ThreatExpert Report: Java.SMSAgent, Trojan.Gen.2

Submission Summary:

Submission details:

Submission received: 14 September 2012, 11:44:10
Processing time: 9 min 46 sec
Submitted sample:

File MD5: 0x524D271AC69C1619DD90A3A2B7DEE185
File SHA-1: 0xFC07D0EEE7F8F7D3F0C0D15F053D46E8E37CF497
Filesize: 751,185 bytes
Alias: Java.SMSAgent [Ikarus]

Summary of the findings:

What's been found	Severity Level
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	%Temp%\0 %Temp%\1 %Temp%\10 %Temp%\100 %Temp%\101 %Temp%\102 %Temp%\103 %Temp%\104 %Temp%\105 %Temp%\106 %Temp%\107 %Temp%\108 %Temp%\109 %Temp%\11 %Temp%\110 %Temp%\111 %Temp%\112 %Temp%\113 %Temp%\114 %Temp%\115 %Temp%\116 %Temp%\117 %Temp%\118 %Temp%\119 %Temp%\12 %Temp%\120 %Temp%\121 %Temp%\122 %Temp%\123 %Temp%\124 %Temp%\125 %Temp%\126 %Temp%\127 %Temp%\128 %Temp%\129 %Temp%\13 %Temp%\130 %Temp%\131 %Temp%\132 %Temp%\133 %Temp%\134 %Temp%\135 %Temp%\136 %Temp%\137 %Temp%\138 %Temp%\139 %Temp%\14 %Temp%\140 %Temp%\141 %Temp%\142 %Temp%\143 %Temp%\144 %Temp%\145 %Temp%\146 %Temp%\147 %Temp%\148 %Temp%\149 %Temp%\15 %Temp%\150 %Temp%\151 %Temp%\152 %Temp%\153 %Temp%\154 %Temp%\155 %Temp%\156 %Temp%\157 %Temp%\158 %Temp%\159 %Temp%\16 %Temp%\160 %Temp%\161 %Temp%\162 %Temp%\163 %Temp%\164 %Temp%\165 %Temp%\166 %Temp%\167 %Temp%\168 %Temp%\169 %Temp%\17 %Temp%\170 %Temp%\171 %Temp%\172 %Temp%\173 %Temp%\174 %Temp%\175 %Temp%\176 %Temp%\177 %Temp%\178 %Temp%\179 %Temp%\18 %Temp%\180 %Temp%\181 %Temp%\182 %Temp%\183 %Temp%\184 %Temp%\185 %Temp%\186 %Temp%\187 %Temp%\188	1,094 bytes	MD5: 0xD30F53736E27F32F1B54F8B2A630967F SHA-1: 0x4A140FA11B33905A22223EB09C9D398A4FA82A5E	(not available)
2	%Temp%\a.class	1,221 bytes	MD5: 0x6C0B71566DE9AB28F9C3E5235EE44DFC SHA-1: 0xE367644172ABB14D35E938BEBAB5FCCAA9C68122	(not available)
3	%Temp%\b.class	427 bytes	MD5: 0x69C5674D74C647634AF8EBF8FEE637AB SHA-1: 0x1E571DA9918F1C12BF11C12757CC2DA2F658CCAB	(not available)
4	%Temp%\c.class	1,163 bytes	MD5: 0x26F9A041B9C9763F4190A5A9E9DBADFA SHA-1: 0xD7E7867F4308EC987AE3FBFE44B004D7A4416566	(not available)
5	%Temp%\d.class	90 bytes	MD5: 0xF20E77250F1040E06361A9ADF8FD79E3 SHA-1: 0x0A537B90CAA8BFD2FDBB01276ED0A93809F282B1	(not available)
6	%Temp%\data.dat	36,843 bytes	MD5: 0x65742B980401FA58D184E06208FE6C03 SHA-1: 0x7667799F9FDC979FD6C7E0305B2623A07F58DB84	(not available)
