Troj/Agent-AAVL

Category: Viruses and Spyware Protection available since:28 Mar 2013 14:08:27 (GMT)
Type: Trojan Last Updated:29 Mar 2013 03:11:15 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-AAVL include:

Example 1

File Information

Size
92K
SHA-1
392b0dc18a3f1f0f2bb63ca02aef697134c9733f
MD5
2403357acc9e82fadd306deb514d5a99
CRC-32
70e7c30c
File type
Windows executable
First seen
2013-03-28

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Adobe\CSXS.2.5
    tLastP_Reader
    □)□□□□ r□□□□ f□`□□□□□□A□□□□□-□p□□P<□□□□ □□
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    winhlp32.exe
    0x00001f40
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    cababaafcad
    c:\Documents and Settings\test user\Application Data\26c19984-2a01-45b5-a7b3-a568af60c200ad\cababaafcad.exe
Processes Created
  • c:\windows\twunk_32.exe
HTTP Requests
  • http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • http://www.microsoft.com/
DNS Requests
  • fpdownload.macromedia.com
  • fsepzqgvjosv.net
  • www.microsoft.com

Example 2

File Information

Size
136K
SHA-1
288d10a80dfc5fc896f66724ab35bd0b6641d1dd
MD5
882309babb32567f352df432137c326c
CRC-32
ea702421
File type
Windows executable
First seen
2013-03-28

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Adobe\CSXS.2.5
    tLastP_Reader
    □)□□□□ r□□□□ f□`□□□□□□A□□□□□-□p□□P<□□□□ □□
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    winhlp32.exe
    0x00001f40
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    cababaafcad
    c:\Documents and Settings\test user\Application Data\26c19984-2a01-45b5-a7b3-a568af60c200ad\cababaafcad.exe
Processes Created
  • c:\windows\twunk_32.exe
HTTP Requests
  • http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • http://www.microsoft.com/
DNS Requests
  • fpdownload.macromedia.com
  • fsepzqgvjosv.net
  • www.microsoft.com

Example 3

File Information

Size
136K
SHA-1
513cd6f1e78969935440d7c20d737b7d44426afa
MD5
76748b3dd6b245a56cbc5f57b57eabda
CRC-32
bc99d537
File type
Windows executable
First seen
2013-03-28

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Adobe\CSXS.2.5
    tLastP_Reader
    □)□□□□ r□□□□ f□`□□□□□□A□□□□□-□p□□P<□□□□ □□
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    winhlp32.exe
    0x00001f40
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    cababaafcad
    c:\Documents and Settings\test user\Application Data\26c19984-2a01-45b5-a7b3-a568af60c200ad\cababaafcad.exe
Processes Created
  • c:\windows\twunk_32.exe
HTTP Requests
  • http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
  • http://www.microsoft.com/
DNS Requests
  • fpdownload.macromedia.com
  • fsepzqgvjosv.net
  • www.microsoft.com

download Try Sophos products for free
Download now