Troj/Agent-PCQ

Category: Viruses and Spyware Protection available since:26 Oct 2010 00:20:47 (GMT)
Type: Trojan Last Updated:27 Oct 2010 13:02:29 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-PCQ include:

Example 1

File Information

Size
246K
SHA-1
11498d3279e4f522686085ab714e46594a46e764
MD5
62ccd3f7e7225140f75e1df9cd47ace4
CRC-32
76019ca8
File type
application/x-ms-dos-executable
First seen
2010-09-27

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\7002.bat
    Size
    592
    SHA-1
    eb877a968521446f243085ececcadd662ed41b31
    MD5
    8604138174b3ef0a40505d55c05cb673
    CRC-32
    53df17ae
    File type
    application/octet-stream
    First seen
    2010-10-01
  • C:\bin\black.hta
    Size
    275
    SHA-1
    fbe7a602b0bf298257f9e8d513c8d2176a4f8fc4
    MD5
    eb1e15014096d98181f9d42f7c6ff1ac
    CRC-32
    2183c244
    File type
    text/html
    First seen
    2010-10-01
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\mshta.exe

Example 2

File Information

Size
102K
SHA-1
24e52b1d983dbc81da992987c58b51ae2af285b9
MD5
efc1ac10787200f0bae9c88e6f547c1b
CRC-32
a47410e9
File type
application/x-ms-dos-executable
First seen
2010-10-22

Runtime Analysis

Processes Created
  • c:\windows\system32\cmd.exe

Example 3

File Information

Size
181K
SHA-1
34f7a37597d6ffeba8d14acbddbbd711a47a2148
MD5
b85d4fd6cedc3c9ff0de9fbefacb8b85
CRC-32
6847e2e1
File type
application/x-ms-dos-executable
First seen
2010-10-03

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\drivers\etc\hosts
Modified Files
  • %SYSTEM%\drivers\etc\hosts
    • Changed the file contents
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    iexplore.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x48025225
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://api.ak.facebook.com/restserver.php
  • http://googleads.g.doubleclick.net/pagead/ads
  • http://googleads.g.doubleclick.net/pagead/imgad
  • http://googleads.g.doubleclick.net/pagead/test_domain.js
  • http://pagead2.googlesyndication.com/pagead/abglogo/abg-es-100c-000000.png
  • http://pagead2.googlesyndication.com/pagead/abglogo/abg-es-100c-ffffff.png
  • http://pagead2.googlesyndication.com/pagead/expansion_embed.js
  • http://pagead2.googlesyndication.com/pagead/images/i.png
  • http://pagead2.googlesyndication.com/pagead/js/abg.js
  • http://pagead2.googlesyndication.com/pagead/js/graphics.js
  • http://pagead2.googlesyndication.com/pagead/render_ads.js
  • http://pagead2.googlesyndication.com/pagead/show_ads.js
  • http://pagead2.googlesyndication.com/pagead/sma8.js
  • http://s7.addthis.com/js/250/addthis_widget.js
  • http://static.ak.fbcdn.net/connect.php/css/share-button-css
  • http://static.ak.fbcdn.net/connect.php/js/FB.Share
  • http://static.ak.fbcdn.net/rsrc.php/zAQB0/hash/1a8txe26.png
  • http://www.shoshan.cl/cartas/carta_586.html
  • http://www.shoshan.cl/cartas/images/layout_04.gif
  • http://www.shoshan.cl/cartas/style.css
  • http://www.shoshan.cl/images/120x80/disenos/esperanza.jpg
  • http://www.shoshan.cl/images/disenos/fondos/esperanza.jpg
  • http://www.shoshan.cl/images/disenos/fondos_bg/papel_claro.jpg
  • http://www.shoshan.cl/images/disenos/insertables/capturas/esperanza.jpg
  • http://www.shoshan.cl/images/disenos/insertables/fondos_blancos/shoshan.gif
  • http://www.shoshan.cl/images/disenos/insertables/transparentes/coraz-on_2.gif
  • http://www.shoshan.cl/images/disenos/insertables/transparentes/coraz-on_3.gif
  • http://www.shoshan.cl/images/disenos/insertables/transparentes/corazon_linea_3.gif
  • http://www.shoshan.cl/images/disenos/insertables/transparentes/corazon_linea_5.gif
  • http://www.shoshan.cl/images/disenos/insertables/transparentes/corazones_rosas2.gif
  • http://www.shoshan.cl/images/disenos/insertables/transparentes/firma.gif
  • http://www.shoshan.cl/images/disenos/insertables/transparentes/rosas5.gif
  • http://www.shoshan.cl/swf/musica/ernesto_cortazar_-_eternity.swf
DNS Requests
  • api.ak.facebook.com
  • googleads.g.doubleclick.net
  • pagead2.googlesyndication.com
  • s7.addthis.com
  • static.ak.fbcdn.net
  • www.shoshan.cl

download Try Sophos products for free
Download now