Troj/Agent-AAYY

Category: Viruses and Spyware Protection available since:31 Mar 2013 20:07:37 (GMT)
Type: Trojan Last Updated:31 Mar 2013 20:07:37 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-AAYY include:

Example 1

File Information

Size
256K
SHA-1
562057f21c485a376437c2b8ae5b06f57fde3765
MD5
cd3407558b0053cb610153a327b33fcb
CRC-32
d8f42df6
File type
application/zip
First seen
2013-03-31

Example 2

File Information

Size
291K
SHA-1
836294ac68d7789883f6808abd58c4d18cc9f1f2
MD5
ea46923669974f6148bbb6b68d56f48c
CRC-32
1d882043
File type
application/x-ms-dos-executable
First seen
2013-03-31

Runtime Analysis

Dropped Files
  • C:\bin\CONLEYS_Modekontor_GmbH.pdf
    Size
    23
    SHA-1
    ea30f74b39e2d285a563d2704533f3d20d068c1c
    MD5
    89b7913f2d6b69ee8857f4cd186b022e
    CRC-32
    03d89c29
    File type
    application/octet-stream
    First seen
    2013-03-31
Registry Keys Created
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□□.□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe
    Debugger
    monm.exe
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\5C9ED9D1
    1819
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□□.□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 d0 fe 6d d7 29 2e ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 d0 fe 6d d7 29 2e ce 01 01 00 00 00 ac 10 00 01 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
Processes Created
  • c:\bin\adobe.exe
HTTP Requests
  • http://www.google.com/
DNS Requests
  • biati.net
  • dyntic.com
  • iceximlepgt.myftp.org
  • kefomeisab.mrbasic.com
  • rilvudxrvop.my03.com
  • www.google.com
  • zonebar.net

download Try Sophos products for free
Download now