Troj/Agent-XAT

Category: Viruses and SpywareProtection available since:17 Jul 2012 20:06:55 (GMT)
Type: TrojanLast Updated:17 Jul 2012 20:06:55 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-XAT include:

Example 1

File Information

Size
131K
SHA-1
89821bdf117e9b11da7a188f663f27463b10d73f
MD5
7a8a3a70bf970e5ef435f1946fd267b7
CRC-32
183d1959
File type
Windows executable
First seen
2012-07-17

Other vendor detection

Kaspersky
Trojan-Spy.Win32.Agent.caul

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\IconConfigEt.DAT
    Size
    70
    SHA-1
    e16e9233005e09b31b44c5f6788e6da882e17d34
    MD5
    802e5243da375af9e0b0b1f4d0a7efda
    CRC-32
    d904314a
    File type
    Unspecified binary - probably data
    First seen
    2012-07-17
  • c:\Documents and Settings\test user\Local Settings\Temp\IconCacheEt.dll
    Size
    62K
    SHA-1
    c91e882752e4d7d2fa2150a6938863abc55007ad
    MD5
    a5d0578c67e5180e21d6fd5ab6acb130
    CRC-32
    950b1001
    File type
    Windows executable
    First seen
    2012-05-10
  • c:\Documents and Settings\test user\Local Settings\Temp\iexplore.exe
    Size
    3.5K
    SHA-1
    023230ccf37958c45ac9472ae000808e2f3c2ffd
    MD5
    989b7c72c2d21083d543e341f7825a47
    CRC-32
    988902ee
    File type
    Windows executable
    First seen
    2012-06-18
  • c:\Documents and Settings\test user\Local Settings\Temp\win32_lnk.exe
    Size
    84K
    SHA-1
    b440eb23e09824cd2e1afb742f0aa70d08a6376a
    MD5
    23c235b989d649a01198871099047faf
    CRC-32
    37417ea4
    File type
    Windows executable
    First seen
    2012-06-17
  • c:\Documents and Settings\test user\Local Settings\Temp\IconCacheEt.DAT
    Size
    62K
    SHA-1
    c91e882752e4d7d2fa2150a6938863abc55007ad
    MD5
    a5d0578c67e5180e21d6fd5ab6acb130
    CRC-32
    950b1001
    File type
    Windows executable
    First seen
    2012-05-10
  • c:\Documents and Settings\test user\Local Settings\Temp\temp.exe
    Size
    4.0K
    SHA-1
    8a2124b96430b25ab4872f9d0e611dcd85547716
    MD5
    325a56c91d0685e3466ae7dbdfab263b
    CRC-32
    5e32e817
    File type
    Windows executable
    First seen
    2012-06-18
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\iexplore.lnk
    Size
    778
    SHA-1
    ad5dd4fe9d778750fdd475a3b852f38a34bbef53
    MD5
    85ca21e2d321acd9f9c0b3785817f4b4
    CRC-32
    28382e4e
    File type
    Windows Shortcut file (.LNK)
    First seen
    2012-07-17
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\DbxUpdateET
    Mark
    IE_0day
  • HKCU\Software\WinRAR SFX
    C%%DOCUME~1%support%LOCALS~1%Temp
    C:\DOCUME~1\support\LOCALS~1\Temp
Processes Created
  • c:\docume~1\support\locals~1\temp\temp.exe
  • c:\docume~1\support\locals~1\temp\win32_lnk.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\cscript.exe
  • c:\windows\system32\wscript.exe
IP Connections
  • 218.28.72.138:10000

Example 2

File Information

Size
62K
SHA-1
c91e882752e4d7d2fa2150a6938863abc55007ad
MD5
a5d0578c67e5180e21d6fd5ab6acb130
CRC-32
950b1001
File type
Windows executable
First seen
2012-05-10

Other vendor detection

Kaspersky
Trojan-Spy.Win32.Agent.caul

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\DbxUpdateET
    Mark
    NULL