Troj/Agent-ABPN

Category: Viruses and Spyware Protection available since:05 May 2013 19:07:48 (GMT)
Type: Trojan Last Updated:05 May 2013 19:07:48 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-ABPN include:

Example 1

File Information

Size
14K
SHA-1
8b605b78c7172fa96d642a1e0f07aa71c6289cc1
MD5
1bba89cb96b743fbda4372492b857cb0
CRC-32
21aee98c
File type
Windows executable
First seen
2007-07-29

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Certificate Policy Engine
    c:\test_item.exe

Example 2

File Information

Size
414K
SHA-1
9d18a7dc7bd2e1a25666553053f74130b99cbfa1
MD5
031a2c8783262d5eb06da13a3b13e4fb
CRC-32
a6accd9b
File type
Windows executable
First seen
2013-05-05

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\evntagnt.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\8jkDQNQS4Z.ini
    Size
    95
    SHA-1
    666de960c4e0ade29b7bfe89a589e7656a8b3f39
    MD5
    2d97367ea1b859a61f8f7a7b77873d86
    CRC-32
    e50020a3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-08-17
  • c:\Documents and Settings\test user\Local Settings\Temp\g13jXxtVdq.ini
    Size
    95
    SHA-1
    666de960c4e0ade29b7bfe89a589e7656a8b3f39
    MD5
    2d97367ea1b859a61f8f7a7b77873d86
    CRC-32
    e50020a3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-08-17
  • C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
    Size
    336
    SHA-1
    8f07ba74bb3fc3975ea58a23f27b83fc62bbdfcb
    MD5
    058492f13036dafd6cbcf9feabf60672
    CRC-32
    1bfde5ed
    File type
    Unspecified binary - probably data
    First seen
    2011-11-09
  • c:\Documents and Settings\test user\Templates\sdiagprv.exe
    Size
    14K
    SHA-1
    8b605b78c7172fa96d642a1e0f07aa71c6289cc1
    MD5
    1bba89cb96b743fbda4372492b857cb0
    CRC-32
    21aee98c
    File type
    Windows executable
    First seen
    2007-07-29
  • C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
    Size
    336
    SHA-1
    8f07ba74bb3fc3975ea58a23f27b83fc62bbdfcb
    MD5
    058492f13036dafd6cbcf9feabf60672
    CRC-32
    1bfde5ed
    File type
    Unspecified binary - probably data
    First seen
    2011-11-09
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Certificate Policy Engine
    c:\Documents and Settings\test user\Templates\sdiagprv.exe
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\evntagnt.exe
  • c:\Documents and Settings\test user\templates\sdiagprv.exe
HTTP Requests
  • http://madelogz.allalla.com/index.php
DNS Requests
  • madelogz.allalla.com

Example 3

File Information

Size
210K
SHA-1
eb82b3406b1d0c87dfdd20f832f89f0518c69856
MD5
44114743a0d305b7695965c1ba36d59f
CRC-32
350a0663
File type
Windows executable
First seen
2013-05-05

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\evntagnt.exe
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\IMG_1337.png
    Size
    64K
    SHA-1
    be41e0baa8c15e654abe9781fe41138dbba80f1e
    MD5
    8fe3d8c9516b9b6b1643968d5049f6d6
    CRC-32
    4c6c15b1
    File type
    PNG (Portable Network Graphics) image format
    First seen
    2013-05-05
  • c:\Documents and Settings\test user\Templates\sdiagprv.exe
    Size
    14K
    SHA-1
    8b605b78c7172fa96d642a1e0f07aa71c6289cc1
    MD5
    1bba89cb96b743fbda4372492b857cb0
    CRC-32
    21aee98c
    File type
    Windows executable
    First seen
    2007-07-29
  • C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
    Size
    336
    SHA-1
    8f07ba74bb3fc3975ea58a23f27b83fc62bbdfcb
    MD5
    058492f13036dafd6cbcf9feabf60672
    CRC-32
    1bfde5ed
    File type
    Unspecified binary - probably data
    First seen
    2011-11-09
  • C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
    Size
    336
    SHA-1
    8f07ba74bb3fc3975ea58a23f27b83fc62bbdfcb
    MD5
    058492f13036dafd6cbcf9feabf60672
    CRC-32
    1bfde5ed
    File type
    Unspecified binary - probably data
    First seen
    2011-11-09
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Certificate Policy Engine
    c:\Documents and Settings\test user\Templates\sdiagprv.exe
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\evntagnt.exe
  • c:\Documents and Settings\test user\templates\sdiagprv.exe
DNS Requests
  • smtp.mail.ru

download Try Sophos products for free
Download now