Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:EXP/Shellcode.B.161
Date discovered:15/05/2011
Type:Trojan
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:228.352 Bytes
MD5 checksum:650eeedd58c78715d1cfda3d11c09bb0
VDF version:7.11.08.22 - Sunday, May 15, 2011
IVDF version:7.11.08.22 - Sunday, May 15, 2011

 General Aliases:
   •  F-Secure: Backdoor:W32/Agent.DQJS
   •  DrWeb: Trojan.Siggen2.5874


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

 Miscellaneous Furthermore it contains the following strings:
   • SeLoadDriverPrivilege
   • MPSVC.exe
   • MPMon.exe
   • MPSVC1.exe
   • MPSVC2.exe
   • RavMonD.exe
   • 360tray.exe
   • MPSVC.exe
   • Explorer.exe
   • KSafeTray.exe
   • RsAgent.exe
   • 127.0.0.1 localhost
   • %s\drivers\etc\hosts
   • http://%s:%d/%s?%s
   • ver=%s&tgid=%s&address=%s
   • %s&#s=%s&alexa=0&List=NULL
   • %sautorun.inf

 File details Programming language:
The malware program was written in MS Visual C++.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Petre Galan on Friday, June 10, 2011
Description updated by Andrei Ivanes on Friday, June 17, 2011

Back . . . .