W32/Agent-OOJ exhibits the following characteristics:
File Information
- Size
- 457K
- SHA-1
- 30c80d92b89ba2f48649f26b90d7908f0eac6b5d
- MD5
- e62b9bb9461c28e521c2e93baa954880
- CRC-32
- 826c1866
- File type
- application/x-ms-dos-executable
- First seen
- 2010-09-08
Other vendor detection
- Avira
- Worm/Rbot.397824
- Kaspersky
- Net-Worm.Win32.Mytob.jvb
Runtime Analysis
Copies Itself To
- C:\WINDOWS\mobedirlnk.exe
- F:/driver/usb/driver2usb.EXE
Dropped Files
- F:/autorun.inf
- F:/driver/usb/Desktop.ini
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh
- LogSessionName
- stdout
- HKLM\SOFTWARE\Microsoft\Tracing\FWCFG
- EnableConsoleTracing
- 0x00000000
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Linker Director
- mobedirlnk.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
- Linker Director
- mobedirlnk.exe
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent
- LogSessionName
- stdout
- HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- c:\test_item.exe
- c:\test_item.exe:*:Enabled:Linker Director
Registry Keys Modified
- HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance
- Error Count
- 0x0000000e
Processes Created
- c:\windows\mobedirlnk.exe
- c:\windows\system32\netsh.exe
DNS Requests