SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  MalAgent.J_89886
MalAgent.J_89886 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive

Mutexes created
  • Nothing to report


Directory level activity
  • create - dir - c:\Documents and Settings\TestMachine\Applications Data
  • create - dir - c:\Documents and Settings\TestMachine\Applications Data\Microsoft
  • create - dir - c:\Documents and Settings\TestMachine\Applications Data\Media Player
  • create - dir - c:\Documents and Settings\TestMachine\Applications Data\Office
  • create - dir - c:\Documents and Settings\TestMachine\Applications Data\Word
  • create - dir - c:\Documents and Settings\TestMachine\Applications Data\Excel
  • create - dir - c:\Documents and Settings\TestMachine\Applications Data\Windows


File level activity
  • write - file - c:\windows\system32\maxtrox.txt
  • delete - file - c:\Documents and Settings\TestMachine\Application Data\desktop.ini
  • write - file - c:\Documents and Settings\TestMachine\Application Data\Desktop.ini
  • write - file - c:\Documents and Settings\TestMachine\Application Data\Microsoft\Desktop.ini
  • write - file - c:\Documents and Settings\TestMachine\Applications Data\Desktop.ini


Registry level activity
    • Nothing to report


    Library level activity
    • load - library - C:\WINDOWS\system32\rpcss.dll
    • load - library - C:\WINDOWS\system32\uxtheme.dll
    • load - library - uxtheme.dll
    • load - library - OLEAUT32.DLL
    • load - library - oleaut32.dll
    • load - library - ole32.dll
    • load - library - SXS.DLL
    • load - library - USER32
    • load - library - advapi32.dll
    • load - library - Secur32.dll
    • load - library - kernel32


    Process API calls used
    • ZwMapViewOfSection
    • VirtualProtectEx
    • NtFreeVirtualMemory
    • ExitProcess


    Registry API calls used
    • NtOpenKey
    • NtQueryValueKey
    • RegOpenKeyExA
    • RegCloseKey
    • RegCloseKey


    System API calls used
    • LdrGetDllHandle
    • LdrLoadDll
    • IsDebuggerPresent
    • LdrGetProcedureAddress
    • SetWindowsHookExA
    • NtDelayExecution


    Filesystem API calls used
    • NtCreateFile
    • NtWriteFile
    • FindFirstFileExW
    • CreateDirectoryW
    • NtOpenFile
    • NtSetInformationFile
    • DeleteFileA
    • NtQueryDirectoryFile
    • NtOpenFile

    Network

    UDP source >> destination
    • 192.168.30.254 >> 192.168.30.6
    • 192.168.30.6 >> 192.168.30.255


    TCP source >> destination
    • 192.168.30.6 >> 192.168.30.254



    Domains:
    • NA

    DNS Request:
    • NA

    HTTP Request:
    • NA

    DLL related data
    Number of DLL's imported = 1
    • MSVBVM60.DLL

    Relevant Information


    © SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0