Troj/Agent-ABKC

Catégorie: Virus et spywares Protection disponible depuis:24 avr. 2013 16:18:02 (GMT)
Type: Trojan Dernière mise à jour :24 avr. 2013 16:18:02 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Examples of Troj/Agent-ABKC include:

Example 1

File Information

Size
301K
SHA-1
3b03c2566296da77242c282b40da64fc452fbd7c
MD5
359240efc489f722a41379be6fa0aa5b
CRC-32
405c111f
File type
Windows executable
First seen
2013-04-24

Example 2

File Information

Size
301K
SHA-1
9b78867733c52671fb9cc755c130b912bb57f0ae
MD5
a3e959af703135e31a7e6cad783b8f80
CRC-32
03b77425
File type
Windows executable
First seen
2013-04-24

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Byqadi\elpau.aha
    Size
    477
    SHA-1
    1f8f7bf0f3f1ded4d0b2c3fcc495528889b4582d
    MD5
    df35d7b2ccb9aba7cc24478cd5400ff5
    CRC-32
    b08d9e3e
    File type
    Unspecified binary - probably data
    First seen
    2013-04-24
  • c:\Documents and Settings\test user\Application Data\Pypuv\ysova.exe
    Size
    301K
    SHA-1
    3b03c2566296da77242c282b40da64fc452fbd7c
    MD5
    359240efc489f722a41379be6fa0aa5b
    CRC-32
    405c111f
    File type
    Windows executable
    First seen
    2013-04-24
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ysova.exe
    "c:\Documents and Settings\test user\Application Data\Pypuv\ysova.exe"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    WarnonBadCertRecving
    0x00000000
  • HKCU\Software\Microsoft\Byysv
    Biyn
    "6□ □□□m□0□□0□□ □□`□□`□□□□□p□□0>□p□□□5□0□□□0□ □□□□□□□□`□□p□□□H□`□□□□□□□□□w□□□□0:□`T□`□□`□□□□□ □□`Z□□a□0□□`8□0x□@□□ U□`□□P□□PD□□J□□□□ O□□□□□□□□4□□:□□□□□□□□□□□□□ □□□□□pI□@□□□□□
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    1A10
    0x00000000
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1A10
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    a2 08 00 36 d7 40 ce 01
Processes Created
  • c:\Documents and Settings\test user\application data\pypuv\ysova.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://fesida.net/babl/gerlon2.bin
DNS Requests
  • fesida.net

download Essayez les produits Sophos gratuitement
Téléchargez maintenant