Virus:TR/Click.Agent.HZ.13
Date discovered:12/10/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:62.464 Bytes
MD5 checksum:6921b103fe0C515e1b8853e3afb5fab4
VDF version:6.36.00.95
IVDF version:6.36.00.111 - Monday, October 16, 2006

 General Aliases:
   •  Kaspersky: Trojan-Clicker.Win32.Agent.hz
   •  Sophos: Troj/Agent-DMT
   •  Bitdefender: Trojan.Clicker.Agent.HZ


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP


Side effects:
   • Drops a malicious file

 Files The following files are created:

%malware execution directory%\%random character string%.dll Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Click.Agent.HZ.16

%malware execution directory%\del.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.

 File details Programming language:
 The malware program was written in MS Visual C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Bogdan Iliuta on Monday, December 4, 2006
Description updated by Bogdan Iliuta on Monday, December 4, 2006

Back . . . .