7	%Temp%\e.class	730 bytes	MD5: 0x16C73A9C33354693890B16B2A2DCB4C3 SHA-1: 0x9528C59D3045C4948E03A09D5DE11051729F28EE	(not available)
8	%Temp%\f.class	568 bytes	MD5: 0x4F191AC0FAA55B0B2A8E6F913CC07AF7 SHA-1: 0x090D9523C1523CD44E4864A4A72C9614B784039B	(not available)
9	%Temp%\g.class	9,861 bytes	MD5: 0xF466DA6554ECFA08B1CF352999CD310A SHA-1: 0x1A2E3923B5003BD05B251935F59F33C66387711E	(not available)
10	%Temp%\h.class	535 bytes	MD5: 0x97A225A9EB9A9AD911B576323726EE6B SHA-1: 0x1BC0068797F40E860BAD210BAC0DB2F19D83D9F9	(not available)
11	%Temp%\i.class	1,068 bytes	MD5: 0x423D4AFAB309B4978D60D4C378CC468B SHA-1: 0x5E33375A779DB9EFDC593371EC5699D4A66B3DBD	(not available)
12	%Temp%\icon.png	1,108 bytes	MD5: 0x7FBC2DB31946E7EBB9696AD84F95A5D1 SHA-1: 0xE2C93022285012460B667DF1FF9AA77006F9B14B	(not available)
13	%Temp%\j.class	1,978 bytes	MD5: 0x4AC1B2A403FE35655E736018150F2639 SHA-1: 0x44CDA86EEE05518692CB1F96A75D95D77938AE58	(not available)
14	%Temp%\k.class	384 bytes	MD5: 0x6A8890EFB15FC88EBE04576B6F642CC2 SHA-1: 0xB29084E34A76DEE51FBA613A7970E4724468407B	(not available)
15	%Temp%\l.class	233 bytes	MD5: 0x239C97EB52E3286CD37DD78350AE402D SHA-1: 0x404DCB628BF00B3F631720E6C12CE17920BD20C0	(not available)
16	%Temp%\logo.png	40,221 bytes	MD5: 0xD1C20E1BF4D7BBAEEB84F5B747ACA4A4 SHA-1: 0x95A87E0B8F316D178FA8B5C6DB872BB83980573F	(not available)
17	%Temp%\m.class	296 bytes	MD5: 0xD00BB49511BDA6A4126737236B54F191 SHA-1: 0x4C2A47E4B6A314ECD429812F8C8AB558812226CC	(not available)
18	%Temp%\META-INF\MANIFEST.MF	406 bytes	MD5: 0x8062F4509F5ED6E7678B53222630F8B0 SHA-1: 0x5897F6127E507815EA91C053CF71E0AE58CE422B	(not available)
19	%Temp%\META-INF\services\org.xmlpull.v1.XmlPullParserFactory	56 bytes	MD5: 0xD92C694E67829F86B99ED19EBFA27826 SHA-1: 0xBB93CD8A5E79601D5310D280130C420D0D7FA35B	(not available)
20	%Temp%\waictugc.class	12,917 bytes	MD5: 0x38CE1C90C1E3636EB09768E94A22AB9A SHA-1: 0x63DB9F29086545CB7C109886D96CA60AE470EEDD	Trojan.Gen.2 [Symantec] Java.SMSAgent [Ikarus]
21	%Temp%\XMLPULL_1_1_3_1_VERSION	0 bytes	MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709	(not available)
22	[file and pathname of the sample #1]	751,185 bytes	MD5: 0x524D271AC69C1619DD90A3A2B7DEE185 SHA-1: 0xFC07D0EEE7F8F7D3F0C0D15F053D46E8E37CF497	Java.SMSAgent [Ikarus]

Note:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

The following directories were created:

%Temp%\META-INF
%Temp%\META-INF\services

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.