Troj/Agent-AFUJ

Category: Viruses and Spyware Protection available since:27 Jan 2014 18:25:48 (GMT)
Type: Trojan Last Updated:29 Jan 2014 18:53:57 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-AFUJ include:

Example 1

File Information

Size
232K
SHA-1
0bd2d0991f588de66e23f8eb3faa5291a0202318
MD5
c9905217902617dd1fe146cf170ce429
CRC-32
1efae7fe
File type
Windows executable
First seen
2012-06-13

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Inugy\accok.exe
    Size
    232K
    SHA-1
    a08dabdc9f7119cbf56f790b406a5a33620eed32
    MD5
    0352fd7d49567bafc9868247aac073be
    CRC-32
    d8735d55
    File type
    Windows executable
    First seen
    2014-01-27
  • c:\Documents and Settings\test user\Application Data\Suyg\uxeq.fer
    Size
    3.8K
    SHA-1
    d78d75827dbe3e9e25acd896e20660e91b72598e
    MD5
    30a20f827123ee2c9fc900af7f0fcd84
    CRC-32
    bbcba1d2
    File type
    Unspecified binary - probably data
    First seen
    2014-01-27
  • c:\Documents and Settings\test user\Application Data\Suyg\uxeq.tmp
    Size
    661
    SHA-1
    e26e5611212f56d771496e3cd1f6ae98f5024a7e
    MD5
    977494283af200d6923c6721107072c9
    CRC-32
    7c2cdf62
    File type
    Unspecified binary - probably data
    First seen
    2014-01-27
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Xubatyhywi
    "c:\Documents and Settings\test user\Application Data\Inugy\accok.exe"
  • HKCU\Software\Microsoft\Ovabos
    Ezzeac
    □(□0□□□□□□□0□□□K□P□□□Q□□(□0□□□□□□□0□□□K□P□□□Q□□(□0□□□□□□□0□□□K□P□□□Q□□□□□□□□R□□x□□□□□□□@n□`W□□(□0□□□□□□□0□□□K□P□□□Q□□(□0□□□□□□□0□□□K□P□□□Q□□(□0□□□□□□□0□□□K□P□□□Q□P□□@^□ □□`□□□□□0`□□m□ □□□(□0□□□□□□□0□□□K□P□□□Q□□(□0□□□□□□□0□□□K□P□□□Q□
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    ba 2a 99 16 39 1b cf 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
Processes Created
  • c:\Documents and Settings\test user\application data\inugy\accok.exe
IP Connections
  • 92.53.105.175:80

Example 2

File Information

Size
232K
SHA-1
133b819fa5b2b1af1ec0ced269d8c0ee53714003
MD5
6345fecf8479ff0e8af9fc5fee2c87c1
CRC-32
8f7e956b
File type
Windows executable
First seen
2012-06-13

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Iqxoqe\uboli.tmp
    Size
    661
    SHA-1
    645b046495c179a04765828948dee78d7beadec7
    MD5
    ea95ef70f413937fda979013af7234ec
    CRC-32
    de904c18
    File type
    Unspecified binary - probably data
    First seen
    2014-01-28
  • c:\Documents and Settings\test user\Application Data\Iqxoqe\uboli.ikg
    Size
    3.8K
    SHA-1
    2e56872037ab541a4d76a84d4b0ec132793fcac8
    MD5
    88dc10c9a853db2497e61dc7572dc5c1
    CRC-32
    66ac5b01
    File type
    Unspecified binary - probably data
    First seen
    2014-01-28
  • c:\Documents and Settings\test user\Application Data\Kakato\vaef.exe
    Size
    232K
    SHA-1
    4982cab5b30a5d36f238355c4774299c1cb50cbb
    MD5
    e3e0580af4d7172c354f7fbda5a5439f
    CRC-32
    ba04028b
    File type
    Windows executable
    First seen
    2014-01-28
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
Registry Keys Created
  • HKCU\Software\Microsoft\Nuivt
    Aveqhuvil
    7o□PQ□□□□□□□□□□□;□0□□□□□po□PQ□□□□□□□□□□□;□0□□□□□po□PQ□□□□□□□□□□□;□0□□□□□`□□□□□0□□`□□P!□ □□□J□□□□po□PQ□□□□□□□□□□□;□0□□□□□po□PQ□□□□□□□□□□□;□0□□□□□po□PQ□□□□□□□□□□□;□0□□□□□@□□□P□p□□□□□□□□□□□□A□□□□po□PQ□□□□□□□□□□□;□0□□□□□po□PQ□□□□□□□□□□□;□0□□□□□
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Ivulyfofyc
    "c:\Documents and Settings\test user\Application Data\Kakato\vaef.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    d6 75 4b 83 f8 1b cf 01
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
Processes Created
  • c:\Documents and Settings\test user\application data\kakato\vaef.exe
IP Connections
  • 92.53.105.175:80
  • 92.53.105.245:80

Example 3

File Information

Size
337K
SHA-1
199858e83504f508b6b267211511d9c682b733e3
MD5
bfb97553583b3d60b88c05a242c9fc02
CRC-32
f0d38a66
File type
Windows executable
First seen
2014-01-27

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Application Data\soaq.mep
    Size
    477
    SHA-1
    2db534209585a3cc895c58a1e3ba1dd23c6ac275
    MD5
    46f65192074a1b35448c6f85d8f24e60
    CRC-32
    3e3772a2
    File type
    Unspecified binary - probably data
    First seen
    2014-01-27
  • c:\Documents and Settings\test user\Application Data\Esqu\rufec.exe
    Size
    337K
    SHA-1
    1396b244f89954dbf565ea2f3fcb43f8b4b55577
    MD5
    85942e852732f5d40df2e4ad87ed4ee7
    CRC-32
    0c1b8696
    File type
    Windows executable
    First seen
    2014-01-27
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Rufec
    "c:\Documents and Settings\test user\Application Data\Esqu\rufec.exe"
  • HKCU\Software\Microsoft\Lukilupe
    18ci1geb
    7□□□□□ □□□□□□□□ _□
Processes Created
  • c:\Documents and Settings\test user\application data\esqu\rufec.exe
  • c:\windows\system32\cmd.exe
IP Connections
  • 108.228.68.96:3721
  • 109.155.70.117:9017
  • 110.4.180.154:1044
  • 130.111.115.91:2692
  • 172.245.217.122:2943
  • 58.90.27.142:1667
  • 60.244.81.6:6006
  • 89.216.177.236:8029

download Try Sophos products for free
Download now