Troj/Agent-AGRM

Categoria: Virus e spyware Opzioni di protezione ora disponibili:09 apr 2014 16:10:27 (GMT)
Tipo: Trojan Ultimo aggiornamento:09 apr 2014 16:10:27 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Troj/Agent-AGRM exhibits the following characteristics:

File Information

Size
54K
SHA-1
0fa62fdbdeba8f12c039c24b609ef1ab45c92a5a
MD5
453611e3df67f637ed7fbb234433352b
CRC-32
67f75dac
File type
Windows executable
First seen
2014-04-09

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\zoar.ipi
    Size
    477
    SHA-1
    5b1956151b52a878eb4393ce571244d7ca484b18
    MD5
    6f1c10ce2e6dbf53a6b26aeb6351c9ac
    CRC-32
    0c19331c
    File type
    Unspecified binary - probably data
    First seen
    2014-04-09
  • c:\Documents and Settings\test user\Local Settings\Temp\LSRDAC6.bat
    Size
    158
    SHA-1
    cdfe14ef30fc3c37c278b39cfe8cb806fcae5a57
    MD5
    2ecf14d95e6df893fb2d833af9bedd42
    CRC-32
    12cc90b3
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2014-04-09
Registry Keys Created
  • HKCU\Software\Microsoft\Tigyokytxyoq
    1fh1ig1j
    7S□□U□□g□□+□pX□@H□p3□□5□
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Xedi
    "c:\Documents and Settings\test user\Local Settings\Temp\Usvuuk\xedi.exe"
  • HKCU\Identities
    Identity Login
    0x00098053
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\ACPI
    Tag
    0x00000002
  • HKLM\SYSTEM\CurrentControlSet\Services\PCI
    Tag
    0x00000003
  • HKLM\SYSTEM\CurrentControlSet\Services\isapnp
    Tag
    0x00000004
  • HKLM\SYSTEM\CurrentControlSet\Services\ACPIEC
    Tag
    0x00000006
Processes Created
  • c:\Documents and Settings\test user\local settings\temp\usvuuk\xedi.exe
  • c:\docume~1\support\locals~1\temp\mss7.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://217.199.161.78/mishapping/fleeceable
  • http://alpha360.co.uk/mervin/number
  • http://esoftmechanics.com/spengler/beatle
  • http://floormastersandiego.com/impugning/felsitic
  • http://hottubuniverse.ca/bided/discreteness
  • http://www.npbcgas.net/dyslexia/horizonless
IP Connections
  • 101.128.144.39:1372
  • 130.37.198.90:3711
  • 174.89.110.91:1442
  • 190.37.198.162:2096
  • 217.199.161.78:80
  • 27.54.110.77:4673
  • 61.38.200.5:3397
  • 68.197.193.98:2489
  • 85.100.41.9:8835
DNS Requests
  • alpha360.co.uk
  • esoftmechanics.com
  • floormastersandiego.com
  • hottubuniverse.ca
  • www.npbcgas.net

scarica Prova gratuita dei prodotti Sophos
Scarica subito