Troj/Agent-VMY

Category: Viruses and Spyware Protection available since:07 Apr 2012 16:01:47 (GMT)
Type: Trojan Last Updated:07 Apr 2012 16:01:47 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-VMY exhibits the following characteristics:

File Information

Size
351K
SHA-1
4d32b723be87d00e189727b1302860198315d364
MD5
06efc0a2350bea17680d8b20e1bba989
CRC-32
50e9d860
File type
application/x-ms-dos-executable
First seen
2012-04-07

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~unins743.bat
Registry Keys Created
  • HKLM\SOFTWARE\zpppmcegc
    GY
    dc 91 99 45 0d 65 5c dd c0 53 2f d3 b3 8d 2a 2b 8c 68 81 b9 a3 9f 7a 5f 7d fa b1 03 05 c1 b0 c6 fb c3 68 8a f5 4e 33 30 6c 03 06 52 40 13 fb 31 5a 5a 99 e4 7c 3b 67 8e 12 91 f8 79 bc 8f ef a4 a0 6c 16 52 a5 09 7b 57 4e bd 9f 9d eb e4 94 8f dd 85 fe 56 4e 3e cf 62 f0 b7 99 c2 bb c2 18 bc fe 5c 11 dd 7d 27 26 95 15 56 75 2e 74 95 b0 73 a7 51 f3 b5 02 dd 08 b2 dc ac 72 95 ef 79 cd 27 78 2e 25 21 51 1e fe 58 74 54 5d 10 10 48 52 cd bb ea cd bf 11 3e 93 3a a6 57 47 9d c6 28 05 ef 21 65 48 f9 31 92 93 f0 fe b3 08 30 9a 72 7b fb e3 45 90 cc ca 5a f0 33 f5 1a 04 ec ea 74 60 3e 27 d4 c3 22 d4 0f 46 a9 74 85 3e 5e 70 dc b0 e2 83 d6 b2 20 2e 57 63 02 d1 01 bf 6e 26 c6 e5 29 2b 39 82 5b b8 97 4a 03 0e 67 df 1d ca 45 d2 7d f1 26 06 66 4d a5 a9 1e 87 e2 d2 8c f6 30 a0 03 [... 169536 intervening characters ...] 77 b9 c6 52 fb 02 d4 a9 5b c4 4d 58 e4 72 5c 64 07 cb e4 46 65 34 1a 78 7d 9b f3 8c 26 59 da 68 74 6b f1 91 59 b7 9b 65 e5 4f fa e4 cd 3b 1d ed aa 8f 73 bc 21 7a bf c6 3f 5e 5d 2c 7b 33 72 53
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    BPHT
    C:\WINDOWS\system32\xircomi.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012040720120408
    CacheOptions
    0x0000000b
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
    6
    a>□p!□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    6
    a>□p!□
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\xircomi.exe
HTTP Requests
  • http://7.93.186.240/adj/Category.aspx
  • http://ads.alpha00001.com/cgi-bin/advert/getads
  • http://l.advertstream.com/
  • http://l.advertstream.com/a/adclick.php
  • http://su600.com/a/adjs2.php
  • http://su600.com/publicite/com/zone.php
  • http://su600.com/r.php
  • http://www.123-webcam-amateur.com/
  • http://www.les-malins-du-jour.com/landingpage/rotation_say.php
IP Connections
  • 7.93.186.240:80
DNS Requests
  • ads.alpha00001.com
  • l.advertstream.com
  • somethingclosely.com
  • su600.com
  • www.123-webcam-amateur.com
  • www.les-malins-du-jour.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information