SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  MalAgent.J_68533
MalAgent.J_68533 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.

Mutexes created
  • Nothing to report


Directory level activity
  • create - dir - C:\Documents
  • create - dir - and
  • create - dir - Settings\TestMachine\Application
  • create - dir - C:\DOCUME~1
  • create - dir - C:\DOCUME~1\TestMachine
  • create - dir - C:\DOCUME~1\TestMachine\LOCALS~1
  • create - dir - C:\DOCUME~1\TestMachine\LOCALS~1\Temp
  • create - dir - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\Settings
  • create - dir - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\Settings\TestMachine
  • create - dir - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\Settings\TestMachine\Application
  • create - dir - Data\Windows
  • create - dir - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\Data
  • create - dir - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\Data\Windows
  • create - dir - Data\Windows


File level activity
    • Nothing to report


    Registry level activity
      • Nothing to report


      Library level activity
      • load - library - kernel32.dll
      • load - library - C:\WINDOWS\system32\advapi32.dll
      • load - library - C:\WINDOWS\system32\ntdll.dll
      • load - library - C:\WINDOWS\system32\winmm.dll
      • load - library - C:\WINDOWS\system32\ws2_32.dll
      • load - library - C:\WINDOWS\system32\kernel32.dll
      • load - library - user32.dll
      • load - library - KERNEL32.DLL
      • load - library - ADVAPI32.dll
      • load - library - mscoree.dll
      • load - library - mscoree.dll


      Process API calls used
      • NtFreeVirtualMemory
      • CreateProcessInternalW
      • CreateProcessInternalW


      Registry API calls used
        • Nothing to report


        System API calls used
        • LdrLoadDll
        • LdrGetProcedureAddress
        • LdrGetProcedureAddress


        Filesystem API calls used
        • NtOpenFile

        Network

        UDP source >> destination
        • 192.168.30.254 >> 192.168.30.9
        • 192.168.30.9 >> 192.168.30.255


        TCP source >> destination
        • 192.168.30.9 >> 192.168.30.254



        Domains:
        • NA

        DNS Request:
        • NA

        HTTP Request:
        • NA

        DLL related data
        Number of DLL's imported = 1
        • kernel32.dll

        Relevant Information


        © SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0