Troj/Agent-ACWD

Categoria: Virus e spyware Opzioni di protezione ora disponibili:24 lug 2013 11:42:17 (GMT)
Tipo: Trojan Ultimo aggiornamento:24 lug 2013 11:42:17 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Troj/Agent-ACWD exhibits the following characteristics:

File Information

Size
174K
SHA-1
ce578d2163c518405d889280448b6cdcaf6336f4
MD5
19463acf44152c69b25bed7faa010012
CRC-32
387aa3ed
File type
Windows executable
First seen
2013-07-24

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\test_item.exe
Dropped Files
  • C:\bin\automate-screencap.pl_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\cmdmm.ide_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\hipsrules-9-7-7b.bdl_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\compile_check.pl_ADS_AlternateDataStream_Found_zone.identifier
  • C:\rm_disk.tc_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\ar1takebase.bat_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\configure.bat_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\hipsrules-9-7-7.bdl_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\cmd.exe.lnk_ADS_AlternateDataStream_Found_zone.identifier
  • C:\autoexec.bat_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\amc1.txt_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\info.txt_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\changelog.txt_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\postrun.vbs_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\configure_machine_xml.pl_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\dnet_trace.wds_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\replace_sav_hips_bdl_with_custom_bdl.pl_ADS_AlternateDataStream_Found_zone.identifier
  • C:\bin\rm_disk_mount.bat_ADS_AlternateDataStream_Found_zone.identifier
  • C:\files.bat_ADS_AlternateDataStream_Found_zone.identifier
  • C:\config.sys_ADS_AlternateDataStream_Found_zone.identifier
  • C:\kmdhips.txt_ADS_AlternateDataStream_Found_zone.identifier
  • C:\md5_of_c_drive.txt_ADS_AlternateDataStream_Found_zone.identifier
  • C:\files.txt_ADS_AlternateDataStream_Found_zone.identifier
Modified Files
  • C:\files.bat
  • C:\bin\rm_disk_mount.bat
  • C:\bin\SLext32.dll
  • C:\rm_disk.tc
  • C:\md5_of_C_drive.txt
  • C:\bin\dnet_trace.wds
  • C:\AUTOEXEC.BAT
  • C:\bin\HIPSRules-9-7-7b.bdl
  • C:\bin\SLext32-dotnet-trace.bat
  • C:\bin\ar1takeBase.bat
  • C:\bin\cmdmm.ide
  • C:\bin\changelog.txt
  • C:\CONFIG.SYS
  • C:\bin\configure_machine_xml.pl
  • C:\files.txt
  • C:\bin\SLext32-sample.ini
  • C:\bin\configure.bat
  • C:\bin\cmd.exe.lnk
  • C:\bin\info.txt
  • C:\bin\compile_check.pl
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    explorer, c:\Documents and Settings\test user\Application Data\test_item.exe
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\wscript.exe
DNS Requests
  • willgeorge86.no-ip.org

scarica Prova gratuita dei prodotti Sophos
Scarica subito