Troj/Agent-ZWQ

Category:	Viruses and Spyware	Protection available since:	26 Jan 2013 21:00:37 (GMT)
Type:	Trojan	Last Updated:	26 Jan 2013 21:00:37 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ZWQ exhibits the following characteristics:

File Information

Size: 120K
SHA-1: 26e8000b9b5cb9781bea348349bf98535834a742
MD5: 5cdf60a41e5283ebd8841b32f5cf88c7
CRC-32: 9c5c3c74
File type: Windows executable
First seen: 2013-01-26

Runtime Analysis

Dropped Files

C:\bin\out.bin
Size
444
SHA-1
d4aada680f1f37901711e8342ffc2adc70c4bb93
MD5
6fd86537a34e565997a37c8347c78b83
CRC-32
5a6c927b
File type
Unspecified binary - probably data
First seen
2013-01-26

Registry Keys Created

HKCU\Software\WinRAR
46A1FC0C1C2997A50EDEDA5824AD92DD
tr□Pe□
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
(Default)
C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
(Default)
C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
DeleteFlag
0x00000001

Registry Keys Modified

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum
NextInstance
0x00000000
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
(Default)
C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
ErrorControl
0x00000000

Processes Created

c:\docume~1\support\locals~1\temp\143140.exe
c:\windows\system32\cmd.exe

HTTP Requests

http://j.maxmind.com/app/geoip.js
http://new-cdn-node.com/1.exe
http://new-cdn-node.com/6.exe

IP Connections

1.169.106.6:16464
103.10.225.39:16464
109.72.59.17:16464
115.254.253.254:16464
117.214.208.139:16464
117.254.253.254:16464
119.254.253.254:16464
122.17.217.238:16464
134.254.253.254:16464
135.254.253.254:16464
14.98.200.169:16464
14.99.34.16:16464
166.159.225.236:16464
176.18.115.13:16464
180.254.253.254:16464
182.254.253.254:16464
190.188.196.230:16464
190.254.253.254:16464
194.165.17.3:53
2.181.100.54:16464
202.215.174.8:16464
206.254.253.254:16464
218.252.2.112:16464
24.150.34.194:16464
24.181.104.13:16464
27.120.42.216:16464
46.227.234.61:16464
49.124.194.233:16464
5.15.173.41:16464
61.86.31.206:16464
65.28.111.4:16464
65.61.72.208:16464
65.75.137.237:80
66.85.130.234:53
68.9.79.113:16464
71.230.127.3:16464
71.254.253.254:16464
72.192.7.5:16464
72.200.186.218:16464
72.23.78.47:16464
74.210.227.231:16464
74.75.78.27:16464
75.130.233.174:16464
75.178.25.15:16464
75.216.41.185:16464
76.84.63.239:16464
79.53.154.29:16464
8.8.8.8:53
83.160.9.72:16464
83.254.19.56:16464
83.87.124.215:16464
84.237.248.252:16464
87.14.53.183:16464
87.254.253.254:16464
88.176.122.4:16464
88.185.244.185:16464
88.254.253.254:16464
91.191.16.2:16464
92.231.99.7:16464
92.254.253.254:16464
92.55.87.180:16464
94.214.161.162:16464
95.58.213.250:16464
97.89.4.235:16464
98.26.152.12:16464
99.247.229.9:16464

DNS Requests

j.maxmind.com
new-cdn-node.com

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Agent-ZWQ

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Registry Keys Modified

Processes Created

HTTP Requests

IP Connections

DNS Requests

Free Mac Anti-Virus

Popular topics