Troj/Agent-XNE

Category: Viruses and Spyware Protection available since:17 Aug 2012 16:07:02 (GMT)
Type: Trojan Last Updated:28 Aug 2012 06:18:19 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Agent-XNE include:

Example 1

File Information

Size
10K
SHA-1
1d58eda6ede10897b8a089468bb99ebfd545305d
MD5
9ab23eef0e1148d7fe53b8d049f894d1
CRC-32
0065bd71
File type
Windows executable
First seen
2012-08-17

Example 2

File Information

Size
17K
SHA-1
2f695367e5a694681c33f3840c11815230306c03
MD5
4a55bf1448262bf71707eef7fc168f7d
CRC-32
2581fbc6
File type
Windows executable
First seen
2007-06-02

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\108718.dat
Modified Files
  • %SYSTEM%\mspmsnsv.dll
    • Changed the file contents
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSN\Enum
    NextInstance
    0x00000001
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSN
    Start
    0x00000002
Processes Created
  • c:\windows\system32\svchost.exe
DNS Requests
  • hello.icon.pk

Example 3

File Information

Size
17K
SHA-1
86213a676a2cf7466c27bd78ba14000d2089bf76
MD5
e3766d35b53a53a4f35f09cf66b90377
CRC-32
f337fb93
File type
Windows executable
First seen
2012-08-21

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\108765.dat
Modified Files
  • %SYSTEM%\mspmsnsv.dll
    • Changed the file contents
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSN\Enum
    NextInstance
    0x00000001
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSN
    Start
    0x00000002
Processes Created
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://-*lZ\x95\x92\xcdZ>\xb1\x07/\xc2L\x86Tm\x84j\xb2m\xccv\xe6\xac:\xdaz\xbb>\xa2\xd6k/5\x89!\x1c<t)\x96\xcc\xbf3d\xbe\x9f\x90
DNS Requests
  • admin.fcph.org

download Try Sophos products for free
Download now