Skip navigation.
Home

Trojan.Win32.Agent.Q

| |

EDITED by Tebodell

2C2EE583.DLL
MD5SUM: 476d8b31bfd01f2d264f2133c47a3d37
SHA1SUM: ba5ff9dfbd0702e85799ed46dd3197691b4eb149
SHA256SUM: 1dc6daa68dc554d95db5d9506f7ccb4eb85750c93f90f3b1762d74a096257ae0

PACKER: UPX
REF: Submitted by MythX
DATE FOUND: 2/20/2006
VECTOR: Email
THREAT: Backdoor
CME #: N/A

(Results via VirusTotal.com - Virusscan.Jotti.org - Norman SandBox Live )

AntiVir: TR/Agent.Q.1
ArcaVir: Trojan.Agent.Q.I
Avast: Win32:Trojan-gen. {Other}
AVG: Generic.LLA
Avira: TR/Agent.Q.1
BitDefender: Trojan.Agent.Q
QuickHeal: Nothing
ClamAV: Nothing
Dr. Web: Nothing
eTrust-Iris: Nothing
eTrust-Vet: Nothing
Ewido: Trojan.Agent.q
Fortinet: W32/Backdoor-tr
F-Prot: destructive program named W32/Trojan.NK
Ikarus: Trojan.Win32.Agent.Q
Kaspersky: Trojan.Win32.Agent.q
McAfee: Proxy-Agent.j
NOD32v2: Win32/Agent.Q
Norman: W32/Agent.CLK
Panda: Trj/Agent.QJ
Sophos: Nothing
Symantec: Backdoor.Trojan
TheHacker: Trojan/Agent.q
UNA: Trojan.Win32.Agent
VBA32: Trojan.Win32.Agent.q

NOTES:

Norman Sandbox has these things to say but I haven't been able to verify them.

[ Changes to system settings ]
* Creates WindowsHook monitoring call windows procecdures activity.

[ Network services ]
* Connects to "66.250.130.178" on port 5556 (IP).
* Sends data stream (80 bytes) to remote address "66.250.130.178", port 5556.