MalAgent.J_72964 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.
Mutexes created
Directory level activity
File level activity
Registry level activity
Library level activity- load - library - C:\WINDOWS\system32\rpcss.dll
- load - library - C:\WINDOWS\system32\uxtheme.dll
- load - library - uxtheme.dll
- load - library - OLEAUT32.DLL
- load - library - oleaut32.dll
- load - library - ole32.dll
- load - library - SXS.DLL
- load - library - USER32
- load - library - C:\WINDOWS\system32\kernel32.dll
- load - library - kernel32
- load - library - user32
- load - library - ntdll
- load - library - shell32
- load - library - advapi32
- load - library - advapi32
Process API calls used
- ZwMapViewOfSection
- VirtualProtectEx
- NtCreateSection
- NtFreeVirtualMemory
- NtProtectVirtualMemory
Registry API calls used
- NtOpenKey
- NtQueryValueKey
- RegOpenKeyExA
- RegOpenKeyExW
- RegOpenKeyExW
System API calls used
- LdrGetDllHandle
- LdrLoadDll
- IsDebuggerPresent
- LdrGetProcedureAddress
- SetWindowsHookExA
- LdrGetProcedureAddress
Filesystem API calls used
- NtCreateFile
- NtQueryInformationFile
- NtSetInformationFile
- NtQueryInformationFile
Network
UDP source >> destination - 192.168.30.254 >> 192.168.30.8
- 192.168.30.8 >> 192.168.30.255
TCP source >> destination - 192.168.30.8 >> 192.168.30.254
Domains: DNS Request: HTTP Request: DLL related data Number of DLL's imported = 1
|