Troj/Agent-XZI

Category: Viruses and Spyware Protection available since:07 Oct 2012 04:35:31 (GMT)
Type: Trojan Last Updated:07 Oct 2012 04:35:31 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-XZI exhibits the following characteristics:

File Information

Size
100K
SHA-1
14e541f046e20f5c7ef3d25744af9c8735f69dce
MD5
aef0c4e5cf8ae5d327dc1431101dafb6
CRC-32
37f686a6
File type
Windows executable
First seen
2012-10-06

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Application Data\Connection Manager\Connection Manager.com
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
    3093:TCP
    3093:TCP:*:Enabled:Remote Assistance Remote
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    Connection Manager
    c:\Documents and Settings\test user\Local Settings\Application Data\Connection Manager\Connection Manager.com
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts
    Logon
    c:\Documents and Settings\test user\Local Settings\Application Data\Connection Manager\Connection Manager.com
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Connection Manager
    c:\Documents and Settings\test user\Local Settings\Application Data\Connection Manager\Connection Manager.com
Processes Created
  • c:\windows\explorer.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\netsh.exe
  • c:\windows\system32\svchost.exe
DNS Requests
  • datetimes.cc

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information