MalAgent.H_18037 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive
Mutexes created
Directory level activity- create - dir - C:\WINDOWS\system32\macromd
File level activity- write - file - C:\WINDOWS\system32\winxcfg.exe
- write - file - C:\WINDOWS\system32\macromd\15 year old webcam.mpg.pif
- write - file - C:\WINDOWS\system32\macromd\Kama Sutra Tetris.exe
- write - file - C:\WINDOWS\system32\macromd\jenna jameson - shower scene.exe
- write - file - C:\WINDOWS\system32\macromd\16 year old webcam.mpg.exe
- write - file - C:\WINDOWS\system32\macromd\Blonde and Japanese girl bukkake.mpg.exe
- write - file - C:\WINDOWS\system32\macromd\yahoo cracker.exe
- write - file - C:\WINDOWS\system32\macromd\cute girl giving head.exe
- write - file - C:\WINDOWS\system32\macromd\hotmailhacker.exe
- write - file - C:\WINDOWS\system32\macromd\Teen Violent Forced Gangbang.exe
- write - file - C:\WINDOWS\system32\macromd\girls gone wild.mpg.exe
- write - file - C:\WINDOWS\system32\macromd\pamela anderson naked.mpg.exe
- write - file - C:\WINDOWS\system32\macromd\porn account cracker.exe
- write - file - C:\WINDOWS\system32\macromd\15 year old on beach.mpg.exe
- write - file - C:\WINDOWS\system32\macromd\AIM Account Hacker.exe
- write - file - C:\WINDOWS\system32\macromd\AIM Password Stealer.exe
- write - file - C:\WINDOWS\system32\macromd\Windows 2000.exe
- write - file - C:\WINDOWS\system32\macromd\AIM Account Stealer.exe
- write - file - C:\WINDOWS\system32\macromd\Napster Clone.exe
- write - file - C:\WINDOWS\system32\macromd\Flash Golf.exe
- write - file - C:\WINDOWS\system32\macromd\Free Porn.exe
- write - file - C:\WINDOWS\system32\macromd\Cable Modem Uncapper.exe
- write - file - C:\WINDOWS\system32\macromd\win2k serial.exe
- write - file - C:\WINDOWS\system32\macromd\Two girls - Blonde and Brunette - Giving head.exe
- write - file - C:\WINDOWS\system32\macromd\Nokia Unloker (most models).exe
- write - file - C:\WINDOWS\system32\macromd\12 year old forced rape cum.exe
- write - file - C:\WINDOWS\system32\macromd\Windows 2000 win2k password stealer.exe
- write - file - C:\WINDOWS\system32\macromd\Windows 2000 win2k password stealer.exe
Registry level activity- write - registry - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SetupVersion
- write - registry - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runwinxcfg.exe
- write - registry - HKEY_CURRENT_USER\Software\Borland\LocalesDisableSharing
- write - registry - HKEY_CURRENT_USER\Software\Borland\LocalesDir98
Library level activity- load - library - KERNEL32.DLL
- load - library - advapi32.dll
- load - library - oleaut32.dll
- load - library - user32.dll
- load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\338b71102a0f5addd4ba8c2787186189.ENU
- load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\338b71102a0f5addd4ba8c2787186189.EN
- load - library - kernel32.dll
- load - library - C:\WINDOWS\system32\uxtheme.dll
- load - library - uxtheme.dll
Process API calls used
Registry API calls used
- RegOpenKeyExA
- RegQueryValueExA
- RegSetValueExA
- RegCloseKey
- RegCloseKey
System API calls used
- LdrLoadDll
- LdrGetProcedureAddress
- LdrGetDllHandle
- IsDebuggerPresent
- LdrLoadDll
Filesystem API calls used
- NtCreateFile
- NtWriteFile
- NtReadFile
- CreateDirectoryW
- NtSetInformationFile
- NtWriteFile
Network
UDP source >> destination
- 192.168.30.254 >> 192.168.30.6
- 192.168.30.6 >> 192.168.30.255
TCP source >> destination
- 192.168.30.6 >> 192.168.30.254
Domains:
DNS Request:
HTTP Request:
DLL related data
Number of DLL's imported = 4
- KERNEL32.DLL
- advapi32.dll
- oleaut32.dll
- user32.dll
|
