| Visit ThreatExpert web site | | | Close Report |
[Symantec] [Kaspersky Lab] [McAfee] [Sophos] [Microsoft] [Ikarus] [AhnLab]| What's been found | Severity Level |
| Capability to send out email message(s) with the built-in SMTP client engine. |  |
| Communication with a remote SMTP server and sending out email. |  |
| Mass-mailer that sends out email to the email addresses harvested from the local computer. |  |
| Downloads/requests other files from Internet. | |
| Creates a startup registry entry. |  |
| Contains characteristics of an identified security risk. | |
 | Possible Security Risk |
| Security Risk | Description |
| Trojan.Agent.ASDJ |
Trojan.Agent.ASDJ runs in the background and allows remote intruders to gain access and control over the computer. It might also download other malware onto the infected computer. The threat is capable of logging keystrokes. |
| Threat Category | Description |
 |
A network-aware worm that attempts to replicate across the existing network(s) |
 |
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 |
%System%\qnx.exe
|
157,184 bytes | MD5: 0xF596B22087D6404D538825413E266131 SHA-1: 0xCE76C13EFEA521B321C6C32270D272B1A7D7241A |
W32.Ackantta@mm [Symantec] Trojan.Win32.Agent.asdj [Kaspersky Lab]Generic Dropper.ea [McAfee]W32/Autorun-RI [Sophos]VirTool:Win32/Injector.gen!AH [Microsoft]VirTool.Win32.CeeInject [Ikarus]Win32/Ceein.worm.157184 [AhnLab] |
| 2 |
[file and pathname of the sample #1]
%System%\vxworks.exe
|
449,024 bytes | MD5: 0x0AA203943D1E264973B2993CA09EF4C3 SHA-1: 0xCA973B0E458F0E0CCA13636BD88784B80CCAE24D |
W32.Ackantta@mm [Symantec] Email-Worm.Win32.Agent.gew [Kaspersky Lab]W32/Xirtem@MM [McAfee]W32/Autorun-RI [Sophos]Worm:Win32/Prolaco.A@mm [Microsoft]Email-Worm.Win32.Agent [Ikarus]Win32/Ceein.worm.449024 [AhnLab] |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 438,272 bytes |
| vxworks.exe | %System%\vxworks.exe | 438,272 bytes |
| qnx.exe | %System%\qnx.exe | 172,032 bytes |
 | Registry Modifications |
 | Other details |
| Port | Protocol | Process |
| 1033 | TCP | [file and pathname of the sample #1] |
| 1058 | TCP | vxworks.exe (%System%\vxworks.exe) |
| 1069 | TCP | vxworks.exe (%System%\vxworks.exe) |
| Remote Host | Port Number |
| 206.137.17.89 | 1050 |
| Server Name | Server Port | Connect as User | Connection Password |
| www.mcdonalds.com | 80 | (null) | (null) |
 | Generated SMTP traffic |
| Coca-Cola: The Coca-Cola Companyimg.print_button{display:none;}Our CompanySustainabilityBrandsHeritageInvestorsPress CenterCareersContact UsSearch Coca-ColaSEARCHCoca Cola is proud to accounce our new Christmas Promotion. December, 2008Play our fantastic new online game for your chance to WIN a trip to the Bahamas and get all Coca Cola drinks for free in the rest of your life. See the attachment for details.The trademarks listed are owned or used under license by The Coca-Cola Company and its related affiliates, as of December 31, 2006. These trademarks may be owned or licensed in select locations only. � 2008 The Coca-Cola Company, all rights reserved. |
| You have recieved A Hallmark E-Card. Hello!You have recieved a Hallmark E-Card from your friend.To see it, check the attachment.There's something special about that E-Card feeling. We invite you to make a friend's day and send one.Hope to see you soon,Your friends at HallmarkYour privacy is our priority. Click the "Privacy and Security" link at the bottom of this E-mail to view our policy. Hallmark.com | Privacy & Security | Customer Service | Store Locator |
| Welcome to McDonald's [AD]Select Country/MarketUSAArgentinaAustraliaAustriaBahrainBelgiumBrazilBulgariaCanadaChileChinaColombiaCroatiaCyprusCzech RepublicDenmarkEgyptFinlandFranceGermanyGreeceGuatemalaHong KongHungaryIndiaIrelandIsraelItalyJapanJordanKoreaKuwaitLebanonMalaysiaMexicoNetherlandsNew ZealandOmanPakistanPeruPolandPortugalQatarSaudi ArabiaSingaporeSlovakiaSloveniaSouth AfricaSpainSwedenSwitzerlandTaiwanTurkeyUnited Arab EmiratesUnited KingdomUruguayUSAYugoslaviaMcDonald's is proud to present our latest discount menu. Simply print the coupon from this Email and head to your local McDonald's for FREE giveaways and AWESOME savings. You don't have a flash plugin installed or javascript enabled. // Corporate McDonald's|Facts about McDonald's|Podcasts|Voice©2007-2008 McDonald's. All rights reserved. |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2009 ThreatExpert. All rights reserved.