Troj/Agent-ACZU

Category: Viruses and Spyware Protection available since:07 Aug 2013 12:27:07 (GMT)
Type: Trojan Last Updated:07 Aug 2013 12:27:07 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ACZU exhibits the following characteristics:

File Information

Size
136K
SHA-1
3657935db0d3d984e910af60d9374e4d40c825ed
MD5
0ac202833c8b8cc3903f2bfb0840e20f
CRC-32
f3df43c5
File type
Windows executable
First seen
2013-08-06

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\flht.dat
  • c:\Documents and Settings\test user\Local Settings\Temp\flht.dat
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\thlf.pad
    Size
    91M
    SHA-1
    214b62881b677c6c8091ebe56e36bbefe24f8e04
    MD5
    75772ee07d50ee333da7e97c17691b36
    CRC-32
    2d8f5623
    File type
    Unspecified binary - probably data
    First seen
    2013-08-06
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\thlf.lnk
    Size
    800
    SHA-1
    4c297d61e9dbbb29fbc493c35efdcef98a751ddb
    MD5
    581714b14665f89aa30df533710ee394
    CRC-32
    2bc00b17
    File type
    Windows Shortcut file (.LNK)
    First seen
    2013-08-06
  • c:\Documents and Settings\test user\Local Settings\Temp\thlf.js
    Size
    3.2K
    SHA-1
    f68288471592253cd4a158a81751f6ddbb4fedf2
    MD5
    aac09b7dde08095eb5ce988ea8487185
    CRC-32
    cca1c8cd
    File type
    JavaScript
    First seen
    2013-08-06
Registry Keys Created
  • HKCU\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device
    DSGuid
    {00000000-0000-0000-0000-000000000000}
  • HKCU\Software\Microsoft\Multimedia\ActiveMovie\Filter Cache
    0
    □\□□□□Ph□0f□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□@□□P□□`□□□□□0□□P□□□□□@□□□□□□□□□□□□□□ □□P□□P□□ □□@□□□□□@□□`□□□□□@□□P□□p□□□□□□□□@□□@□□□□□□□□□□□ □□0□□□□□p□□□□□ □□ □□□□□P□□P□□`□□P□□`□□0□□ □□□□□□□□□□□□□□P□□p□□`□□ □□@□□ □□□□□ □□□□□P□□`□□ □□ □□□□□@□□P□□□□□0□□□□□□□□@□□@□□0□□□□□@□□0□□@□□ □□□□□`□□P□□□□□0□□□□□ □□P□□□□□□□□□□□□□□@□□P□□`□□□□□0□□P□□□□□@□□□□□□□□□□□□□□□□□p□□@□□□□□0□□□□□0□□ □□□□□@□□P□□0□□0□□□□□@□□@□□0□□ □□□□□□□□□□□@□□□□□□□□p□□@□□`□□ □□□□□□□□P□□□□□P□□@□□ □□□□□□□□□□□P□□p□□`□□ □□@□□ □□□□□ □□□□□P□□`□□ □□ □□□□□@□□P□□□□□0□□□□□□□□@□□@□□0□□□□□@□□0□□@□□ □□□□□`□□P□□□□□0□□□□□ □□P□□□□□□□□□□□□□□@□□P□□`□□□□□0□□P□□□□□@□□□□□□□□□□□□□□ □□□□□□□□□□□ □□□□□P□□ □□□□□`□□P□□`□□P□□□□□@□□ □□@□□□□□□□□□□□`□□@□□ □□□□□□□□P□□□□□P□□@□□`□□P□□□□□@□□ □□0□□ □□□□□□□□@□□□□□`□□□□□ □□@□□@□□ □□□□□ [... 34656 intervening characters ...] □□□@□□□□□□N□□□□P7□`□□□m□□□□□□□□□□□□□□□□□□□□8□□q□0□□□□□□□□□□□□□□□□□□8□□q□ □□□□□□□□□□□□□□□□□□8□□q□□□□□□□□□□□□□□□□□□□□8□□q□□□□□□□□□□□□□□□□□□□□8□□q□@□□□□□□□□□□□□□□□□□□8□□q□□□□□□□□□□□□□□□□□□□□8□□q□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    2500
    0x00000003
  • HKCU\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
    MidiOutId
    0xffffffff
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    2500
    0x00000003
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2500
    0x00000003
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\windows\system32\rundll32.exe
IP Connections
  • 64.191.122.10:80

download Try Sophos products for free
Download now