SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  MalAgent.J_77170
MalAgent.J_77170 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.

Mutexes created
  • C:\DOCUME~1\TestMachine\LOCALS~1\Temp\e46e0e51750a08e8df90a94e48071726.bin
  • 198.44.188.181:5858


Directory level activity
    • Nothing to report


    File level activity
      • Nothing to report


      Registry level activity
      • write - registry - SYSTEM\CurrentControlSet\Services\BcdefgDescription
      • write - registry - SYSTEM\CurrentControlSet\Services\BcdefgMarkTime
      • write - registry - SYSTEM\CurrentControlSet\Services\BcdefgMarkTiny
      • write - registry - SYSTEM\CurrentControlSet\Services\BcdefgMarkTinm
      • write - registry - SYSTEM\CurrentControlSet\Services\BcdefgMarkTind


      Library level activity
      • load - library - KERNEL32
      • load - library - KERNEL32.DLL
      • load - library - USER32.DLL
      • load - library - ADVAPI32.DLL
      • load - library - OLE32.DLL
      • load - library - MSVCRT.DLL
      • load - library - SHLWAPI.DLL
      • load - library - URLMON.DLL
      • load - library - WININET.DLL
      • load - library - MSVCP60.DLL
      • load - library - kernel32.dll
      • load - library - User32.dll
      • load - library - MSVCRT.dll
      • load - library - ws2_32.dll
      • load - library - ADVAPI32.dll
      • load - library - wininet.dll
      • load - library - user32.dll
      • load - library - KERNEL32.dll
      • load - library - ADVAPI32.dll


      Process API calls used
      • VirtualProtectEx
      • NtFreeVirtualMemory
      • VirtualProtectEx


      Registry API calls used
      • RegOpenKeyExA
      • RegCloseKey
      • RegQueryValueExA
      • RegSetValueExA
      • RegCreateKeyExA
      • RegCloseKey


      System API calls used
      • LdrGetDllHandle
      • LdrGetProcedureAddress
      • SetWindowsHookExA
      • LdrLoadDll
      • NtDelayExecution
      • NtDelayExecution


      Filesystem API calls used
      • CopyFileA
      • MoveFileWithProgressW
      • MoveFileWithProgressW

      Network

      UDP source >> destination
      • 192.168.30.254 >> 192.168.30.7
      • 192.168.30.7 >> 192.168.30.255


      TCP source >> destination
      • 192.168.30.7 >> 192.168.30.254



      Domains:
      • NA

      DNS Request:
      • NA

      HTTP Request:
      • NA

      DLL related data
      Number of DLL's imported = 13
      • KERNEL32.dll
      • USER32.dll
      • GDI32.dll
      • comdlg32.dll
      • WINSPOOL.DRV
      • ADVAPI32.dll
      • COMCTL32.dll
      • oledlg.dll
      • ole32.dll
      • OLEPRO32.DLL
      • OLEAUT32.dll
      • MSVCP60.dll
      • MSVCRT.dll

      Relevant Information


      © SonicWall 2020 | Privacy Policy | Conditions for use Version: 10.0