Troj/Agent-ADJZ

Category: Viruses and Spyware Protection available since:29 Aug 2013 23:19:54 (GMT)
Type: Trojan Last Updated:02 Sep 2013 20:49:59 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-ADJZ include:

Example 1

File Information

Size
301K
SHA-1
025e0a36f38845b162acd4a60700aac820417a03
MD5
be925e77b6986b4f28c841218952e32a
CRC-32
7a5447e9
File type
Windows executable
First seen
2013-08-29

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Boteo\xucuux.exe
    Size
    301K
    SHA-1
    335001d266524f9a3e8110900aafca18359a6986
    MD5
    2d1ed6e097a6934984e88194a83084af
    CRC-32
    0a435131
    File type
    Windows executable
    First seen
    2013-08-29
  • c:\Documents and Settings\test user\Local Settings\Application Data\enbyum.uhc
    Size
    477
    SHA-1
    0d299a13d5908f6d2171ec9302769251bf9d798b
    MD5
    9145ee2f75efe9f2921d440cc4667864
    CRC-32
    417efb8c
    File type
    Unspecified binary - probably data
    First seen
    2013-08-29
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Bafoopacteix
    268e1f92
    wT□@Z□ k□pt□ C□pO□`l□□Q□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Xucuux
    "c:\Documents and Settings\test user\Application Data\Boteo\xucuux.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\boteo\xucuux.exe
IP Connections
  • 162.193.64.98:5193
  • 174.96.27.128:7786
  • 66.178.157.226:8514
  • 70.49.181.18:9995
  • 75.198.14.246:3318
  • 99.1.116.222:3428
  • 99.9.164.239:6415

Example 2

File Information

Size
301K
SHA-1
0270268be398c2013f0d41dc2862bad6d22113cc
MD5
02d7844211af3e368680ba8e44c4161f
CRC-32
8d572d82
File type
Windows executable
First seen
2013-08-29

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Ymacce\migadi.exe
    Size
    301K
    SHA-1
    3f77c76b95f5d3728ff9c1dbbbf321038fd6c42d
    MD5
    5c553fb1d1a02bac6667d024dcc85793
    CRC-32
    49fac0bc
    File type
    Windows executable
    First seen
    2013-08-30
  • c:\Documents and Settings\test user\Local Settings\Application Data\goizab.uft
    Size
    477
    SHA-1
    65b479bd7286646882dd29409272f57c4ac3e240
    MD5
    c26e572d58575b4e171e742505ce8e60
    CRC-32
    52cf9bcb
    File type
    Unspecified binary - probably data
    First seen
    2013-08-30
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Migadi
    "c:\Documents and Settings\test user\Application Data\Ymacce\migadi.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Teezaduko
    3c0796j
    □□□□□□□□□□□□`%□@ □
Processes Created
  • c:\Documents and Settings\test user\application data\ymacce\migadi.exe
IP Connections
  • 162.193.64.98:5193
  • 174.96.27.128:7786
  • 66.178.157.226:8514
  • 70.49.181.18:9995
  • 75.198.14.246:3318
  • 84.59.151.27:7605
  • 99.1.116.222:3428
  • 99.9.164.239:6415

Example 3

File Information

Size
113K
SHA-1
02a075d001b91d683484d8a1bfe4d7d7fe381eb6
MD5
6e5d9605eaf8f85576e1d54c8110724d
CRC-32
f6fdf363
File type
Windows executable
First seen
2013-08-29

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Nugayl\doowcy.exe
    Size
    302K
    SHA-1
    6712bd65aa339fc19f452b8443deca3b0da84e52
    MD5
    86b8b97d3e4fb7741786523175821e1c
    CRC-32
    03dbfee0
    File type
    Windows executable
    First seen
    2013-08-30
  • c:\Documents and Settings\test user\Local Settings\Application Data\yvemer.qim
    Size
    477
    SHA-1
    4f7fc064552c7e0605cd25fce0662202dc52ab0d
    MD5
    5c41e2925bfce2e431d12dfb315d8dd2
    CRC-32
    e25a1686
    File type
    Unspecified binary - probably data
    First seen
    2013-08-30
Registry Keys Created
  • HKCU\Software\Microsoft\Fovokysaijry
    hi97646
    kR□□N□ i□□E□□l□□c□pg□Pv□
  • HKCU\Software\WinRAR
    E505115A26D08BD8B5C522D152A60984
    tr□Pe□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Doowcy
    "c:\Documents and Settings\test user\Application Data\Nugayl\doowcy.exe"
Processes Created
  • c:\Documents and Settings\test user\application data\nugayl\doowcy.exe
  • c:\docume~1\support\locals~1\temp\120515.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://lottieandjakes.co.uk/5AC4Pz.exe
  • http://residenceartigny.be/1eoqj.exe
IP Connections
  • 108.216.28.159:2357
  • 162.210.136.187:6347
  • 67.76.210.13:1015
  • 74.218.125.106:3486
  • 99.9.164.239:6415
DNS Requests
  • abesgastropub.net
  • lottieandjakes.co.uk
  • residenceartigny.be

download Try Sophos products for free
Download now