Troj/Agent-REO

Category: Viruses and SpywareProtection available since:15 Apr 2011 18:45:38 (GMT)
Type: TrojanLast Updated:25 May 2011 00:56:37 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-REO include:

Example 1

File Information

Size
46K
SHA-1
41115037f1b4d6a18138e9915978d68e4c985082
MD5
69ab39dcf975e2ae95846693bc72ff63
CRC-32
677e205e
File type
application/x-ms-dos-executable
First seen
2011-04-12

Other vendor detection

Avira
TR/Dropper.Gen
Kaspersky
Backdoor.Win32.VB.nmc
Trend
PAK_Generic.001

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\g9wsxg.exe
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    d5jx
    C:\DOCUME~1\support\LOCALS~1\Temp\g9wsxg.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
Processes Created
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
  • c:\windows\system32\sc.exe

Example 2

File Information

Size
149K
SHA-1
cd8188b1e8d241c2f24271e152a4d35cfb3d7105
MD5
12791c74b10c8b4ce256b4a56f31056c
CRC-32
e0e21b58
File type
application/x-ms-dos-executable
First seen
2011-04-15

Example 3

File Information

Size
63
SHA-1
232c2bca0be7513cb8aee5c51b57701bf5ff7ad3
MD5
adda584d35c7fefc316ad40477ebd3ab
CRC-32
c99fbf88
File type
application/octet-stream
First seen
2011-04-15