Troj/Agent-ADRF

    Category: Viruses and SpywareProtection available since:12 Sep 2013 01:56:00 (GMT)
    Type: TrojanLast Updated:12 Sep 2013 01:56:00 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Examples of Troj/Agent-ADRF include:

    Example 1

    File Information

    Size
    1.9M
    SHA-1
    a7028e1f423cc13ad99ec0106942aaec1a805f78
    MD5
    6c4316b8b05b4e46a8c2e82671326d84
    CRC-32
    b3e69568
    File type
    Windows executable
    First seen
    2013-09-11

    Runtime Analysis

    Modified Files
    • %SYSTEM%\d3d9caps.dat
    HTTP Requests
    • http://ipv4.icanhazip.com/
    IP Connections
    • 193.23.244.244:443
    • 212.112.245.170:443
    DNS Requests
    • ipv4.icanhazip.com

    Example 2

    File Information

    Size
    402K
    SHA-1
    abd2ce9546f44b92a43419fc854305d184dbcf17
    MD5
    b185c3924ce07ed75009d6ac95622ee5
    CRC-32
    8c4ef109
    File type
    Windows executable
    First seen
    2013-09-11

    Runtime Analysis

    Dropped Files
    • c:\Documents and Settings\test user\Local Settings\Temp\RarSFX0\MahnungRE64-105123.pdf
      Size
      280K
      SHA-1
      de4192b89931191ba99bab3046263fdfed94cdf5
      MD5
      05aba5b05b787e85e410d97460e0d434
      CRC-32
      3d56fad4
      File type
      Adobe Portable Document Format (PDF)
      First seen
      2013-09-11
    • c:\Documents and Settings\test user\Local Settings\Temp\RarSFX0\dl.exe
      Size
      96K
      SHA-1
      f3da3835dd1d18672efe2ece73275fea3d5bae26
      MD5
      e5ac570d8c51f32067eadec9087d14c4
      CRC-32
      b7c2a4f4
      File type
      Windows executable
      First seen
      2013-09-11
    • c:\Documents and Settings\test user\Application Data\117609710.exe
      Size
      1.9M
      SHA-1
      a7028e1f423cc13ad99ec0106942aaec1a805f78
      MD5
      6c4316b8b05b4e46a8c2e82671326d84
      CRC-32
      b3e69568
      File type
      Windows executable
      First seen
      2013-09-11
    Modified Files
    • %SYSTEM%\d3d9caps.dat
    Processes Created
    • c:\Documents and Settings\test user\application data\117609710.exe
    • c:\docume~1\support\locals~1\temp\rarsfx0\dl.exe
    • c:\program files\adobe\reader 8.0\reader\acrord32.exe
    HTTP Requests
    • http://-\x16\x03\x01
    • http://81.17.28.154/b.exe
    • http://ipv4.icanhazip.com/
    IP Connections
    • 154.35.32.5:443
    • 171.25.193.9:80
    • 81.17.28.154:80
    DNS Requests
    • ipv4.icanhazip.com

    Example 3

    File Information

    Size
    96K
    SHA-1
    f3da3835dd1d18672efe2ece73275fea3d5bae26
    MD5
    e5ac570d8c51f32067eadec9087d14c4
    CRC-32
    b7c2a4f4
    File type
    Windows executable
    First seen
    2013-09-11

    Runtime Analysis

    HTTP Requests
    • http://81.17.28.154/b.exe
    • http://ipv4.icanhazip.com/
    IP Connections
    • 194.109.206.212:443
    • 212.112.245.170:443
    • 81.17.28.154:80
    DNS Requests
    • ipv4.icanhazip.com

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection