Troj/Agent-ABOX

Category: Viruses and Spyware Protection available since:25 May 2013 12:32:21 (GMT)
Type: Trojan Last Updated:25 May 2013 12:32:21 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ABOX exhibits the following characteristics:

File Information

Size
148K
SHA-1
f4dc75ccb574df84dcf7464c0cfa7610884ff9e2
MD5
143216d797839a7d76c815cca6a06932
CRC-32
ca82ff3a
File type
Windows executable
First seen
2013-05-25

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\qetcol.dat
Dropped Files
  • C:\Documents and Settings\All Users\Application Data\rundll32.exe
  • C:\Documents and Settings\All Users\Application Data\locteq.js
    Size
    3.0K
    SHA-1
    0a8f51ec13689c3304151bd2012f13a900ba80da
    MD5
    babfd41a8a0c3ab6027ef564f0ed1cd9
    CRC-32
    4635eeb8
    File type
    JavaScript
    First seen
    2013-05-25
  • C:\Documents and Settings\All Users\Application Data\locteq.pad
    Size
    91M
    SHA-1
    f8180f394d2490824f498d27b68536d8fe140743
    MD5
    39b55b39c9a01e10e27e3a532baf4a4b
    CRC-32
    6ec63ae5
    File type
    Unspecified binary - probably data
    First seen
    2013-05-25
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\msconfig.lnk
    Size
    794
    SHA-1
    3de3fb2d125e962371d85194f79c31d24a7a3f90
    MD5
    307fc38529be77838d88099adc8e3743
    CRC-32
    d4cfae3c
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-05-25
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\qetcol.dat,FG00
  • HKCU\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device
    DSGuid
    {00000000-0000-0000-0000-000000000000}
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
    MidiOutId
    0xffffffff
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache
    0
    □\□□□□Ph□0f□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□@□□P□□`□□□□□0□□P□□□□□@□□□□□□□□□□□□□□ □□P□□P□□ □□@□□□□□@□□`□□□□□@□□P□□p□□□□□□□□@□□@□□□□□□□□□□□ □□0□□□□□p□□□□□ □□ □□□□□P□□P□□`□□P□□`□□0□□ □□□□□□□□□□□□□□P□□p□□`□□ □□@□□ □□□□□ □□□□□P□□`□□ □□ □□□□□@□□P□□□□□0□□□□□□□□@□□@□□0□□□□□@□□0□□@□□ □□□□□`□□P□□□□□0□□□□□ □□P□□□□□□□□□□□□□□@□□P□□`□□□□□0□□P□□□□□@□□□□□□□□□□□□□□□□□p□□@□□□□□0□□□□□0□□ □□□□□@□□P□□0□□0□□□□□@□□@□□0□□ □□□□□□□□□□□@□□□□□□□□p□□@□□`□□ □□□□□□□□P□□□□□P□□@□□ □□□□□□□□□□□P□□p□□`□□ □□@□□ □□□□□ □□□□□P□□`□□ □□ □□□□□@□□P□□□□□0□□□□□□□□@□□@□□0□□□□□@□□0□□@□□ □□□□□`□□P□□□□□0□□□□□ □□P□□□□□□□□□□□□□□@□□P□□`□□□□□0□□P□□□□□@□□□□□□□□□□□□□□ □□□□□□□□□□□ □□□□□P□□ □□□□□`□□P□□`□□P□□□□□@□□ □□@□□□□□□□□□□□`□□@□□ □□□□□□□□P□□□□□P□□@□□`□□P□□□□□@□□ □□0□□ □□□□□□□□@□□□□□`□□□□□ □□@□□@□□ □□□□□ [... 34656 intervening characters ...] □□□@□□□□□□N□□□□P7□`□□□m□□□□□□□□□□□□□□□□□□□□8□□q□0□□□□□□□□□□□□□□□□□□8□□q□ □□□□□□□□□□□□□□□□□□8□□q□□□□□□□□□□□□□□□□□□□□8□□q□□□□□□□□□□□□□□□□□□□□8□□q□@□□□□□□□□□□□□□□□□□□8□□q□□□□□□□□□□□□□□□□□□□□8□□q□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\docume~1\alluse~1\applic~1\rundll32.exe
IP Connections
  • 66.197.215.165:443
  • 66.197.217.85:443
  • 66.197.217.85:80
DNS Requests
  • whatwillber.com

download Try Sophos products for free
Download now