Troj/Agent-RVA

Category: Viruses and Spyware Protection available since:08 Jun 2011 05:56:24 (GMT)
Type: Trojan Last Updated:08 Jun 2011 05:56:24 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-RVA exhibits the following characteristics:

File Information

Size
133K
SHA-1
f30282b4c723ade45f85539b594469fb1c0cb76b
MD5
052f56932664584991164d9c173d3a76
CRC-32
489dc631
File type
application/x-ms-dos-executable
First seen
2011-06-08

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Yrbol\igewi.exe
    Size
    133K
    SHA-1
    704c7be8e2ddb473ff92ddcbe85de418f1c7c4f4
    MD5
    0db36ba9a8866f109c16eb2192c30c96
    CRC-32
    4ef3beb2
    File type
    application/x-ms-dos-executable
    First seen
    2011-06-08
Registry Keys Created
  • HKCU\Software\Microsoft\Unyren
    Cehauddae
    79 36 c9 c3 da a9 0b 76 01 19 4c ee 1f 3e 56 9e 2c 88 ee a7 48 3c 75 76 a7 c8 91 b3 88 32 73 f2 8a ad 83 b4 14 42 9c ff 82 1e 59 fb 78 2d 0e 0d e9 a4 84 1e 44 27 48 ca 92 69 b4 47 01 ee cf 03 d2 05 de 98 fb 0a 05 eb 55 1b f8 a1 ac de 6a c1 a3 53 fe c2 b2 cf 56 14 bc cb 50 1d 77 d2 bf b6 1f b0 d4 2d c0 ea 53 b8 cd 17 64 59 c9 82 54 14 20 c9 38 c8
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    {FC4ABCDB-727D-9202-74E6-984FBFCA238A}
    "c:\Documents and Settings\test user\Application Data\Yrbol\igewi.exe"
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    Name
    igewi.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    ID
    0x413eee01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1406
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1406
    0x00000000
Processes Created
  • c:\documents and settings\support\application data\yrbol\igewi.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://workengines.co.cc/ext/profi.bin
  • http://www.google.com/webhp
DNS Requests
  • workengines.co.cc
  • www.google.com