Troj/Agent-ACSL

Category: Viruses and Spyware Protection available since:16 Jul 2013 19:11:15 (GMT)
Type: Trojan Last Updated:16 Jul 2013 19:11:15 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-ACSL include:

Example 1

File Information

Size
12K
SHA-1
028017c003bc236756b22754def9c113fe38a68b
MD5
8b42e6ee7061cdf68089d85d39ff7c59
CRC-32
2c50641a
File type
JAR archive file
First seen
2013-07-16

Example 2

File Information

Size
25K
SHA-1
999dd732775b7b44410afd9f526248ed01fb99b5
MD5
516084217a309fdfb664b6b8dcbaafb9
CRC-32
f699617a
File type
Windows executable
First seen
2013-07-16

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    proxyhttp1.1
    0x00000000
  • HKLM\SOFTWARE\Policies\Microsoft\internet explorer\control panel
    autoconfig
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    proxyhttp1.1
    0x00000000
  • HKCU\Software\Policies\Microsoft\Internet Explorer\control panel
    resetwebsettings
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 04 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 00 66 69 6c 65 3a 2f 2f 43 3a 5c 44 4f 43 55 4d 45 7e 31 5c 73 75 70 70 6f 72 74 5c 4c 4f 43 41 4c 53 7e 31 5c 54 65 6d 70 2f 50 43 2e 74 78 74 04 00 00 00 00 00 00 00 80 88 73 da f3 98 ca 01 01 00 00 00 ac 10 00 06 00 00 00 00 00 00 00 00
Processes Created
  • c:\program files\java\jre6\bin\javaw.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\cscript.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • redir.embuscadomelhor.com.br

Example 3

File Information

Size
134K
SHA-1
e85d3eaac17792edab46e5132a8647a973e550f3
MD5
49c061450004a081665b8484fe8f9299
CRC-32
626b328b
File type
Windows executable
First seen
2012-11-23

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\foto.gif
    Size
    12K
    SHA-1
    028017c003bc236756b22754def9c113fe38a68b
    MD5
    8b42e6ee7061cdf68089d85d39ff7c59
    CRC-32
    2c50641a
    File type
    JAR archive file
    First seen
    2013-07-16
  • c:\Documents and Settings\test user\Local Settings\Temp\PC.txt
    Size
    4.1K
    SHA-1
    23eaa540e51c167ddfa337ea3e53fe7d2c7f9330
    MD5
    1b017698c1d28cbdd5461c0f31347d1d
    CRC-32
    7709fbf1
    File type
    JavaScript
    First seen
    2013-07-16
  • c:\Documents and Settings\test user\Local Settings\Temp\prefs.js
    Size
    132
    SHA-1
    63c19a2dbaba3ab3ed2914860572f05f6a5cbdc7
    MD5
    6d7f67f2a0bf52b87fb0dbb8d8feaa46
    CRC-32
    a4595f9a
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-07-10
  • c:\Documents and Settings\test user\Local Settings\Temp\tumbs.db
  • c:\Documents and Settings\test user\Local Settings\Temp\subzerow13072013.exe
    Size
    25K
    SHA-1
    999dd732775b7b44410afd9f526248ed01fb99b5
    MD5
    516084217a309fdfb664b6b8dcbaafb9
    CRC-32
    f699617a
    File type
    Windows executable
    First seen
    2013-07-16
Registry Keys Created
  • HKCU\Software\Policies\Microsoft\Internet Explorer\control panel
    resetwebsettings
    0x00000001
  • HKLM\SOFTWARE\Policies\Microsoft\internet explorer\control panel
    autoconfig
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    JAVA
    "C:\WINDOWS\system32\javaw.exe" -jar "c:\Documents and Settings\test user\a.gif"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    proxyhttp1.1
    0x00000000
  • HKCU\Software\WinRAR SFX
    C%%DOCUME~1%support%LOCALS~1%Temp%
    C:\DOCUME~1\support\LOCALS~1\Temp\
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    proxyhttp1.1
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    3c 00 00 00 04 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 00 66 69 6c 65 3a 2f 2f 43 3a 5c 44 4f 43 55 4d 45 7e 31 5c 73 75 70 70 6f 72 74 5c 4c 4f 43 41 4c 53 7e 31 5c 54 65 6d 70 2f 50 43 2e 74 78 74 04 00 00 00 00 00 00 00 80 88 73 da f3 98 ca 01 01 00 00 00 ac 10 00 06 00 00 00 00 00 00 00 00
Processes Created
  • c:\docume~1\support\locals~1\temp\subzerow13072013.exe
  • c:\program files\java\jre6\bin\javaw.exe
  • c:\windows\system32\attrib.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\cscript.exe
  • c:\windows\system32\java.exe
  • c:\windows\system32\reg.exe
HTTP Requests
  • http://dlls.proxysegura.com/a.gif
  • http://dlls.proxysegura.com/xp.txt
DNS Requests
  • dlls.proxysegura.com
  • redir.embuscadomelhor.com.br

download Try Sophos products for free
Download now