Troj/Agent-UDF

Category: Viruses and SpywareProtection available since:23 Nov 2011 22:51:42 (GMT)
Type: TrojanLast Updated:23 Nov 2011 22:51:42 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-UDF include:

Example 1

File Information

Size
542K
SHA-1
54dd9440eab44899139840839b19706196b2a34d
MD5
170f0589b16a54488a46d6c1b74a0eff
CRC-32
89712e50
File type
application/x-ms-dos-executable
First seen
2011-11-22

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\System\Services\msconfig.exe
  • c:\Documents and Settings\test user\Application Data\bot.exe
  • c:\Documents and Settings\test user\Application Data\Keylog
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
    Google Update
    c:\Documents and Settings\test user\Application Data\bot.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\Documents and Settings\test user\Application Data\bot.exe
    c:\Documents and Settings\test user\Application Data\bot.exe:*:Enabled:Windows Messanger
  • HKCU\Software\Microsoft\Active Setup\Installed Components\{A843B8CA-A6EF-EC10-CB1F-BE17EFE43D99}
    StubPath
    c:\Documents and Settings\test user\Application Data\bot.exe
  • HKCU\Software\VB and VBA Program Settings\SrvID\ID
    BHDM0O3VNC
    ScripT
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A843B8CA-A6EF-EC10-CB1F-BE17EFE43D99}
    StubPath
    c:\Documents and Settings\test user\Application Data\bot.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Google Update
    c:\Documents and Settings\test user\Application Data\bot.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msconfig
    c:\Documents and Settings\test user\Application Data\Microsoft\System\Services\msconfig.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • 1scriptblackshades.no-ip.org
  • 2scriptblackshades.no-ip.org
  • scriptblackshades.no-ip.org

Example 2

File Information

Size
542K
SHA-1
ca922cf72b6573ee3983f2957fe3bacb562eaaa6
MD5
c0b14b12fd0b82b8cabae46637eb5536
CRC-32
85e1ac76
File type
application/x-ms-dos-executable
First seen
2011-11-22

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Microsoft\System\Services\msconfig.exe
  • c:\Documents and Settings\test user\Application Data\bot.exe
  • c:\Documents and Settings\test user\Application Data\Keylog
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msconfig
    c:\Documents and Settings\test user\Application Data\Microsoft\System\Services\msconfig.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Google Update
    c:\Documents and Settings\test user\Application Data\bot.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
    Google Update
    c:\Documents and Settings\test user\Application Data\bot.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    c:\test_item.exe
    c:\test_item.exe:*:Enabled:Windows Messanger
  • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A843B8CA-A6EF-EC10-CB1F-BE17EFE43D99}
    StubPath
    c:\Documents and Settings\test user\Application Data\bot.exe
  • HKCU\Software\Microsoft\Active Setup\Installed Components\{A843B8CA-A6EF-EC10-CB1F-BE17EFE43D99}
    StubPath
    c:\Documents and Settings\test user\Application Data\bot.exe
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    DoNotAllowExceptions
    0x00000000
  • HKCU\Software\VB and VBA Program Settings\SrvID\ID
    BHDM0O3VNC
    ScripT
Processes Created
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe
DNS Requests
  • 1scriptblackshades.no-ip.org
  • 2scriptblackshades.no-ip.org
  • scriptblackshades.no-ip.org