Troj/Agent-OOS

Category: Viruses and Spyware Protection available since:02 Sep 2010 03:10:55 (GMT)
Type: Trojan Last Updated:02 Sep 2010 03:10:55 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-OOS include:

Example 1

File Information

Size
110K
SHA-1
655118b4615620050ccc8dcba9b8460cffbc340f
MD5
8e2f3b12a791b80e967099cd369c96fc
CRC-32
52e26d0c
File type
application/x-ms-dos-executable
First seen
2010-09-18

Runtime Analysis

Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28}
    DhcpNameServer
    93.188.162.80,93.188.161.13
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    DhcpNameServer
    93.188.162.80,93.188.161.13
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    NameServer
    93.188.162.80,93.188.161.13
  • HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2861B0F9-F1E8-4A1A-B9D5-08FB3E595B28}
    NameServer
    93.188.162.80,93.188.161.13
HTTP Requests
  • http://www.microsoft.com/
IP Connections
  • 93.188.162.80:53
DNS Requests
  • baddirect.com
  • www.microsoft.com

Example 2

File Information

Size
110K
SHA-1
a769a8dd9038b8df7929d2a507a68637e4b129d7
MD5
359d7d29320507182c2b4e36b7035950
CRC-32
46264253
File type
application/x-ms-dos-executable
First seen
2010-09-01

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\spool\prtprocs\w32x86\UO17m3g7i.dll

Example 3

File Information

Size
110K
SHA-1
b37c7a15a9cf3870c87dcad206803b51134e0a7b
MD5
12b4ef4d9c1683d4fc9d77db18db8c5f
CRC-32
36a50ebb
File type
application/x-ms-dos-executable
First seen
2010-09-01

Other vendor detection

Kaspersky
Backdoor.Win32.TDSS.acg

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\8267_appcompat.txt
    Size
    18K
    SHA-1
    b3f592287e526fa7f8701dc836451c9f64f22f87
    MD5
    5ff15a90fc14be01de7ade875701a321
    CRC-32
    a38ebda3
    File type
    application/octet-stream
    First seen
    2010-09-07
  • C:\WINDOWS\system32\spool\prtprocs\w32x86\YW1uO3o7o.dll
    Size
    110K
    SHA-1
    c20b7b73af21188e1d1eb7d81c97d9c8aac51d43
    MD5
    4fb47b856f73499a09485cc1eb444a9e
    CRC-32
    629058c0
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-07
Processes Created
  • c:\windows\system32\spoolsv.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy