SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  MalAgent.J_73085
MalAgent.J_73085 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.

Mutexes created
  • MyProgramMutex


Directory level activity
  • create - dir - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\Fred


File level activity
  • write - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\Fred\1.reg


Registry level activity
  • write - registry - Software\Microsoft\windows\CurrentVersion\Internet Settings\ConnectionsDefaultConnectionSettings
  • write - registry - HKEY_LOCAL_MACHINE\SYSTEM\Remote Manipulator System\v4\Server\ParametersOptions
  • write - registry - HKEY_LOCAL_MACHINE\SYSTEM\Remote Manipulator System\v4\Server\ParametersInternetId
  • write - registry - HKEY_LOCAL_MACHINE\SYSTEM\Remote Manipulator System\v4\Server\ParametersFUSClientPath
  • write - registry - HKEY_LOCAL_MACHINE\SYSTEM\Remote Manipulator System\v4\Server\ParametersCalendarRecordSettings
  • write - registry - HKEY_LOCAL_MACHINE\SYSTEM\Remote Manipulator System\v4\Server\ParametersPassword
  • write - registry - HKEY_LOCAL_MACHINE\SYSTEM\Remote Manipulator System\v4\Server\ParametersUserAccess


Library level activity
  • load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\975634bf573fea5edbb2f44372c69672.ENU
  • load - library - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\975634bf573fea5edbb2f44372c69672.EN
  • load - library - kernel32.dll
  • load - library - oleaut32.dll
  • load - library - C:\WINDOWS\System32\mswsock.dll
  • load - library - NTDLL.DLL
  • load - library - IPHLPAPI.DLL


Process API calls used
  • ShellExecuteExW
  • ZwMapViewOfSection
  • CreateProcessInternalW
  • NtFreeVirtualMemory
  • ExitProcess


Registry API calls used
  • RegOpenKeyExA
  • NtOpenKey
  • RegCreateKeyExA
  • RegCloseKey
  • RegQueryInfoKeyA
  • RegQueryValueExW
  • RegQueryValueExA
  • RegSetValueExA
  • RegCloseKey


System API calls used
  • LdrGetDllHandle
  • LdrGetProcedureAddress
  • LdrLoadDll
  • LdrGetProcedureAddress


Filesystem API calls used
  • CreateDirectoryW
  • NtCreateFile
  • NtWriteFile
  • NtDeviceIoControlFile
  • NtQueryInformationFile

Network

UDP source >> destination
  • 192.168.30.254 >> 192.168.30.8
  • 192.168.30.8 >> 192.168.30.254
  • 192.168.30.8 >> 192.168.30.255
  • 192.168.30.8 >> 8.8.8.8


TCP source >> destination
  • 192.168.30.8 >> 192.168.30.254



Domains:
  • bagi-3dn.hol.es with IP -
  • test11999.zz.mu with IP -

DNS Request:
  • bagi-3dn.hol.es
  • test11999.zz.mu

HTTP Request:
  • NA

DLL related data
Number of DLL's imported = 12
  • kernel32.dll
  • user32.dll
  • advapi32.dll
  • oleaut32.dll
  • kernel32.dll
  • kernel32.dll
  • user32.dll
  • wininet.dll
  • kernel32.dll
  • oleaut32.dll
  • shell32.dll
  • kernel32.dll

Relevant Information


© SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0