Troj/Agent-RDY exhibits the following characteristics:
File Information
- Size
- 201K
- SHA-1
- 4faa2fc090d088f3ca862286981a25f3cc8269cb
- MD5
- 97b624253c97d07670b2ab349480e3ba
- CRC-32
- 0d0f7ed2
- File type
- application/x-ms-dos-executable
- First seen
- 2011-02-21
Other vendor detection
- Avira
- TR/Dropper.Gen
- Kaspersky
- Backdoor.Win32.VB.lti
Runtime Analysis
Copies Itself To
- c:\Documents and Settings\test user\Local Settings\Temp\dmiy.exe
Dropped Files
- C:\WINDOWS\system32\drivers\etc\hosts
- C:\WINDOWS\system32\vs6vo.log
- c:\Documents and Settings\test user\Local Settings\Temp\~DFD359.tmp
Modified Files
- %SYSTEM%\drivers\etc\hosts
Registry Keys Created
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
- iktc
- C:\DOCUME~1\support\LOCALS~1\Temp\dmiy.exe
Registry Keys Modified
- HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
- Start
- 0x00000004
Processes Created
- c:\docume~1\support\locals~1\temp\dmiy.exe
- c:\windows\system32\cmd.exe
- c:\windows\system32\net.exe
- c:\windows\system32\net1.exe
- c:\windows\system32\sc.exe
DNS Requests