Troj/Agent-ABFD

Category: Viruses and Spyware Protection available since:11 Apr 2013 16:19:27 (GMT)
Type: Trojan Last Updated:11 Apr 2013 16:19:27 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ABFD exhibits the following characteristics:

File Information

Size
3.4M
SHA-1
948f7320718bd53dcd0f832f3e2b86c7f5592b00
MD5
07e5d899c6f0dbc662464904ae31675c
CRC-32
07b1f649
File type
application/x-ms-dos-executable
First seen
2013-04-10

Runtime Analysis

Dropped Files
  • C:\Documents and Settings\All Users\Msn\Msn2\image.exe
    Size
    3.1M
    SHA-1
    8e8af6f4ca472e4269710936f44b20da6edd0d90
    MD5
    29c75805d0ffed3316c721868dd4fda0
    CRC-32
    f5136fea
    File type
    Windows executable
    First seen
    2012-11-08
  • C:\users\public\Public Document\sas.vbs
    Size
    133
    SHA-1
    d37826c67432ce8f42067562748ffe92b571aaac
    MD5
    01296df766964a62ed4b79fa58247b24
    CRC-32
    8c6342e8
    File type
    Visual Basic Script
    First seen
    2013-04-09
  • C:\users\public\Public Document\wmsn.klm
    Size
    552
    SHA-1
    4049e18b63ef9366dfdca2b6d21a95b17e10c850
    MD5
    018c76f717ce38df663f621515222ddf
    CRC-32
    db3f06c4
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2011-04-22
  • C:\Documents and Settings\All Users\Msn\Msn2\icta.bat
    Size
    50
    SHA-1
    b108d7587fb5b7b96bc2d59df7e5c9aab643ee5d
    MD5
    07a97358f983ebcba38e436cbf67e51c
    CRC-32
    3a1f34dc
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\users\public\Public Document\msna.exe
    Size
    40K
    SHA-1
    3197711ff528b237c8735915efb4b4781f71e71e
    MD5
    6f506d7adfcc2288631ed2da37b0db04
    CRC-32
    4ba52f8b
    File type
    Windows executable
    First seen
    2012-07-12
  • C:\Documents and Settings\All Users\Msn\Msn2\cona.reg
    Size
    771
    SHA-1
    82906304839b57580fd5cb5caf346882e95ae5a8
    MD5
    566402269ba19e415c682122d01239cc
    CRC-32
    b6c5102a
    File type
    Windows regedit file (.reg)
    First seen
    2013-04-09
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF4F41.tmp
    Size
    16K
    SHA-1
    da01dc8b965402ecc416e976674681fcd8e20db6
    MD5
    0e8cf50e9bab2ef9865a00a876f4c0bf
    CRC-32
    76844679
    File type
    Microsoft OLE2 file format
    First seen
    2012-09-27
  • C:\Documents and Settings\All Users\Msn\Msn2\sas.vbs
    Size
    133
    SHA-1
    d37826c67432ce8f42067562748ffe92b571aaac
    MD5
    01296df766964a62ed4b79fa58247b24
    CRC-32
    8c6342e8
    File type
    Visual Basic Script
    First seen
    2013-04-09
  • C:\users\public\Public Document\aata.bat
    Size
    209
    SHA-1
    f91b69f6ad2740a966a45354629e8cd10f165ef4
    MD5
    7402571f88557727326b5d89e6b6ade8
    CRC-32
    d18816a7
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\users\public\Public Document\iewea.bat
    Size
    1013
    SHA-1
    828eee16ebd1a7e05a9a1155738fe97350294959
    MD5
    e054460f8319961e0eb6adbac3d80e40
    CRC-32
    c1559b42
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\Documents and Settings\All Users\Msn\Msn2\pia.pdf
    Size
    973
    SHA-1
    4bf3ef3280a2325d98e5c9c95821fbe2e8ff7198
    MD5
    60a60f966b26637856cb09519e80f2d2
    CRC-32
    3f1f5b28
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2013-04-09
  • C:\Documents and Settings\All Users\Msn\Msn2\bms.klm
    Size
    79
    SHA-1
    bb621e01c61b140d6ada6e4c5bf7f968f340dedd
    MD5
    c4e3b7556ef997a477c9a491a672ce6c
    CRC-32
    8e527a94
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-11
  • C:\users\public\Public Document\iea.bat
    Size
    42
    SHA-1
    89312d370b6c68c22a5f1b9fe16adc074b83ec13
    MD5
    583f884ea64d033482ee36038198d796
    CRC-32
    102658f1
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\users\public\Public Document\da.vbs
    Size
    134
    SHA-1
    0b69595aa12931cbb5b21db5f6b23e568e58ad29
    MD5
    e6f1867508a9b1d0229cf27d034f4ceb
    CRC-32
    7682af2f
    File type
    Visual Basic Script
    First seen
    2013-04-09
  • C:\Documents and Settings\All Users\Msn\Msn2\iewea.bat
    Size
    1013
    SHA-1
    828eee16ebd1a7e05a9a1155738fe97350294959
    MD5
    e054460f8319961e0eb6adbac3d80e40
    CRC-32
    c1559b42
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\users\public\Public Document\cona.reg
    Size
    771
    SHA-1
    82906304839b57580fd5cb5caf346882e95ae5a8
    MD5
    566402269ba19e415c682122d01239cc
    CRC-32
    b6c5102a
    File type
    Windows regedit file (.reg)
    First seen
