X_Agent 3.0 Pro
Released 15 years, 8 months ago. January 2009
Copyright © MegaSecurity
By UmmU
Informations
| From | Turkey |
| Author | UmmU |
| Family | X_Agent |
| Category | Remote Access |
| Version | X_Agent 3.0 Pro |
| Released Date | Jan 2009, 15 years, 8 months ago. |
Additional Information
Constructor:
Dropped Files:
c:\Documents and Settings\Kobayashi\Local Settings\Temp\Install.exe
Size: 490,803 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\Keylogger-MEGASECURITY.txt
c:\Documents and Settings\Kobayashi\Local Settings\Temp\mail.exe
Size: 46,080 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\mail.txt
c:\Documents and Settings\Kobayashi\Local Settings\Temp\msn.exe
Size: 44,544 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\msn.txt
c:\Documents and Settings\Kobayashi\Local Settings\Temp\pspv.exe
Size: 52,736 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\pspv.txt
c:\Documents and Settings\Kobayashi\Local Settings\Temp\server.exe
Size: 664,055 bytes
c:\Documents and Settings\Kobayashi\Local Settings\Temp\X-Agent 3.0.exe
Size: 2,349,056 bytes
c:\WINDOWS\system32AKV.exe
Size: 402,944 bytes
c:\WINDOWS\system32YDWB.001
Size: 512 bytes
c:\WINDOWS\system32YDWB.006
Size: 7,680 bytes
c:\WINDOWS\system32YDWB.007
Size: 5,632 bytes
c:\WINDOWS\system32YDWB.exe
Size: 482,816 bytes
c:\WINDOWS\system32\1298.ftp
Date: 3/23/2009 1:42 PM
Size: 15 bytes
c:\WINDOWS\system32\1298.pass
Date: 3/23/2009 1:42 PM
Size: 6 bytes
c:\WINDOWS\system32\1298.usr
Date: 3/23/2009 1:42 PM
Size: 10 bytes
c:\WINDOWS\system32\blckx.exe
Date: 3/23/2009 1:43 PM
Size: 618,496 bytes
c:\WINDOWS\system32\ftdutil.exe
Size: 65,536 bytes
c:\WINDOWS\system32\ip.php
Date: 3/23/2009 1:43 PM
Size: 40 bytes
c:\WINDOWS\system32\ntvxdc.exe
Size: 65,536 bytes
c:\WINDOWS\system32\viclgkc.dll
Size: 107 bytes
c:\WINDOWS\system32\wcsydrv.exe
Size: 65,536 bytes
c:\WINDOWS\system32\wintgtsv.exe
Size: 65,536 bytes
c:\WINDOWS\system32\drivers\ctfmon.exe
Size: 212,992 bytes
c:\WINDOWS\system32\drivers\PicFormat32.dll
Size: 121,564 bytes
c:\WINDOWS\system32\drivers\PicFormat32.ocx
Size: 36,864 bytes
c:\WINDOWS\system32\drivers\rundll32.exe
Size: 200,704 bytes
c:\WINDOWS\system32\drivers\svchost.exe
Size: 176,128 bytes
Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "msconfig"
Data: C:\WINDOWS\system32\blckx.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Virtual Java"
Data: wintgtsv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Sys Startup"
Data: wintgtsv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Windows start"
Data: explorer.exe wintgtsv.exe
Server
Size: 688,128 bytes
Tested on Windows XP
March 23, 2009If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.