Troj/Agent-ADBJ

Categoria: Virus e spyware Opzioni di protezione ora disponibili:03 ago 2013 00.11.19 (GMT)
Tipo: Trojan Ultimo aggiornamento:03 mar 2014 15.37.32 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Examples of Troj/Agent-ADBJ include:

Example 1

File Information

Size
158K
SHA-1
001c829193e084e3df9acf29e7c56794416623e2
MD5
2e07ee83af54da33729ece5204457cb4
CRC-32
0a54d036
File type
Windows executable
First seen
2013-10-16

Runtime Analysis

Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\SMSvcHost 3.0.0.0\Performance
    Object List
    4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258 4258
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion
    TrustMode
    =□□□/□□□□@t□ ,□□□□□□□□q□@3□□?□@□□@.□ q□□□□ (□0□□□ □□□□
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion
    TrustMode
    =□□□/□□□□@t□ ,□□□□□□□□q□@3□□?□@□□@.□ q□□□□ (□0□□□ □□□□
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    History
    C:\WINDOWS\system32\config\systemprofile\Local Settings\History
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
    SavedLegacySettings
    3c 00 00 00 03 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Cache4
Processes Created
  • c:\windows\system32\cmd.exe
IP Connections
  • 178.63.26.173:53
  • 4.2.2.1:53
  • 70.84.160.11:53
  • 8.8.8.8:53
  • 85.95.236.173:80
  • 94.102.51.233:80
DNS Requests
  • aol.com
  • gmail.com
  • hotmail.com
  • mail.com
  • yahoo.com

Example 2

File Information

Size
87K
SHA-1
0084b96c40b2eef4613a335e406397b13856f17a
MD5
bc1f4f4f462b03ce8ba157877b10c1e6
CRC-32
878adfc8
File type
Windows executable
First seen
2013-12-09

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\explorer.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Start WingMan Profiler
    C:\Documents and Settings\All Users\explorer.exe

Example 3

File Information

Size
294K
SHA-1
008a2f3bf6fcd5674c654a689abcc1b16d56b6de
MD5
21daed8b217320c8d5ac3e00e11f1c2c
CRC-32
9e5b0639
File type
Windows executable
First seen
2007-08-21

scarica Prova gratuita dei prodotti Sophos
Scarica subito