Troj/Agent-ADWO

Category: Viruses and Spyware Protection available since:25 Sep 2013 01:58:50 (GMT)
Type: Trojan Last Updated:25 Sep 2013 01:58:50 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ADWO exhibits the following characteristics:

File Information

Size
205K
SHA-1
9b980e17086ccdbe252aa4848e0f2f0501fa6897
MD5
fba3d0fcb1cdcb08cb757d5fdc3d616b
CRC-32
784e6557
File type
Windows executable
First seen
2013-09-24

Runtime Analysis

Dropped Files
  • C:\WINDOWS\Tasks\Security Center Update - 3856718230.job
    Size
    884
    SHA-1
    5b3f42ffddee4110f8287eff223a7b72182b7c28
    MD5
    24a62e9b43ee85b729a0099de58ba634
    CRC-32
    2f2bbea7
    File type
    Unspecified binary - probably data
    First seen
    2013-09-24
  • C:\WINDOWS\system32\reemce.exe
    Size
    205K
    SHA-1
    128b127626c6e5a6b3373f7dbeee221faa3a0f2c
    MD5
    5459c99a7855dd5faedd04ae4b0f2f98
    CRC-32
    dd04400e
    File type
    Windows executable
    First seen
    2013-09-24
  • c:\Documents and Settings\test user\Application Data\Xaygfe\opaqubu.exe
    Size
    205K
    SHA-1
    128b127626c6e5a6b3373f7dbeee221faa3a0f2c
    MD5
    5459c99a7855dd5faedd04ae4b0f2f98
    CRC-32
    dd04400e
    File type
    Windows executable
    First seen
    2013-09-24
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Yhevregiliuspe
    "c:\Documents and Settings\test user\Application Data\Xaygfe\opaqubu.exe"
  • HKLM\SOFTWARE\Dmnrafozwi
    License
    0x000001bc
  • HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3856718230\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3856718230
    ObjectName
    LocalSystem
  • HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3856718230\Enum
    NextInstance
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Yhevregiliuspe
    "c:\Documents and Settings\test user\Application Data\Xaygfe\opaqubu.exe"
  • HKCU\Software\Dmnrafozwi
    License
    0x000001bc
Registry Keys Modified
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
    C:\Documents and Settings\LocalService\Application Data
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
    C:\Documents and Settings\LocalService\Application Data
Processes Created
  • c:\Documents and Settings\test user\application data\xaygfe\opaqubu.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reemce.exe
HTTP Requests
  • http://kar-gen-pl.org/b/eve/52ec05e95bad65fec7552884
  • http://www.google.bg/
  • http://www.google.com/
DNS Requests
  • kar-gen-pl.org
  • oto-kar.org
  • www.google.bg
  • www.google.com

download Try Sophos products for free
Download now