Troj/Agent-ACVJ

Category: Viruses and Spyware Protection available since:23 Jul 2013 14:09:53 (GMT)
Type: Trojan Last Updated:23 Jul 2013 14:09:53 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ACVJ exhibits the following characteristics:

File Information

Size
3.4M
SHA-1
f68bfc2765932c76d8271ce7e8493bfa5748dba1
MD5
e17197246282ab97271c91b737aaa7ba
CRC-32
fceffcc0
File type
Windows executable
First seen
2013-07-23

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\log
    Size
    32
    SHA-1
    a2eabf2c4aae5626e0a8ff89990a5ddaa58cb82c
    MD5
    738c5d86ff5fd23fa6568e2b4486d9ec
    CRC-32
    b89c7bb0
    File type
    Data Log File (generic)
    First seen
    2013-07-23
  • c:\Documents and Settings\test user\Local Settings\Temp\IAQHR.bat
    Size
    166
    SHA-1
    3ddf3046d01c980b8f3ed29d5b1f060975d802fc
    MD5
    78a2fe3b3eef464ebce982fed340022d
    CRC-32
    7ff94064
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2013-07-23
  • c:\Documents and Settings\test user\Local Settings\Temp\BELO8ICEIE.exe
  • c:\Documents and Settings\test user\Application Data\Adobe\csrss.exe
    Size
    3.4M
    SHA-1
    c00929ba5245c7f159dc2fe37c3306f04591c4f7
    MD5
    9f2f3f5826d51a4d1ce14c51b258c55e
    CRC-32
    2777db5f
    File type
    Windows executable
    First seen
    2013-07-23
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF8523.tmp
    Size
    16K
    SHA-1
    a4e2d725f82ae412d2dffe4f12d0a2dd5e6e20f7
    MD5
    cd86347203c03212ce98cc7401da317f
    CRC-32
    a9f8f1fe
    File type
    Microsoft OLE2 file format
    First seen
    2013-07-19
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\DOCUME~1\support\LOCALS~1\Temp\BELO8ICEIE.exe
    C:\DOCUME~1\support\LOCALS~1\Temp\BELO8ICEIE.exe:*:Enabled:Windows Messanger
  • HKCU\Software\VB and VBA Program Settings\SrvID\ID
    BXSWA6TSYC
    Betting
  • HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
    BXSWA6TSYC
    July 23, 2013
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Adobe Updater
    c:\Documents and Settings\test user\Application Data\Adobe\csrss.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\adobe\csrss.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\ipconfig.exe
  • c:\windows\system32\reg.exe
IP Connections
  • 144.76.93.165:443

download Try Sophos products for free
Download now