MalAgent.J_90193 is a Virus. Virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive
Mutexes created
Directory level activity
File level activity
Registry level activity- write - registry - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunIneter Mc
Library level activity- load - library - C:\WINDOWS\system32\rpcss.dll
- load - library - C:\WINDOWS\system32\uxtheme.dll
- load - library - uxtheme.dll
- load - library - OLEAUT32.DLL
- load - library - oleaut32.dll
- load - library - ole32.dll
- load - library - SXS.DLL
- load - library - USER32
- load - library - kernel32
- load - library - C:\WINDOWS\system32\kernel32.dll
- load - library - kernel32.dll
- load - library - MSVBVM60.DLL
- load - library - User32.dll
- load - library - ntdll
- load - library - advapi32
- load - library - KERNEL32.DLL
- load - library - ADVAPI32.dll
- load - library - mscoree.dll
- load - library - C:\jdclol\dll\HrJcRk.dll
- load - library - ntdll
Process API calls used
- ZwMapViewOfSection
- VirtualProtectEx
- WriteProcessMemory
- NtFreeVirtualMemory
- CreateProcessInternalW
- ExitProcess
Registry API calls used
- NtOpenKey
- NtQueryValueKey
- RegOpenKeyExA
- RegCreateKeyExA
- RegQueryValueExA
- RegCloseKey
- RegCloseKey
System API calls used
- LdrGetDllHandle
- LdrLoadDll
- IsDebuggerPresent
- LdrGetProcedureAddress
- SetWindowsHookExA
- NtDelayExecution
Filesystem API calls used
Network
UDP source >> destination
- 192.168.30.254 >> 192.168.30.6
- 192.168.30.6 >> 192.168.30.254
- 192.168.30.6 >> 192.168.30.255
- 192.168.30.6 >> 8.8.8.8
TCP source >> destination
- 192.168.30.6 >> 192.168.30.254
Domains:- appiething.no-ip.biz with IP -
DNS Request:
HTTP Request:
DLL related data
Number of DLL's imported = 1
|