    2013-04-09
  • C:\users\public\Public Document\pia.pdf
    Size
    973
    SHA-1
    4bf3ef3280a2325d98e5c9c95821fbe2e8ff7198
    MD5
    60a60f966b26637856cb09519e80f2d2
    CRC-32
    3f1f5b28
    File type
    Adobe Portable Document Format (PDF)
    First seen
    2013-04-09
  • C:\users\public\Public Document\icta.bat
    Size
    50
    SHA-1
    b108d7587fb5b7b96bc2d59df7e5c9aab643ee5d
    MD5
    07a97358f983ebcba38e436cbf67e51c
    CRC-32
    3a1f34dc
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\users\public\Public Document\image.exe
    Size
    3.1M
    SHA-1
    8e8af6f4ca472e4269710936f44b20da6edd0d90
    MD5
    29c75805d0ffed3316c721868dd4fda0
    CRC-32
    f5136fea
    File type
    Windows executable
    First seen
    2012-11-08
  • C:\Documents and Settings\All Users\Msn\Msn2\picture viewer.exe
    Size
    2.9M
    SHA-1
    d0000371dd89252605dc9cdce89cb23b7020674d
    MD5
    57c2ded922d5760c92bb16b012a3e3da
    CRC-32
    403b255e
    File type
    Windows executable
    First seen
    2012-05-04
  • C:\Documents and Settings\All Users\Msn\Msn2\keeprun.ini
    Size
    423
    SHA-1
    9e6fc2ae049ca56071a8dfeedd453d0c74cc704e
    MD5
    d2a028c71892fd8f17c82ee12f7ca900
    CRC-32
    5b8684e1
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\Documents and Settings\All Users\Msn\Msn2\iea.bat
    Size
    42
    SHA-1
    89312d370b6c68c22a5f1b9fe16adc074b83ec13
    MD5
    583f884ea64d033482ee36038198d796
    CRC-32
    102658f1
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\Documents and Settings\All Users\Msn\Msn2\aata.bat
    Size
    209
    SHA-1
    f91b69f6ad2740a966a45354629e8cd10f165ef4
    MD5
    7402571f88557727326b5d89e6b6ade8
    CRC-32
    d18816a7
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\users\public\Public Document\msn.klm
    Size
    621
    SHA-1
    71549d5f4d5f87a466bbf64ca7e28a42ef19f17c
    MD5
    d317158b6d3a3bbc80f7936f92e403bf
    CRC-32
    9d83ba2d
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-09-27
  • C:\Documents and Settings\All Users\Msn\Msn2\msna.exe
    Size
    40K
    SHA-1
    3197711ff528b237c8735915efb4b4781f71e71e
    MD5
    6f506d7adfcc2288631ed2da37b0db04
    CRC-32
    4ba52f8b
    File type
    Windows executable
    First seen
    2012-07-12
  • C:\users\public\Public Document\picture viewer.exe
    Size
    2.9M
    SHA-1
    d0000371dd89252605dc9cdce89cb23b7020674d
    MD5
    57c2ded922d5760c92bb16b012a3e3da
    CRC-32
    403b255e
    File type
    Windows executable
    First seen
    2012-05-04
  • C:\Documents and Settings\All Users\Msn\Msn2\ica.bat
    Size
    1.1K
    SHA-1
    aac33d4bd4d98dbdcf026574acafe0ce32c5e54c
    MD5
    cb0c92d2b4385a25e722af07f410e12a
    CRC-32
    f46f6d84
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\users\public\Public Document\keeprun.ini
    Size
    423
    SHA-1
    9e6fc2ae049ca56071a8dfeedd453d0c74cc704e
    MD5
    d2a028c71892fd8f17c82ee12f7ca900
    CRC-32
    5b8684e1
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
  • C:\users\public\Public Document\bms.klm
    Size
    79
    SHA-1
    bb621e01c61b140d6ada6e4c5bf7f968f340dedd
    MD5
    c4e3b7556ef997a477c9a491a672ce6c
    CRC-32
    8e527a94
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-11
  • C:\Documents and Settings\All Users\Msn\Msn2\da.vbs
    Size
    134
    SHA-1
    0b69595aa12931cbb5b21db5f6b23e568e58ad29
    MD5
    e6f1867508a9b1d0229cf27d034f4ceb
    CRC-32
    7682af2f
    File type
    Visual Basic Script
    First seen
    2013-04-09
  • C:\users\public\Public Document\ica.bat
    Size
    1.1K
    SHA-1
    aac33d4bd4d98dbdcf026574acafe0ce32c5e54c
    MD5
    cb0c92d2b4385a25e722af07f410e12a
    CRC-32
    f46f6d84
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-04-09
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    stat
    c:\Docume~1\AllUse~1\Msn\Msn2\aata.bat
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    stat2
    c:\Docume~1\AllUse~1\Msn\Msn2\aata.bat
Processes Created
  • c:\program files\adobe\reader 8.0\reader\acrord32.exe
  • c:\users\public\public document\image.exe
  • c:\users\public\public document\msna.exe
  • c:\users\public\public document\picture viewer.exe
  • c:\windows\regedit.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ftp.exe
  • c:\windows\system32\netsh.exe
  • c:\windows\system32\wscript.exe
  • c:\windows\system32\xcopy.exe
DNS Requests
  • ftp.freehostia.com

download Try Sophos products for free
Download now