Troj/Agent-ZFN exhibits the following characteristics:
File Information
- Size
- 169K
- SHA-1
- 9274da56c12879613a9d494b5840431b8a84eeec
- MD5
- a47d2cddb4c537235d959ca0c26ed371
- CRC-32
- c119d1b2
- File type
- Windows executable
- First seen
- 2012-12-07
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Local Settings\Application Data\Piriform\uyrpengx.dll
- Size
- 440K
- SHA-1
- f0b250464e39bf98341c4d9f93601c3e68fab23d
- MD5
- 1e81cd0eae3cc8b34ba8f570ba679688
- CRC-32
- f42251f0
- File type
- Windows executable
- First seen
- 2012-12-07
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Piriform
- RU□□D□□L□02□□E□□E□□"□0:□□D□□c□Pm□Pn□@s□□a□□d□□S□Pt□@i□□g□0\□0u□□p□□r□@\□□o□0a□□ □0e□@t□□n□ps□□A□□p□□i□0a□@i□□n□□D□□t□□\□□i□ i□`o□ m□□u□□r□□e□□g□□.□@l□□"□□I□□i□@D□`E□□c□□3□@5□`7□□□□□y□□□□@□□□□□□□□□
- HKCU\Software\Piriform
- {89775F8E-69D8-D481-66A4-497EA2EDF109}
- □S□□□□p}□□}□`□□p□□□)□□B□□□□□□□□□□`□□□□□□f□□P□`9□□□□□□□PJ□Pv□□,□`□□`d□□□□□□□□:□P□□@□□□L□ □□□}□□□□PN□□Y□□:□□□□0□□□□□@□□□□□0□□□F□ □□0*□□□□□□□pi□□□□□/□`W□□□□□□□□□□P□□`□□□□□□□□□□□□2□P□□□□□□^□`□□□i□ □□□$□□□□@□□0d□□{□□□□Pw□□?□□□□P□□□4□□S□□$□□□□□a□□a□□□□□□□□~□□□□□□□ □□0%□`□□□□□□□□p□□`□□□□□□□□□□□□B□□□□ □□`□□□□□□'□□□□@□□□\□0i□□\□p*□02□□□□0□□□□□P□□□l□@ □p□□0□□P8□@□□□3□□□□p□□□~□`□□PA□□□□□□□@□□□□□□□□□"□□W□□□□□□□@□□`%□@]□`□□□L□□□□□□□□[□□□□@T□□□□□_□p□□0□□p8□@l□□□□□d□□□□□□□□□□□□□□□□□□□0□□□□□p□□p5□p□□ □□□□□□|□□!□@□□0□□P□□□R□□|□□'□□□□pU□`□□□□□ □□0□□`h□□T□0□□□□□□□□□<□□□□pd□□□□□□□0□□0>□@□□□m□0&□□W□□=□PX□`□□□□□□m□07□@*□P□□□□□□□□□m□□@□□2□□□□□□□□□□0>□□z□@:□P□□□z□PH□□□□□7□□□□@□□□o□□□□□□□□D□□'□□K□□S□□8□□□□`□□`□□□□□□V□0□□□□□□□□□□□@□□□K□□□□`□□□□□`k□`□□0□□□□□□□□□q□p*□P□□□□□ □□□(□□□□□□□ [... 8334 intervening characters ...] `□□□□□□1□PG□□R□□`□ □□□x□p□□□'□□E□p*□`□□@□□0□□□□□□m□□~□□[□□|□□□□□□□Pf□□m□□□□□□□□□□`□□`□□□1□`,□□G□□□□`□□`,□□!□0□□`□□□□□ [□P_□0□□□□□□□□□□□□□□□w□□x□`□□ □□@□□0v□□□□@z□□□□□t□PM□□□□□□□□□□□□□□□□□□□□#□
Processes Created
- c:\windows\system32\rundll32.exe