MalAgent.J_89717 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive
Mutexes created
- Global\"C:\DOCUME~1\TestMachine\LOCALS~1\Temp\362ba2d5feaf8cfbe133aee02476c76a.bin"
Directory level activity
File level activity- delete - file - C:\DOCUME~1\TestMachine\LOCALS~1\Temp\362ba2d5feaf8cfbe133aee02476c76a.bin
- write - file - nul
- write - file - nul
Registry level activity- write - registry - HKEY_LOCAL_MACHINE\SYSTEM\SelectMarkTime
Library level activity- load - library - MFC42.DLL
- load - library - MSVCRT.dll
- load - library - KERNEL32.dll
- load - library - NTDLL
- load - library - USER32.dll
- load - library - GDI32.dll
- load - library - ADVAPI32.dll
- load - library - SHELL32.dll
- load - library - COMCTL32.dll
- load - library - ole32.dll
- load - library - OLEAUT32.dll
- load - library - MSVCP60.dll
- load - library - WINMM.dll
- load - library - WS2_32.dll
- load - library - iphlpapi.dll
- load - library - dwmapi.dll
- load - library - SHLWAPI.dll
- load - library - KERNEL32.DLL
- load - library - mscoree.dll
- load - library - mscoree.dll
Process API calls used
- VirtualProtectEx
- NtFreeVirtualMemory
- CreateProcessInternalW
- ExitProcess
Registry API calls used
- RegOpenKeyExA
- RegSetValueExA
- RegCloseKey
- RegCloseKey
System API calls used
- LdrLoadDll
- LdrGetProcedureAddress
- LdrGetDllHandle
- NtDelayExecution
- LdrGetProcedureAddress
Filesystem API calls used
- CopyFileA
- NtOpenFile
- NtSetInformationFile
- FindFirstFileExW
- NtSetInformationFile
Network
UDP source >> destination
TCP source >> destination
Domains:
DNS Request:
HTTP Request:
DLL related data
Number of DLL's imported = 12
- MFC42.DLL
- MSVCRT.dll
- KERNEL32.dll
- USER32.dll
- GDI32.dll
- ADVAPI32.dll
- SHELL32.dll
- COMCTL32.dll
- ole32.dll
- OLEAUT32.dll
- KERNEL32.dll
- USER32.dll
|
