Troj/Agent-RVA exhibits the following characteristics:
File Information
- Size
- 133K
- SHA-1
- f30282b4c723ade45f85539b594469fb1c0cb76b
- MD5
- 052f56932664584991164d9c173d3a76
- CRC-32
- 489dc631
- File type
- application/x-ms-dos-executable
- First seen
- 2011-06-08
Runtime Analysis
Dropped Files
- c:\Documents and Settings\test user\Application Data\Yrbol\igewi.exe
- Size
- 133K
- SHA-1
- 704c7be8e2ddb473ff92ddcbe85de418f1c7c4f4
- MD5
- 0db36ba9a8866f109c16eb2192c30c96
- CRC-32
- 4ef3beb2
- File type
- application/x-ms-dos-executable
- First seen
- 2011-06-08
Registry Keys Created
- HKCU\Software\Microsoft\Unyren
- Cehauddae
- 79 36 c9 c3 da a9 0b 76 01 19 4c ee 1f 3e 56 9e 2c 88 ee a7 48 3c 75 76 a7 c8 91 b3 88 32 73 f2 8a ad 83 b4 14 42 9c ff 82 1e 59 fb 78 2d 0e 0d e9 a4 84 1e 44 27 48 ca 92 69 b4 47 01 ee cf 03 d2 05 de 98 fb 0a 05 eb 55 1b f8 a1 ac de 6a c1 a3 53 fe c2 b2 cf 56 14 bc cb 50 1d 77 d2 bf b6 1f b0 d4 2d c0 ea 53 b8 cd 17 64 59 c9 82 54 14 20 c9 38 c8
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- {FC4ABCDB-727D-9202-74E6-984FBFCA238A}
- "c:\Documents and Settings\test user\Application Data\Yrbol\igewi.exe"
- HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
- Name
- igewi.exe
Registry Keys Modified
- HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
- ID
- 0x413eee01
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- 1406
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- 1609
- 0x00000000
- HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- 1406
- 0x00000000
Processes Created
- c:\documents and settings\support\application data\yrbol\igewi.exe
- c:\windows\system32\cmd.exe
HTTP Requests
- http://workengines.co.cc/ext/profi.bin
- http://www.google.com/webhp
DNS Requests
- workengines.co.cc
- www.google.com