Virus:TR/Spy.Agent.aam.1
Date discovered:13/08/2010
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:48.128 Bytes
MD5 checksum:d997580B3aacf547dc60b3659173958f
IVDF version:7.10.10.154 - Thursday, August 12, 2010

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows 98
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7


Side effects:
   • Third party control
   • Registry modification
   • Steals information

 Registry The following registry keys are added:

– [HKCU\%CLSID%
– [HKCU\Software\AppDataLow]
– [HKCU\SOFTWARE\AppDataLow\%CLSID%]
   • "k1"=dword:dd6b012f
   • "k2"=dword:42800909
   • "Version"=dword:00000c0c

 Backdoor Sends information about:
    • Capture screen


Remote control capabilities:
    • Restart system

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Carlos Valero Llabata on Friday, August 13, 2010
Description updated by Carlos Valero Llabata on Friday, August 13, 2010

Back . . . .