Troj/Agent-XEP

Category: Viruses and Spyware Protection available since:27 Jul 2012 00:50:55 (GMT)
Type: Trojan Last Updated:27 Jul 2012 00:50:55 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-XEP include:

Example 1

File Information

Size
91K
SHA-1
9c60b57eb817aa0d4b7500bb40d7285873ef9d94
MD5
7e2e5c7561916f8754de78eb8bbc7cd1
CRC-32
3978ae64
File type
Windows executable
First seen
2012-07-24

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Application Data\yvyq8TUV.exe
  • C:\Documents and Settings\All Users\Application Data\yvyq8TUV.exe_
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\xuxp2STU.dat
    Size
    235K
    SHA-1
    eceaca87fdd016e707bae3154acc7ee70213562a
    MD5
    f3273edb005f55b85b6afb11bf199b32
    CRC-32
    273a0e88
    File type
    Unspecified binary - probably data
    First seen
    2012-07-26
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnOnZoneCrossing
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\Main
    NoProtectedModeBanner
    0x00000001
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000003
Processes Created
  • c:\documents and settings\all users\application data\yvyq8tuv.exe
HTTP Requests
  • http://92.241.163.23/0xabad1dea.php
  • http://ads.audienceamplify.com/tt
  • http://ads.audienceamplify.com/ttj
  • http://ak1.abmr.net/is/www.burstnet.com
  • http://ib.adnxs.com/bounce
  • http://ib.adnxs.com/tt
  • http://ib.adnxs.com/ttj
  • http://js.admeld.com/meld128.js
  • http://tag.admeld.com/ad/iframe/1364/audienceamplify/160x600/square
  • http://www.burstnet.com/ads/ad24678a-map.cgi/ns/v=2.3S/sz=160x600A/
  • http://www.burstnet.com/cgi-bin/ads/ad24678a.cgi/v=2.3S/sz=160x600A/93290/RETURN-CODE/JS/
IP Connections
  • 92.241.163.23:53
  • 92.241.163.23:80
DNS Requests
  • 2246d083104beddd4574a5ea39638c6b641783aeab8f70e509.fc.blendserved.com
  • 37011.2246d083104beddd4574a5ea39638c6b641783aeab8f70e509.pfif4.hfuidhfd.jp
  • ads.audienceamplify.com
  • ak1.abmr.net
  • cc.hfuidhfd.jp
  • cf.blendserved.com
  • ib.adnxs.com
  • js.admeld.com
  • pcc.hfuidhfd.jp
  • tag.admeld.com
  • www.burstnet.com

Example 2

File Information

Size
269K
SHA-1
f17c64f6f630766ec4ea6eb8ab3a61a180f223ac
MD5
3a8374780ef3b0f87cd799fc22ee1b0c
CRC-32
38724a45
File type
Windows executable
First seen
2012-07-26

download Try Sophos products for free
Download now