Troj/Agent-ABPO

Category: Viruses and Spyware Protection available since:05 May 2013 23:59:24 (GMT)
Type: Trojan Last Updated:05 May 2013 23:59:24 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ABPO exhibits the following characteristics:

File Information

Size
133K
SHA-1
6b7b254ad760215483830bb5066e38ae20d4a611
MD5
c3d82015a9f9f8e71038aa7c91b44cf8
CRC-32
fa787a98
File type
Windows executable
First seen
2013-05-05

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Recent\Application Data.lnk
  • c:\Documents and Settings\test user\Recent\myphoto.jpg.lnk
    Size
    840
    SHA-1
    b716ba4db181dfa1ada14b3f44db42a3b712bd2e
    MD5
    a4cb04b5d6e3a45b65eee582613e3b08
    CRC-32
    c4364809
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-05-05
  • c:\Documents and Settings\test user\Application Data\myphoto.jpg
    Size
    33K
    SHA-1
    aa30c1f56c723a2ada31bec2cd6eba8a784c3c31
    MD5
    136a8d4c225fa5c8384f25df782fbe0b
    CRC-32
    612e7f26
    File type
    JPEG Interchange Format
    First seen
    2013-05-02
  • c:\Documents and Settings\test user\Application Data\jtucfyjt.exe
    Size
    28K
    SHA-1
    ccc6881cfe460de461059a60c4ce8a53272cd998
    MD5
    75e32490b303ff7116a354c17624c001
    CRC-32
    77fd2c6d
    File type
    Windows executable
    First seen
    2013-05-05
  • C:\Documents and Settings\All Users\svchost.exe
    Size
    28K
    SHA-1
    ccc6881cfe460de461059a60c4ce8a53272cd998
    MD5
    75e32490b303ff7116a354c17624c001
    CRC-32
    77fd2c6d
    File type
    Windows executable
    First seen
    2013-05-05
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    7
    A□□□□□□□□□□□□□□0□□□□□@□□□□□□□□□□□□□□@□□□□□@□□□□□□□□@□□ □□□□□□□□□□□□□□□□□□p□□l□□c□□t□□o□□ □@a□@a□□l□□k□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□□□□0□□□□□@□□□□□□□□□□□□□□@□□□□□@□□□□□□□□□□□□□□□□□□□□@□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013041520130422
    CacheRepair
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    SunJavaUpdateSched
    C:\Documents and Settings\All Users\svchost.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.jpg
    MRUListEx
    □□□□□□□□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    3
    A□□□□□□□□□□□□□□0□□□□□@□□□□□□□□□□□□□□@□□□□□@□□□□□□□□@□□ □□□□□□□□□□□□□□□□□□p□□l□□c□□t□□o□□ □@a□@a□□l□□k□□□□□□□0□□@□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□□□□0□□□□□@□□□□□□□□□□□□□□@□□□□□@□□□□□□□□□□□□□□□□□□□□@□□□□□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013050520130506
    CacheRepair
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
    MRUListEx
    03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    MRUListEx
    07 00 00 00 06 00 00 00 05 00 00 00 04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 ff ff ff ff
Processes Created
  • c:\Documents and Settings\test user\application data\jtucfyjt.exe
  • c:\windows\system32\rundll32.exe

download Try Sophos products for free
Download now