|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Trojan:W32/Agent.EDY

|
|
|
| Radar |
 |
|
|
|
Summary
|
Trojan:W32/Agent.EDY is a standalone trojan dropper.
It drops two EXE files on the computer. |
|
|
|
Detailed Description
|
Trojan:W32/Agent.EDY is detection of a trojan-dropper which is packed with a modified version of UPX file compressor.
It drops two EXE files to the user's computer.
The first file named Regscan.exe is dropped to the following location:
- C:\windows\system32\regscan.exe
SHA1: 28c80315dfa691f1fb0b5b5cf3a253e416541f53 It also drops a 3Kb sized file that is named the same as the sample itself to:
- C:\Documents and Settings\[UserName]\Local Settings\Temp\
Registy Changes
Launch point:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Regscan
Add these value to registry:
- HKCU\Software\Microsoft\Internet Explorer\Settings\GID
- HKCU\Software\Microsoft\Internet Explorer\Settings\GatesList
- HKCU\Software\Microsoft\Internet Explorer\Settings\KeyE
- HKCU\Software\Microsoft\Internet Explorer\Settings\KeyM
Regscan.exe posts a file called bang.cgi to various IP addresses. |
|
|
|
Detection
|
F-Secure Anti-Virus detects this malware with the following updates: [FSAV_Database_Version] Version = 2008-01-14_02.
|
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: January 14, 2008
|
|
|
|
|