Troj/Agent-XEP

Category:	Viruses and Spyware	Protection available since:	27 Jul 2012 00:50:55 (GMT)
Type:	Trojan	Last Updated:	27 Jul 2012 00:50:55 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-XEP include:

Example 1

File Information

Size: 91K
SHA-1: 9c60b57eb817aa0d4b7500bb40d7285873ef9d94
MD5: 7e2e5c7561916f8754de78eb8bbc7cd1
CRC-32: 3978ae64
File type: Windows executable
First seen: 2012-07-24

Runtime Analysis

Copies Itself To

C:\Documents and Settings\All Users\Application Data\yvyq8TUV.exe
C:\Documents and Settings\All Users\Application Data\yvyq8TUV.exe_

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\xuxp2STU.dat
Size
235K
SHA-1
eceaca87fdd016e707bae3154acc7ee70213562a
MD5
f3273edb005f55b85b6afb11bf199b32
CRC-32
273a0e88
File type
Unspecified binary - probably data
First seen
2012-07-26

Registry Keys Created

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
WarnOnZoneCrossing
0x00000000
HKCU\Software\Microsoft\Internet Explorer\Main
NoProtectedModeBanner
0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
2500
0x00000003

Processes Created

c:\documents and settings\all users\application data\yvyq8tuv.exe

HTTP Requests

http://92.241.163.23/0xabad1dea.php
http://ads.audienceamplify.com/tt
http://ads.audienceamplify.com/ttj
http://ak1.abmr.net/is/www.burstnet.com
http://ib.adnxs.com/bounce
http://ib.adnxs.com/tt
http://ib.adnxs.com/ttj
http://js.admeld.com/meld128.js
http://tag.admeld.com/ad/iframe/1364/audienceamplify/160x600/square
http://www.burstnet.com/ads/ad24678a-map.cgi/ns/v=2.3S/sz=160x600A/
http://www.burstnet.com/cgi-bin/ads/ad24678a.cgi/v=2.3S/sz=160x600A/93290/RETURN-CODE/JS/

IP Connections

92.241.163.23:53
92.241.163.23:80

DNS Requests

2246d083104beddd4574a5ea39638c6b641783aeab8f70e509.fc.blendserved.com
37011.2246d083104beddd4574a5ea39638c6b641783aeab8f70e509.pfif4.hfuidhfd.jp
ads.audienceamplify.com
ak1.abmr.net
cc.hfuidhfd.jp
cf.blendserved.com
ib.adnxs.com
js.admeld.com
pcc.hfuidhfd.jp
tag.admeld.com
www.burstnet.com

Example 2

File Information

Size: 269K
SHA-1: f17c64f6f630766ec4ea6eb8ab3a61a180f223ac
MD5: 3a8374780ef3b0f87cd799fc22ee1b0c
CRC-32: 38724a45
File type: Windows executable
First seen: 2012-07-26

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Agent-XEP

Example 1

File Information

Runtime Analysis

Copies Itself To

Dropped Files

Registry Keys Created

Processes Created

HTTP Requests

IP Connections

DNS Requests

Example 2

File Information

Free Mac Anti-Virus

Popular topics