Troj/Agent-OOZ

Category: Viruses and Spyware Protection available since:02 Sep 2010 09:11:39 (GMT)
Type: Trojan Last Updated:02 Sep 2010 09:11:39 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-OOZ include:

Example 1

File Information

Size
136K
SHA-1
309136038431a1c9f0c8e6a06302c5d39b634b1a
MD5
f5810f58ef6c6f86890d05e371bb993b
CRC-32
cfd5850c
File type
application/x-ms-dos-executable
First seen
2010-09-02

Example 2

File Information

Size
136K
SHA-1
6de032473232822b271554308a4750aef75f3f11
MD5
b3371cdb31b5aa3c9bb566bef5b249ff
CRC-32
dcec79f5
File type
application/x-ms-dos-executable
First seen
2010-09-01

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Sabi\muvex.tmp
    Size
    1.2K
    SHA-1
    d99c3090530c06f97eae428d04fe5f2da5bb237c
    MD5
    a8c410fefa59097222a16ec0f1abc2b5
    CRC-32
    4c760f5e
    File type
    application/octet-stream
    First seen
    2010-09-02
  • c:\Documents and Settings\test user\Application Data\Zaecf\ukne.exe
    Size
    136K
    SHA-1
    81d5d637b4acfd17e4d8b9c89ff2a0972a4aa3e2
    MD5
    d1273b2a43b47728f1c7284dd2645ef8
    CRC-32
    3600723a
    File type
    application/x-ms-dos-executable
    First seen
    2010-09-02
Registry Keys Created
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {CE292AB0-F0B7-65F9-B7D1-7B8870650A18}
    "c:\Documents and Settings\test user\Application Data\Zaecf\ukne.exe"
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
Processes Created
  • c:\documents and settings\support\application data\zaecf\ukne.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://113.11.194.167/us27/usdase.db
IP Connections
  • 113.11.194.167:80

Example 3

File Information

Size
136K
SHA-1
81d5d637b4acfd17e4d8b9c89ff2a0972a4aa3e2
MD5
d1273b2a43b47728f1c7284dd2645ef8
CRC-32
3600723a
File type
application/x-ms-dos-executable
First seen
2010-09-02

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy