English
Deutsch
Français
Español
Italiano
Home
Virus Info
DR/Agent.24576.D
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TechBlog
DR/Agent.24576.D - Dropper
See also
Summary
Full description
Statistics
How would you rate this information?
Worthless
Excellent
Virus:
DR/Agent.24576.D
Date discovered:
14/07/2009
Type:
Dropper
In the wild:
Yes
Reported Infections:
Low
Distribution Potential:
Low
Damage Potential:
Low
Static file:
Yes
File size:
160.768 Bytes
MD5 checksum:
816852a7b5f831e6f2c517e4adab4c8b
VDF version:
7.01.04.229
- Wed, 15 Jul 2009 10:17 (GMT+1)
General
Method of propagation:
• No own spreading routine
Aliases:
• Kaspersky: Trojan.Win32.FraudPack.pnd
• Eset: Win32/Agent.PTU
Platform / OS:
• Windows 2000
• Windows XP
Files
The following file is created:
–
%WINDIR%
\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job File is a scheduled task that runs the malware at predefined times. Detected as: DR/Agent.24576.D
Registry
One of the following values is added in order to run the process after reboot:
– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
• "Cognac"="%executedir%\%filename%"
The following registry key is added:
– [HKCU\Software\Cognac]
• "s00000002"="xC7aKZ+O6wyPlq1krRM4sG7m2LFGsYtHjHOagBf10Uk/n4gL8s8xs9LeD5KQVh3/j+XFFlHTwF6UUl4+Okpef3si9NAD"
• "s00000000"="tSLPLpWL7R22spR48AI743bz2Kge8sEVwV+urCGnghdg18Eo9NMs8sbCQvO2E1u+0quRUXD4ug6/bjAxfhYCb0UfzdlfROGiR3tfoylOcLHAH7yCiaBvnRZU43lFwg68rbA4VH7otTRUnUsktecNSQn93wDFIJBfAX62KOJrH23WF92s8q2F8M80+JJig46X"
• "s00000001"="tSbFNJuL/h22spR48AI743bz2Kge8sEVwV+urCH4hQZ8wYY/9Mx6vsrfS7m2BQah1q7ZF2rk+EDaFAUifhYCbyBhsJUQGaLyTGBKui0aPLfAWqyJkrkwxVYJ925YxUWvsalrFSb3uGQ48Cdq7vYOGk77zgOQY8pPDX2obvttCiPXAcCt48LgvoQy5Y8qmoHZVCchY7PquLAM5rjqerKPIIOxpOYv0J3hxhQu1IIs1QfpR9uRcSSKnL0r1Tn+CHuGMGlMcnSb21WbJh41qJTeBa7Cg5sIbXgnyb1RJAxt+XV3hlpm5lLLv2UJvMh3yCDY4DF6+0AmNex2rlpZ7c0Fn3WM9K46VTgGGadaGh1hUMgr"
• "d00000004"=dword:00015180
• "d00000005"=dword:00000002
• "d00000002"=dword:01ca048e
• "d00000003"=dword:30c2cb60
• "d00000006"=dword:00000001
• "d00000000"=dword:01ca03c7
• "d00000001"=dword:2053ab90
Backdoor
Contact server:
All of the following:
• http://imagesrepository.com/**************
• http://delphiner.com/***********
This is done via the HTTP POST method using a PHP script.
See a brief description
here
.
Description inserted by Mihai Dilimot on Fri, 17 Jul 2009 08:18 (GMT+1)
Description updated by Mihai Dilimot on Fri, 17 Jul 2009 13:37 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
TR/Crypt.XPACK.Gen
HEUR/HTML.Malware
HTML/Infected.WebPage.Gen
ADSPY/AdSpy.Gen
HTML/Crypted.Gen
W32/Induc.Gen
TR/ATRAPS.Gen2
TR/Click.Yabector.8857.2
TR/PSW.Magania.auv
TR/Dldr.Bredolab.AX
Get comfortable up to the minute info from Avira as
Detects and removes distinct malware and its variants.
Download here
Click
here
to get the panel...
© 2009 Avira GmbH
Copyright
|
Privacy
|
Sitemap
|
Feedback
|
Imprint
|
FAQ
|
Contact
Virus Info DR/Agent.24576.D
Print this page
.gif)
