Mal/Agent-AGI

Category: Viruses and SpywareProtection available since:14 Feb 2012 22:55:30 (GMT)
Type: Malicious behaviorLast Updated:14 Feb 2012 22:55:30 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Agent-AGI include:

Example 1

File Information

Size
58K
SHA-1
2a3ad17c753cda9caa011797c8fb7e155dce13d2
MD5
744bba85309091d73236100db7d5b0f8
CRC-32
4beaec2c
File type
application/x-ms-dos-executable
First seen
2011-08-10

Other vendor detection

Kaspersky
Trojan.Win32.Swisyn.cbha

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Microsoft\2.tmp
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\wuauclt\wuauclt.exe
  • c:\Documents and Settings\test user\Application Data\Microsoft\wuauclt\wuauclt.dat
    Size
    13K
    SHA-1
    5dcc2cadb5a9d3562669e1965e62d3f94d8fe5e4
    MD5
    625e270fd14d8d97a2db119f16320971
    CRC-32
    2d81c63c
    File type
    application/octet-stream
    First seen
    2012-02-14
  • c:\Documents and Settings\test user\Application Data\Microsoft\wuauclt\clbcatq.dll
    Size
    7.5K
    SHA-1
    56493f749b512843b996b2e595c8c2d087ef1d3f
    MD5
    4b5dd7e98d14415394fb8f6118a850e9
    CRC-32
    9c6b6d10
    File type
    application/x-ms-dos-executable
    First seen
    2012-02-14
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    wuauclt
    c:\Documents and Settings\test user\Application Data\Microsoft\wuauclt\wuauclt.exe
Processes Created
  • c:\Documents and Settings\test user\application data\microsoft\wuauclt\wuauclt.exe
DNS Requests
  • corl.adoboa.com

Example 2

File Information

Size
22K
SHA-1
7bf110bb440e00481824a71d8f9f4f30c4e26f3e
MD5
1e1dbb423e6aa75567cd399de6cc36f5
CRC-32
77af18b4
File type
application/x-ms-dos-executable
First seen
2012-02-14

Runtime Analysis

Processes Created
  • c:\Documents and Settings\test user\application data\microsoft\wuauclt\wuauclt.exe
HTTP Requests
  • http://140.116.86.167/1.jpg
IP Connections
  • 140.116.86.167:80

Example 3

File Information

Size
62K
SHA-1
fbcd671691aee858f7f23cbe8d2bcc2649f1a0a3
MD5
67ee99bcd10bf0d80f0bde07a6fcaddf
CRC-32
74247cc5
File type
application/x-ms-dos-executable
First seen
2011-09-29

Other vendor detection

Kaspersky
Trojan.Win32.Swisyn.bwog

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Application Data\Microsoft\2.tmp
Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\wuauclt\wuauclt.exe
  • c:\Documents and Settings\test user\Application Data\Microsoft\wuauclt\clbcatq.dll
    Size
    7.5K
    SHA-1
    dac4da22e479d8a221e5ecf7120229637fd7aea1
    MD5
    14baa706c2f0fc65164e9fcfdeb603dc
    CRC-32
    5555fad4
    File type
    application/x-ms-dos-executable
    First seen
    2011-09-29
  • c:\Documents and Settings\test user\Application Data\Microsoft\wuauclt\wuauclt.dat
    Size
    14K
    SHA-1
    f7410407a8f67e31a59960a2b2e9bd1b29ec5841
    MD5
    caf811075782ce0910b28d9be9fd6c66
    CRC-32
    78345cf2
    File type
    application/octet-stream
    First seen
    2011-09-29
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    wuauclt
    c:\Documents and Settings\test user\Application Data\Microsoft\wuauclt\wuauclt.exe
Processes Created
  • c:\Documents and Settings\test user\application data\microsoft\wuauclt\wuauclt.exe
HTTP Requests
  • http://groups.google.com/group/newletters/topics
DNS Requests
  • groups.google.com