  • 146.185.236.194:443
  • 146.185.236.194:80
  • 66.197.217.85:80

download Try Sophos products for free
Download now