Troj/Agent-AGSK

Category: Viruses and Spyware Protection available since:11 Apr 2014 21:25:11 (GMT)
Type: Trojan Last Updated:22 Apr 2014 20:29:38 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-AGSK include:

Example 1

File Information

Size
566K
SHA-1
9906b67bdc70d74ddca88b57b4a8c1c5284afe1d
MD5
006a335ff575776cb44bbb05b7e03914
CRC-32
f990ee83
File type
application/x-ms-dos-executable
First seen
2014-04-11

Other vendor detection

Avira
TR/Dropper.Gen7

Runtime Analysis

Dropped Files
  • C:\Program Files\DbProtectSupport\svchost.exe
    Size
    286K
    SHA-1
    4e3bd60d0369c75763d8a990a8b97c8845646783
    MD5
    9ab9578b1cd570732647a3e1f8c6bc47
    CRC-32
    34bb2828
    File type
    Windows executable
    First seen
    2014-04-11
  • C:\Program Files\DbProtectSupport\fake.cfg
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\DbProtectSupport\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\DbProtectSupport
    ObjectName
    LocalSystem
  • HKLM\SYSTEM\CurrentControlSet\Services\DbProtectSupport\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
Processes Created
  • c:\program files\dbprotectsupport\svchost.exe
IP Connections
  • 162.221.12.185:10991
  • 8.8.8.8:53
DNS Requests
  • 162.221.12.185

Example 2

File Information

Size
172K
SHA-1
a6c38a1742add610b688b176159c4483448afc4a
MD5
44f54b7f28e494e8af38717b02e2d5c4
CRC-32
43821921
File type
Windows executable
First seen
2014-04-11

Other vendor detection

Avira
BDS/Zegost.qmmnao

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\ssyqsw.exe
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\DirectX jrq\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\DirectX jrq\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\DirectX jrq
    Description
    Microsoft(R) DirectX mid for Windows(R).
Processes Created
  • c:\windows\system32\ssyqsw.exe
DNS Requests
  • djservers.no-ip.org
  • zxchk.xicp.net

Example 3

File Information

Size
421K
SHA-1
d69dc2fd7f6f0f6231c4c17c5608e81b9599c3a8
MD5
b7ae778a168d0b935cd97fc3480e3cad
CRC-32
11dfdee3
File type
Windows executable
First seen
2014-04-11

download Try Sophos products for free
Download now