Virus:TR/Click.Agent.JH.4
Date discovered:12/04/2007
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:37.384 Bytes
MD5 checksum:8f848b92711a0de1253163e15063be6e
VDF version:6.38.00.206
IVDF version:6.38.00.210 - Thursday, April 12, 2007

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-Clicker.Win32.Agent.jh
   •  F-Secure: Trojan-Clicker.Win32.Agent.jh


Platforms / OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows 2003


Side effects:
   • Drops a file
   • Steals information
   • Third party control

 Files The following file is created:

– Non malicious file:
   • %TEMPDIR%\abc123.pid

 Backdoor Contact server:
The following:
   • http://216.95.196.22/**********

As a result it may send information and remote control could be provided. This is done via the HTTP GET request on a PHP script.

 File details Programming language:
 The malware program was written in MS Visual C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX


Compilation date:
Date: 11/04/2007
Time: 11:36:56

Description inserted by Andrei Ivanes on Monday, April 30, 2007

Back . . . .