Troj/Agent-ABKQ

Catégorie: Virus et spywares Protection disponible depuis:20 mai 2013 12:53:10 (GMT)
Type: Trojan Dernière mise à jour :24 janv. 2014 16:01:26 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Troj/Agent-ABKQ exhibits the following characteristics:

File Information

Size
1.8M
SHA-1
6a7c182fac6ed913e54925c4f674ef50a980935b
MD5
163fbdf7c69708dc5368ddb22ee84cd7
CRC-32
60ce6bb0
File type
Windows executable
First seen
2013-05-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\videxp.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
    DisableMonitoring
    0x00000001
  • HKCU\Software\Microsoft\Office\11.0\Outlook\Security
    Level1Remove
    .bat;.com;.exe;.js;.jse;.reg;.vbe;.vbs
  • HKCU\Software\Microsoft\Office\12.0\Word\Security
    Level
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
    DisableMonitoring
    0x00000001
  • HKCU\Software\Microsoft\Office\12.0\Access\Security
    Level
    0x00000001
  • HKCU\Software\Microsoft\Office\10.0\PowerPoint\Security
    Level
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
    DisableMonitoring
    0x00000001
  • HKCU\Software\Microsoft\Office\10.0\Access\Security
    Level
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
    DisableMonitoring
    0x00000001
  • HKCU\Software\Microsoft\Office\10.0\Excel\Security
    Level
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center
    DisableMonitoring
    0x00000001
  • HKCU\Software\Microsoft\Office\10.0\Outlook\Security
    Level1Remove
    .bat;.com;.exe;.js;.jse;.reg;.vbe;.vbs
  • HKCU\Software\Microsoft\Office\11.0\PowerPoint\Security
    Level
    0x00000001
  • HKCU\Software\Microsoft\Office\11.0\Access\Security
    Level
    0x00000001
  • HKCU\Software\Microsoft\Office\12.0\Outlook\Security
    Level1Remove
    .bat;.com;.exe;.js;.jse;.reg;.vbe;.vbs
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
    DisableMonitoring
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\ose
    Start
    0x00000002
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    EnableLUA
    0x00000000
  • HKCU\Software\Microsoft\Office\11.0\Excel\Security
    Level
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
    DisableMonitoring
    0x00000001
  • HKCU\Software\Microsoft\Office\12.0\PowerPoint\Security
    Level
    0x00000001
  • HKCU\Software\Microsoft\Office\10.0\Word\Security
    Level
    0x00000001
  • HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring
    DisableMonitoring
    0x00000001
  • HKCU\Software\Microsoft\Office\12.0\Excel\Security
    Level
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
    DisableMonitoring
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
    DisableMonitoring
    0x00000001
  • HKCU\Software\Microsoft\Office\11.0\Word\Security
    Level
    0x00000001
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
    ServiceDll
    %SystemRoot%\System32\w32time.dll
  • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
    SpecialPollTimeRemaining
    74 69 6d 65 2e 77 69 6e 64 6f 77 73 2e 63 6f 6d 2c 37 62 34 33 62 31 36 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
    DllName
    %SystemRoot%\System32\w32time.dll
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\HTTPFilter
    Start
    0x00000002
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    Start
    0x00000002
  • HKLM\SYSTEM\CurrentControlSet\Services\W32Time
    Start
    0x00000002
  • HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
    Start
    0x00000002
  • HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
    MaxClockRate
    0x0001882a
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
  • HKLM\SOFTWARE\Microsoft\Security Center
    FirewallDisableNotify
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc
    Start
    0x00000002
  • HKLM\SYSTEM\CurrentControlSet\Services\WebClient
    Start
    0x00000002
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\videxp.exe
  • c:\windows\regedit.exe
  • c:\windows\system32\cacls.exe

download Essayez les produits Sophos gratuitement
Téléchargez maintenant