Troj/Agent-AKCM

Category: Viruses and SpywareProtection available since:17 Nov 2014 17:19:52 (GMT)
Type: TrojanLast Updated:17 Nov 2014 17:19:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-AKCM exhibits the following characteristics:

File Information

Size
348K
SHA-1
de7ced27456a1e4581d6a4bf126f56061b7f9859
MD5
5fab6fbdff1a72cd5eafdd27b5ee11a9
CRC-32
068eb6e2
File type
Windows executable
First seen
2014-11-14

Other vendor detection

Avira
TR/Crypt.Xpack.101967

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\test_item.exe
Dropped Files
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\bytor.bmp
  • c:\Documents and Settings\test user\Templates\winword2.doc.id-3229097795_decode@india.com
  • C:\INSTALLERS\goat_bin_save_hips_kmd-test1bin.zip.id-3229097795_decode@india.com
  • C:\bin\misc\bin_pe_files.zip.id-3229097795_decode@india.com
  • C:\INSTALLERS\SLext32.zip.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\GOAT2.XLS.id-3229097795_decode@india.com
  • C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\Dc1.old.id-3229097795_decode@india.com
  • C:\INSTALLERS\Win32-GuiTest-1.59-made.zip.id-3229097795_decode@india.com
  • C:\gnu\info.zip.id-3229097795_decode@india.com
  • C:\INSTALLERS\mm-libs-jh.zip.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\Templates\powerpnt.ppt.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\Templates\excel4.xls.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\Application Data\bytor.bmp
  • c:\Documents and Settings\test user\My Documents\GOAT3.XLS.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\sample1.doc.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\GOAT6.XLS.id-3229097795_decode@india.com
  • C:\TrueCrypt\TrueCrypt User Guide.pdf.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\GOAT5.XLS.id-3229097795_decode@india.com
  • C:\INSTALLERS\Perlfresh.zip.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\GOAT8.XLS.id-3229097795_decode@india.com
  • C:\INSTALLERS\PerlOLD.zip.id-3229097795_decode@india.com
  • C:\Perl\site\lib\Win32\GUI\demos\DIBitmap\Zapotec.jpg.id-3229097795_decode@india.com
  • C:\INSTALLERS\ole_MM.zip.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\SAMPLE1.XLS.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\GOAT9.XLS.id-3229097795_decode@india.com
  • C:\INSTALLERS\Contig.zip.id-3229097795_decode@india.com
  • C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\sample1.ppt.id-3229097795_decode@india.com
  • C:\Perl\site\lib\Win32\GUI\demos\AxWindow\Movie.avi.id-3229097795_decode@india.com
  • C:\gnu\contrib.zip.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\Templates\excel.xls.id-3229097795_decode@india.com
  • C:\INSTALLERS\Win32-Screenshot-1.20-made.zip.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\GOAT7.XLS.id-3229097795_decode@india.com
  • C:\INSTALLERS\SysinternalsSuite.zip.id-3229097795_decode@india.com
  • C:\INSTALLERS\SLext32-2.zip.id-3229097795_decode@india.com
  • C:\Documents and Settings\Default User\Templates\powerpnt.ppt.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\Local Settings\Temp\diversion.b
  • C:\INSTALLERS\Win32-GuiTest-1.59.zip.id-3229097795_decode@india.com
  • C:\Documents and Settings\Default User\Templates\winword.doc.id-3229097795_decode@india.com
  • C:\gnu\manifest.zip.id-3229097795_decode@india.com
  • C:\gnu\man.zip.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\Templates\winword.doc.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\GOAT4.XLS.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\My Documents\GOAT1.XLS.id-3229097795_decode@india.com
  • C:\Documents and Settings\Default User\Templates\winword2.doc.id-3229097795_decode@india.com
  • C:\gnu\doc.zip.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\Application Data\Microsoft\Internet Explorer\brndlog.bak.id-3229097795_decode@india.com
  • c:\Documents and Settings\test user\Application Data\Microsoft\Address Book\support.wab.id-3229097795_decode@india.com
  • C:\INSTALLERS\configuresav-oa-off-on.zip.id-3229097795_decode@india.com
  • C:\gnu\include.zip.id-3229097795_decode@india.com
  • C:\INSTALLERS\2010-06-10-c_bin-trimmed.zip.id-3229097795_decode@india.com
  • C:\Documents and Settings\Default User\Templates\excel4.xls.id-3229097795_decode@india.com
  • C:\bin\OLD\drivers.zip.id-3229097795_decode@india.com
  • C:\INSTALLERS\bin-goatxp-2010-06-07-tidy2.zip.id-3229097795_decode@india.com
  • C:\Documents and Settings\Default User\Templates\excel.xls.id-3229097795_decode@india.com
  • C:\bin\OLD\configuresav.zip.id-3229097795_decode@india.com
Registry Keys Modified
  • HKCU\Control Panel\Desktop
    Wallpaper
    c:\Documents and Settings\test user\Application Data\bytor.bmp
Processes Created
  • c:\windows\system32\cmd.exe
DNS Requests
  • www.fuck-isil.com