Troj/Agent-YVC

Category: Viruses and Spyware Protection available since:14 Nov 2012 23:57:04 (GMT)
Type: Trojan Last Updated:14 Nov 2012 23:57:04 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-YVC include:

Example 1

File Information

Size
43K
SHA-1
0414c4db376bed785ab1fdb0ae18360b48c6c91e
MD5
fd805136c94618630dce951b448a0b26
CRC-32
d9ab3186
File type
Windows executable
First seen
2011-06-27

Example 2

File Information

Size
117K
SHA-1
36b542e4e5fd11408f3bdb2ecfc1c358a088258d
MD5
13f9472f45f72fcbd9013b822b627694
CRC-32
45a173e3
File type
Windows executable
First seen
2012-11-14

Other vendor detection

Avira
TR/ATRAPS.Gen2

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\3.tmp
Modified Files
  • C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
    • Set the hidden and system flags
  • C:\Documents and Settings\NetworkService\Local Settings\History
    • Set the hidden and system flags
Registry Keys Created
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main
    PlaySounds
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\International
    AcceptLanguage
    en-US
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    MaxConnectionsPer1_0Server
    0x00000006
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    MaxConnectionsPer1_0Server
    0x00000006
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□2□@□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main
    PlaySounds
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    svchost.exe
    0x00001f40
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□2□@□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\International
    AcceptLanguage
    en-US
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    svchost.exe
    0x00001f40
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000000
Registry Keys Modified
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2300
    0x00000003
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\NetworkService\Local Settings\History
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2300
    0x00000003
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\NetworkService\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
HTTP Requests
  • http://woohoowoo.com/x/
DNS Requests
  • whooyeeee.com
  • woohoowoo.com

Example 3

File Information

Size
117K
SHA-1
44a7c30e09bccc174fc38f695b0ca341f7d8487e
MD5
ecad6dd47956c66c5e595642ad41a16e
CRC-32
a489a020
File type
Windows executable
First seen
2012-11-14

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\4.tmp
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
    Size
    117K
    SHA-1
    36b542e4e5fd11408f3bdb2ecfc1c358a088258d
    MD5
    13f9472f45f72fcbd9013b822b627694
    CRC-32
    45a173e3
    File type
    Windows executable
    First seen
    2012-11-14
  • C:\WINDOWS\Temp\5.tmp
Modified Files
  • C:\Documents and Settings\NetworkService\Local Settings\History
    • Set the hidden and system flags
  • C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
    • Set the hidden and system flags
Registry Keys Created
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main
    PlaySounds
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\International
    AcceptLanguage
    en-US
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2500
    0x00000000
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□B□@□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers
    DefaultSpoolDirectory
    C:\WINDOWS\System32\spool\PRINTERS
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    svchost.exe
    0x00001f40
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main
    PlaySounds
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    DefaultConnectionSettings
    <□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□□□□□□□□□□□B□@□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    svchost.exe
    0x00001f40
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\International
    AcceptLanguage
    en-US
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    MaxConnectionsPer1_0Server
    0x00000006
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    MaxConnectionsPer1_0Server
    0x00000006
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2300
    0x00000003
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\NetworkService\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    2300
    0x00000003
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\Documents and Settings\NetworkService\Local Settings\History
Processes Created
  • c:\windows\system32\spoolsv.exe
HTTP Requests
  • http://woohoowoo.com/x/
DNS Requests
  • woohoowoo.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information