Virus:TR/Spy.Soael
Date discovered:16/03/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:22.016 Bytes
MD5 checksum:9f3b8a96312fa228d6f731087132000E
VDF version:6.34.00.56

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan.Win32.Agent.pu
   •  TrendMicro: TROJ_NOTIFIER.O
   •  Bitdefender: Trojan.Agent.PU

It was previously detected as:
   •  BDS/Soael.B


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Steals information

 Registry The following registry keys are added:

– [HKLM\SOFTWARE\Enhancedd]
   • %random character string%%four-digit random character string% = %random character string%%four-digit random character string%

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
   ShellServiceObjectDelayLoad]
   • msp.cpl = {E21B5E20-DE35-11CF-9C87-157900512701}

– [HKCR\CLSID\{E21B5E20-DE35-11CF-9C87-157900512701}]
– [HKCR\CLSID\{E21B5E20-DE35-11CF-9C87-157900512701}\InProcServer32]
   • @ = %executed file%

 Backdoor Contact server:
All of the following:
   • 24.32.90.236
   • 80.5.138.246
   • 80.235.98.19
   • 80.55.84.134
   • 82.144.224.234



Sends information about:
    • Current malware status

 File details Programming language:
 The malware program was written in Delphi.

Description inserted by Andrei Gherman on Monday, March 20, 2006
Description updated by Andrei Gherman on Monday, March 20, 2006

Back . . . .