| Visit ThreatExpert web site | | | Close Report |
| What's been found | Severity Level |
| Produces outbound traffic. | ![]() |
| Communication with a remote SMTP server and sending out email. | ![]() |
| Creates a startup registry entry. | ![]() |
| Contains characteristics of an identified security risk. | ![]() |
![]() | Possible Security Risk |
| Security Risk | Description |
Trojan.Agent![]() |
Trojan.Agent will spy on the browsing habits of users, modify Internet Explorer settings and download malicious files. |
| Threat Category | Description |
![]() |
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment |
![]() | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 |
%UserProfile%\reader_s.exe
%System%\reader_s.exe
[file and pathname of the sample #1] |
56,320 bytes | MD5: 0x08BA612F05B0433A4A5CA2DF4DA38DEB SHA-1: 0xBCDAFAABC91615255532111D4672FCEF7AEB9593 |
(not available) |
| 2 |
%System%\dllcache\ndis.sys
|
212,480 bytes | MD5: 0xA329EADC3E525324566E8B70A7068B04 SHA-1: 0x689374F942835C06F472D9BCA1E5D5C6CF784FA0 |
Trojan.Neprodoor!inf [Symantec]Troj/Pushu-Gen , Mal/Fakedis-A [Sophos]Virus:Win32/Cutwail.F [Microsoft]Virus.Win32.Protector [Ikarus]Win32/Dnis.C [AhnLab] |
![]() | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
reader_s.exe![]() | %System%\reader_s.exe![]() | 49,152 bytes |
reader_s.exe![]() | %UserProfile%\reader_s.exe![]() | 49,152 bytes |
| Process Name | Process Filename | Allocated Size |
svchost.exe![]() | %System%\svchost.exe![]() | 5,124,096 bytes |
![]() | Registry Modifications |
![]() | Other details |
| Remote Host | Port Number |
| 159.226.251.12 | 25 |
| 187.141.85.226 | 25 |
| 205.178.132.80 | 25 |
| 206.114.155.9 | 25 |
| 206.132.63.29 | 25 |
| 207.45.161.80 | 25 |
| 209.181.247.105 | 25 |
| 58.59.85ae.static.theplanet.com | 25 |
| 211.18.214.189 | 25 |
| 38.187.14.226 | 25 |
| 78.159.121.41 | 38811 |
![]() | Outbound traffic (potentially malicious) |
.. .. 00000580 | 3C73 7061 6E20 7374 796C 653D 2263 6F6C | ..S 000005E0 | 7562 7363 7269 6265 3C2F 7370 616E 3E3C | ubscribe< 000005F0 | 2F61 3E3C 7370 616E 2073 7479 6C65 3D22 | /a>& 00000650 | 6E62 7370 3B20 2020 0909 3C2F 7370 616E | nbsp; .. .. 000006E0 | 2009 0955 6E73 7562 7363 7269 6265 3C2F | ..Unsubscribe 000006F0 | 7370 616E 3E3C 2F61 3E3C 7370 616E 2073 | span> .. .. ..Send to a Fr 000007F0 | 6965 6E64 3C2F 7370 616E 3E3C 2F61 3E3C | iend< 00000800 | 7370 616E 2073 7479 6C65 3D22 636F 6C6F | span style="colo 00000810 | 723A 2023 3636 3636 3939 3B20 666F 6E74 | r: #666699; font 00000820 | 2D73 697A 653A 2078 2D73 6D61 6C6C 3B20 | -size: x-small; 00000830 | 666F 6E74 2D66 616D 696C 793A 2041 7269 | font-family: Ari 00000840 | 616C 2C20 4865 6C76 6574 6963 612C 2073 | al, Helvetica, s 00000850 | 616E 732D 7365 7269 6622 3E20 2020 2009 | ans-serif"> . 00000860 | 093C 2F73 7061 6E3E 3C61 2068 7265 663D | . .. ..Prefer 000008F0 | 656E 6365 733C 2F73 7061 6E3E 3C2F 613E | ences 00000900 | 3C73 7061 6E20 7374 796C 653D 2263 6F6C | 00000960 | 0909 3C2F 7370 616E 3E3C 6120 6872 6566 | .. .. | ... ... | .
00000C50 | 7472 3E20 3C2F 7461 626C 653E 2020 200D | tr>