Submission Summary:

What's been foundSeverity Level
Contains characteristics of an identified security risk.

 

Technical Details:

 

Possible Security Risk

Security RiskDescription
Backdoor.Agent.AJU Backdoor.Agent.AJU is a malicious backdoor trojan that is capable to run and open random TCP port in a multiple instances attempting to connect to its predefined public SMTP servers. It then spams itself in email with a file attached in zip and password protected format. Furthermore, the password is included in the body of the email.

Threat CategoryDescription
A network-aware worm that attempts to replicate across the existing network(s)
A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

 

File System Modifications

#Filename(s)File SizeFile HashAlias
1 %Temp%\_check32.bat 103 bytes MD5: 0x3AFF9007437E04D852F4B27C455BBBAE
SHA-1: 0x5D6723BA70366E8B2652BB00EC67F5764FA1EC6C
(not available)
2 %Windir%\db32.txt 147 bytes MD5: 0x647B5A7658D9041F5F7D8D55971BA950
SHA-1: 0xA4E3DE8200DD23CCB89651A66C9A3CD098B9B9C2
(not available)
3 %Windir%\s32.txt 85 bytes MD5: 0xD042AFDD125C643DFBC1B38EAADF7936
SHA-1: 0x8750200C7C1F7699A2C5E55D7438F64766501CE5
(not available)
4 %System%\aspimgr.exe 77,824 bytes MD5: 0xD85C6DA62224996706063136DCB6D895
SHA-1: 0x47E8CBD33BA8D1D15142CB1E0D632819579DCC2C
Trojan.Damnec.Gen [PCTools]
Trojan.Asprox [Symantec]
Email-Worm.Win32.Agent.ha [Kaspersky Lab]
Proxy-Agent.af.gen [McAfee]
Troj/Asprox-Gen [Sophos]
Backdoor:Win32/Agent.ACG [Microsoft]
Win32.SuspectCrc [Ikarus]
5 [file and pathname of the sample #1] 49,664 bytes MD5: 0x476CEFA4CA9EC2E9E9E39D7CF1060432
SHA-1: 0x59FA2904E054B21A4623ABF67E5F2285C8959F29
Trojan.Damnec.Gen [PCTools]
Trojan.Asprox [Symantec]
Net-Worm.Win32.Aspxor.ab [Kaspersky Lab]
Virus.Win32.Agent.GPS [Ikarus]
Win32/Aspxor.worm.49664 [AhnLab]
6 %Windir%\ws386.ini 12 bytes MD5: 0xEB88059AF6D5E2B000848840AD6F6023
SHA-1: 0xA3405359551CE55BCCDB260D20738AFC1CBAB67D
(not available)

 

Memory Modifications

Process NameProcess FilenameMain Module Size
aspimgr.exe%System%\aspimgr.exe364,544 bytes
[filename of the sample #1][file and pathname of the sample #1]131,072 bytes

Service NameDisplay NameStatusService Filename
aspimgrMicrosoft ASPI Manager"Running"%System%\aspimgr.exe

 

Registry Modifications

 

Other details

PortProtocolProcess
80TCPaspimgr.exe (%System%\aspimgr.exe)

 

 

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2014 ThreatExpert. All rights reserved.