Troj/Agent-ULS

Category: Viruses and SpywareProtection available since:03 Jan 2012 11:57:32 (GMT)
Type: TrojanLast Updated:03 Jan 2012 11:57:32 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ULS exhibits the following characteristics:

File Information

Size
101K
SHA-1
a76ba1af0368e112e75d75685d0a240116455e1e
MD5
b65bb482a940ab00705271151ee88d85
CRC-32
cca7fd34
File type
application/x-ms-dos-executable
First seen
2012-01-03

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\winlogin.exe
  • C:\WINDOWS\winrun.exe
Dropped Files
  • C:\WINDOWS\system32\drivers\etc\hosts
    Size
    342
    SHA-1
    88a9692aa977c36b9c4d11177131a7e008f9dbba
    MD5
    4310b611dd6c84822e1e1c0fdd86294f
    CRC-32
    d846c4e9
    File type
    text/html
    First seen
    2011-12-28
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF9DD3.tmp
Modified Files
  • %SYSTEM%\drivers\etc\hosts
    • Changed the file contents
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
    load
    C:\WINDOWS\winrun.exe
HTTP Requests
  • http://www.musictopia.es/galeria/content/blogspotinteligente
DNS Requests
  • www.musictopia.es