Troj/Agent-ABCX

Category: Viruses and Spyware Protection available since:08 Apr 2013 17:36:23 (GMT)
Type: Trojan Last Updated:08 Apr 2013 17:36:23 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ABCX exhibits the following characteristics:

File Information

Size
134K
SHA-1
f0d4c511a779fe2ee5f3d70536e0eeb1e1b83869
MD5
c19918024bada07711fdb58a188e86fb
CRC-32
78eb9b77
File type
application/x-ms-dos-executable
First seen
2013-04-08

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\8vtof.dat
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\fotv8.js
    Size
    3.0K
    SHA-1
    c41a1fa6bfdc0c8f1bc244ff911209f18ccaf987
    MD5
    f936a142ff3a1b6f65ff12eae2e1fd8f
    CRC-32
    9fcfe221
    File type
    JavaScript
    First seen
    2013-04-08
  • C:\Documents and Settings\All Users\Application Data\fotv8.pad
    Size
    91M
    SHA-1
    246847ffee5e0a2ef0be985f5a8ae520ba794b48
    MD5
    7e796b88d3170a8c0b520c85d921fde1
    CRC-32
    74ccdaa5
    File type
    Unspecified binary - probably data
    First seen
    2013-04-08
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\msconfig.lnk
    Size
    792
    SHA-1
    5e0b47ad7c5615a28083849fb47fdebcabf96963
    MD5
    e270406840784d426105c09f6324b883
    CRC-32
    0319966e
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-04-08
  • C:\Documents and Settings\All Users\Application Data\rundll32.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\8vtof.dat,FG00
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\docume~1\alluse~1\applic~1\rundll32.exe
IP Connections
  • 66.197.215.165:80

download Try Sophos products for free
Download now