SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  MalAgent.H_18040
MalAgent.H_18040 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive

Mutexes created
  • Nothing to report


Directory level activity
  • create - dir - C:\Documents and Settings\All Users\Application Data\Saaaalamm


File level activity
  • write - file - C:\Documents and Settings\All Users\Application Data\hdgus.exe
  • write - file - C:\Documents and Settings\All Users\Application Data\Saaaalamm\Mira.h
  • delete - file - c:\Mirad
  • write - file - c:\agent.pyw .exe
  • write - file - c:\AUTOEXEC.BAT .exe
  • write - file - c:\boot.ini .exe
  • write - file - c:\CONFIG.SYS .exe
  • write - file - c:\Documents and Settings .exe
  • write - file - c:\fqeZDR .exe
  • write - file - c:\IO.SYS .exe
  • write - file - c:\ip.py .exe
  • write - file - c:\MSDOS.SYS .exe
  • write - file - c:\NTDETECT.COM .exe
  • write - file - c:\ntldr .exe
  • write - file - c:\pagefile.sys .exe
  • write - file - c:\Program Files .exe
  • write - file - c:\Python27 .exe
  • write - file - c:\rtclrvhlvf .exe
  • write - file - c:\System Volume Information .exe
  • write - file - c:\WINDOWS .exe
  • delete - file - c:\Mirah
  • delete - file - c:\Miram
  • delete - file - c:\Miraa
  • delete - file - c:\Mirac
  • delete - file - c:\Mirav
  • delete - file - c:\Miraw
  • delete - file - c:\Miral
  • delete - file - c:\Mirax
  • delete - file - c:\Mirap
  • delete - file - c:\Miraq
  • delete - file - c:\Miras
  • delete - file - c:\Mirai
  • delete - file - c:\Mirar
  • delete - file - c:\Mirae
  • delete - file - c:\Mirao
  • delete - file - c:\Mirat
  • delete - file - c:\Miraj
  • delete - file - c:\Mirab
  • delete - file - c:\Mirau
  • delete - file - c:\Mirag
  • delete - file - c:\Mirak
  • delete - file - c:\Miraf
  • delete - file - c:\Miray
  • delete - file - c:\Miran
  • delete - file - c:\Mirar


Registry level activity
  • write - registry - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersCommon AppData
  • write - registry - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunMicrosoft\xef\xfe\xae Windows\xef\xfe\xae Operating System
  • write - registry - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersCommon AppData


Library level activity
  • load - library - kernel32.dll


Process API calls used
  • VirtualProtectEx
  • NtFreeVirtualMemory
  • ShellExecuteExW
  • CreateProcessInternalW
  • ExitProcess


Registry API calls used
  • RegOpenKeyExA
  • RegCreateKeyExW
  • RegQueryValueExW
  • RegCloseKey
  • RegSetValueExW
  • RegCloseKey


System API calls used
  • LdrLoadDll


Filesystem API calls used
  • NtCreateFile
  • NtOpenFile
  • NtSetInformationFile
  • NtReadFile
  • NtWriteFile
  • CreateDirectoryW
  • NtSetInformationFile

Network

UDP source >> destination
  • 192.168.30.254 >> 192.168.30.6
  • 192.168.30.6 >> 192.168.30.255


TCP source >> destination
  • 192.168.30.6 >> 192.168.30.254



Domains:
  • NA

DNS Request:
  • NA

HTTP Request:
  • NA

DLL related data
Number of DLL's imported = 0
  • Nothing to report

Relevant Information


© SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0