Troj/Agent-AFOC

Category: Viruses and Spyware Protection available since:13 Jan 2014 04:05:00 (GMT)
Type: Trojan Last Updated:13 Jan 2014 04:05:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-AFOC include:

Example 1

File Information

Size
325K
SHA-1
466d1640675730214d47afc81033d990e8e181bd
MD5
c66e3919805cb6596222eefa1151eafc
CRC-32
45e0e821
File type
Windows executable
First seen
2014-01-12

Other vendor detection

Avira
TR/Crypt.XPACK.Gen

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Yvkyi\pucy.exe
  • c:\Documents and Settings\test user\Application Data\Niohe\qata.ikz
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {9572B913-A422-769A-2054-7D7E97882FC6}
    "c:\Documents and Settings\test user\Application Data\Yvkyi\pucy.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Ucatve
    Bazeuno
    0_□□□□□□□□y□□f□□□□□6□ W□□□□`□□□□□P□□□□□P□□□A□0□□ □□□□□□□□P□□□`□p□□□□□P□□□□□pi□@□□□z□p□□p#□P□□□□□□/□□□□ □□□□□□□□pe□06□p□□ □□□□□□□□□□□□R□□□□□□□□|□`□□P□□0□□@□□`□□□□□□□□□□□□□□@-□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    20 e6 18 2b d0 0f cf 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\yvkyi\pucy.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://networksecurityx.hopto.org/
  • http://www.akcaravansandmotorhomes.com.au/images/helper/config.bin
  • http://www.google.bg/webhp
  • http://www.google.com/webhp
DNS Requests
  • networksecurityx.hopto.org
  • www.akcaravansandmotorhomes.com.au
  • www.google.bg
  • www.google.com

Example 2

File Information

File type
Windows executable

download Try Sophos products for free
Download now