Troj/Agent-ACSN

Category: Viruses and Spyware Protection available since:16 Jul 2013 23:10:24 (GMT)
Type: Trojan Last Updated:16 Sep 2013 04:50:02 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-ACSN include:

Example 1

File Information

Size
820K
SHA-1
0030d103a8e832765290fb72581af70877f144c3
MD5
f45b0bffa1378a36175317e75e9c93ef
CRC-32
678ae3d5
File type
Windows executable
First seen
2013-05-16

Example 2

File Information

Size
849K
SHA-1
0057326027e5335a762bac8a6a967291af680607
MD5
3e28a42028ce0b8ab132f84b4f53c1fe
CRC-32
9500e3e5
File type
Windows executable
First seen
2013-08-07

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\3.tmp
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
    Size
    849K
    SHA-1
    91c1b5cb5cce0acc415c0c6d24d8c6858a6817c7
    MD5
    f7230b4db607f6942b1cafd5bad5f547
    CRC-32
    a54d209a
    File type
    Windows executable
    First seen
    2013-08-10
  • C:\Documents and Settings\All Users\Desktop\Internet Security Pro.lnk
    Size
    807
    SHA-1
    eca3e2595febf94006597d86919fe6a440e5e371
    MD5
    6ed350dc937433d61e4055c1803a1057
    CRC-32
    12afe264
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-08-10
  • C:\Documents and Settings\All Users\Application Data\wmdefender.exe
    Size
    821K
    SHA-1
    926e98405f279de5c490ec250f0dbc948e167765
    MD5
    bb10dcf9b77bd5e0fec16722d537289d
    CRC-32
    9df94113
    File type
    Windows executable
    First seen
    2013-08-10
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\1c18f
    Name
    C:\DOCUME~1\support\LOCALS~1\Temp\2.tmp
  • HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
    DefaultSpoolDirectory
    C:\WINDOWS\System32\spool\PRINTERS
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers
    Order
    LanMan Print Services Internet Print Provider 1c18f
Processes Created
  • c:\documents and settings\all users\application data\wmdefender.exe
  • c:\windows\system32\spoolsv.exe
HTTP Requests
  • http://cinnamyn.com/images/s.php
  • http://twinkcam.net/images/s.php
DNS Requests
  • cinnamyn.com
  • twinkcam.net

Example 3

File Information

Size
838K
SHA-1
006c6e647cf17137eded056eca7b8219c27e1ce7
MD5
6f0cab107e6d32d6f778ecb4321bfee8
CRC-32
4069e3ed
File type
Windows executable
First seen
2013-07-31

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\3.tmp
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
    Size
    838K
    SHA-1
    7ecab03cb7f6f8d3625d74d2f34272249163ac46
    MD5
    fc3a3a888b865a439bf6b52b15c3302f
    CRC-32
    6a6aed0b
    File type
    Windows executable
    First seen
    2013-08-29
  • C:\Documents and Settings\All Users\Application Data\wmdefender.exe
    Size
    819K
    SHA-1
    2585e810ab598ef5a752e74fcddf2f5acbb9c864
    MD5
    deaae8ed22b4dcbcf67650c3cce3a233
    CRC-32
    72e1da49
    File type
    Windows executable
    First seen
    2013-08-29
  • C:\Documents and Settings\All Users\Desktop\Internet Security Pro.lnk
    Size
    807
    SHA-1
    6762cdfff6642b60f2445fbbdf302143930075f6
    MD5
    edaae1f03347f3345d3a2a1378654808
    CRC-32
    7e0176d1
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-08-29
Modified Files
  • C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
    • Set the hidden and system flags
  • C:\Documents and Settings\LocalService\Local Settings\History
    • Set the hidden and system flags
Registry Keys Created
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□P□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
    DefaultSpoolDirectory
    C:\WINDOWS\System32\spool\PRINTERS
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□□□P□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\LocalService\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\LocalService\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Processes Created
  • c:\documents and settings\all users\application data\wmdefender.exe
  • c:\windows\system32\spoolsv.exe
HTTP Requests
  • http://cinnamyn.com/images/s.php
  • http://twinkcam.net/images/s.php
DNS Requests
  • cinnamyn.com
  • twinkcam.net

download Try Sophos products for free
Download now