Troj/Agent-UYB

Category: Viruses and Spyware Protection available since:27 Feb 2012 06:41:29 (GMT)
Type: Trojan Last Updated:27 Feb 2012 06:41:29 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-UYB include:

Example 1

File Information

Size
88K
SHA-1
007ac873b7ee6bf67c864934c74c8ad085e56fe0
MD5
d3450eeeddbbc2b155a99cafba7575f9
CRC-32
e8e1258c
File type
application/x-ms-dos-executable
First seen
2012-02-14

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic
Trend
TROJ_ADIZ.C

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\inetserv.exe
    Size
    88K
    SHA-1
    3997eed3dbefa35c336cfe1810e97249ea2201eb
    MD5
    4a98c1885bb0ecbf76fa5b7a9d4447de
    CRC-32
    340a29a2
    File type
    application/x-ms-dos-executable
    First seen
    2012-02-24
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    inetserv
    C:\WINDOWS\system32\inetserv.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\inetserv.exe,
HTTP Requests
  • http://mjawmjiwmtia.com/peer
  • http://mjawmjiwmtia.org/peer
  • http://mjewmjiwmtia.com/peer
  • http://mjewmjiwmtia.org/peer
  • http://mjiwmjiwmtia.com/peer
  • http://mjiwmjiwmtia.org/peer
  • http://mjmwmjiwmtia.com/peer
  • http://mjmwmjiwmtia.org/peer
  • http://mjqwmjiwmtia.com/peer
  • http://mjqwmjiwmtia.org/peer
  • http://mtcwmjiwmtia.com/peer
  • http://mtcwmjiwmtia.org/peer
  • http://mtgwmjiwmtia.com/peer
  • http://mtgwmjiwmtia.org/peer
  • http://mtkwmjiwmtia.com/peer
  • http://mtkwmjiwmtia.org/peer
  • http://mtuwmjiwmtia.com/peer
  • http://mtywmjiwmtia.com/peer
  • http://mtywmjiwmtia.org/peer
DNS Requests
  • mjawmjiwmtia.com
  • mjawmjiwmtia.org
  • mjewmjiwmtia.com
  • mjewmjiwmtia.org
  • mjiwmjiwmtia.com
  • mjiwmjiwmtia.org
  • mjmwmjiwmtia.com
  • mjmwmjiwmtia.org
  • mjqwmjiwmtia.com
  • mjqwmjiwmtia.org
  • mtcwmjiwmtia.com
  • mtcwmjiwmtia.org
  • mtgwmjiwmtia.com
  • mtgwmjiwmtia.org
  • mtkwmjiwmtia.com
  • mtkwmjiwmtia.org
  • mtuwmjiwmtia.com
  • mtywmjiwmtia.com
  • mtywmjiwmtia.org

Example 2

File Information

File type
application/x-ms-dos-executable

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic
Trend
TROJ_ADIZ.C

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\inetserv.exe
    Size
    88K
    SHA-1
    c24e3df948be8d73bbce8dacf44678e2a0339c9c
    MD5
    deedad9940f11cdabf611b23e2f2a2a6
    CRC-32
    9c67e2d4
    File type
    application/x-ms-dos-executable
    First seen
    2012-02-24
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    inetserv
    C:\WINDOWS\system32\inetserv.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\inetserv.exe,
HTTP Requests
  • http://mjewmjiwmtia.com/peer
  • http://mjiwmjiwmtia.com/peer
  • http://mjmwmjiwmtia.com/peer
  • http://mjqwmjiwmtia.com/peer
DNS Requests
  • mjewmjiwmtia.com
  • mjiwmjiwmtia.com
  • mjmwmjiwmtia.com
  • mjqwmjiwmtia.com

Example 3

File Information

Size
88K
SHA-1
0272df09081ad979940af8a10cc4fda7f86d4cd6
MD5
6f8495f6118f6a75c4f693be5ed780e2
CRC-32
caf6b62c
File type
application/x-ms-dos-executable
First seen
2012-02-05

Other vendor detection

Kaspersky
HEUR:Trojan.Win32.Generic
Trend
TROJ_ADIZ.C

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system32\inetserv.exe
    Size
    88K
    SHA-1
    d9ddb99e19ca3151b9af91f80fa8910fb1233752
    MD5
    fbf377c6ab6e30103a150ec9c8dde637
    CRC-32
    565f7597
    File type
    application/x-ms-dos-executable
    First seen
    2012-02-24
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    inetserv
    C:\WINDOWS\system32\inetserv.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit
    C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\inetserv.exe,
HTTP Requests
  • http://mjawmjiwmtia.com/peer
  • http://mjawmjiwmtia.org/peer
  • http://mjewmjiwmtia.com/peer
  • http://mjewmjiwmtia.org/peer
  • http://mjiwmjiwmtia.com/peer
  • http://mjiwmjiwmtia.org/peer
  • http://mjmwmjiwmtia.com/peer
  • http://mjmwmjiwmtia.org/peer
  • http://mjqwmjiwmtia.com/peer
  • http://mjqwmjiwmtia.org/peer
  • http://mtcwmjiwmtia.com/peer
  • http://mtcwmjiwmtia.org/peer
  • http://mtgwmjiwmtia.com/peer
  • http://mtgwmjiwmtia.org/peer
  • http://mtkwmjiwmtia.com/peer
  • http://mtkwmjiwmtia.org/peer
  • http://mtuwmjiwmtia.com/peer
  • http://mtywmjiwmtia.com/peer
DNS Requests
  • mjawmjiwmtia.com
  • mjawmjiwmtia.org
  • mjewmjiwmtia.com
  • mjewmjiwmtia.org
  • mjiwmjiwmtia.com
  • mjiwmjiwmtia.org
  • mjmwmjiwmtia.com
  • mjmwmjiwmtia.org
  • mjqwmjiwmtia.com
  • mjqwmjiwmtia.org
  • mtcwmjiwmtia.com
  • mtcwmjiwmtia.org
  • mtgwmjiwmtia.com
  • mtgwmjiwmtia.org
  • mtkwmjiwmtia.com
  • mtkwmjiwmtia.org
  • mtuwmjiwmtia.com
  • mtywmjiwmtia.com