Examples of Troj/Agent-ALHF include:
Example 1
File Information
- Size
- 92K
- SHA-1
- 1864a6f7b164855cc33f9b925c7c204c8000b3c5
- MD5
- 15a92cdd276474c65fd7fcf07d099d59
- CRC-32
- 5f7c6e57
- File type
- Windows executable
- First seen
- 2015-01-22
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Application Data\Regcpl\cachedocvw.exe
Dropped Files
- C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_26c19984-2a01-45b5-a7b3-a568af60c200
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Msadv
- c:\Documents and Settings\test user\Application Data\Regcpl\cachedocvw.exe
Processes Created
- c:\Documents and Settings\test user\application data\regcpl\cachedocvw.exe
DNS Requests
Example 2
File Information
- Size
- 92K
- SHA-1
- c4d9ea0771fd391f395c86c65a615cf3ee5bc4d8
- MD5
- 450f8b3a445b55fdf93910859913bb7b
- CRC-32
- 142c98d9
- File type
- Windows executable
- First seen
- 2015-01-21
Runtime Analysis
Registry Keys Created
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Msadv
- c:\Documents and Settings\test user\Application Data\Regcpl\cachedocvw.exe
Processes Created
- c:\Documents and Settings\test user\application data\regcpl\cachedocvw.exe
DNS Requests
Example 3
File Information
- Size
- 92K
- SHA-1
- d216b68e29be2c6b4a3b1b55ed92a78bc1705d3d
- MD5
- 24e01c73a092eb97a83ebc14de7a8d76
- CRC-32
- f3d9fdcd
- File type
- Windows executable
- First seen
- 2015-01-20
Runtime Analysis
Processes Created
- c:\Documents and Settings\test user\application data\regcpl\cachedocvw.exe
IP Connections