Trojan.Agent.BE

By CagedTech in Trojans

Threat Scorecard

Threat Level:	80 % (High)
Infected Computers:	39

First Seen:	March 14, 2011
Last Seen:	October 16, 2020
OS(es) Affected:	Windows

Table of Contents

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Panda	Trj/CI.A
AVG	Agent2.AQAW
Fortinet	W32/Agent.DRDV!tr
Sunbelt	Trojan.Win32.Agent
AhnLab-V3	Win-Trojan/Inject.39936.AR
a-squared	Trojan.Win32.Agent!IK
Antiy-AVL	Trojan/Win32.Agent.gen
eTrust-Vet	Win32/Fraud.C!packed
Sophos	Mal/EncPk-PM
McAfee-GW-Edition	Artemis!77C4F3BF5EB0
AntiVir	TR/Agent.drdv
Comodo	TrojWare.Win32.Trojan.Agent.Gen
Kaspersky	Trojan.Win32.Agent.drdv
Avast	Win32:Agent-AJZK
F-Prot	W32/Agent.IUF

File System Details

Trojan.Agent.BE may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	svchost.exe:ext.exe	d6e3fa52712dddf51d74bf587d2d95e1	2
Name: svchost.exe:ext.exe MD5: d6e3fa52712dddf51d74bf587d2d95e1 Size: 40.44 KB (40448 bytes) Detections: 2 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: March 14, 2011
2.	svchost.exe:exe.exe	77c4f3bf5eb0187de7812c31444d0bbf	2
Name: svchost.exe:exe.exe MD5: 77c4f3bf5eb0187de7812c31444d0bbf Size: 39.93 KB (39936 bytes) Detections: 2 Type: Executable File Path: %WINDIR%\system32 Group: Malware file Last Updated: May 16, 2011

Analysis Report

General information

Family Name:	Trojan.Downloader.Agent.BE
Signature status:	No Signature

Known Samples

MD5: a428ff94ad27374a9c1db3875e870350

SHA1: dd07156ff8c553d7d95f08ff9e72c390fd3df58f

SHA256: 8495E3103958A133DB940B33D45E796782EBDF1BDEF7997BBACBB7A36BAF1421

File Size: 81.92 KB, 81920 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

File Traits

WriteProcessMemory
x86

Block Information

Total Blocks:	4
Potentially Malicious Blocks:	4
Whitelisted Blocks:	0
Unknown Blocks:	0

Visual Map

x x x x

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Downloader.Agent.BE

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\baw.cab	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\dd07156ff8c553d7d95f08ff9e72c390fd3df58f_000008.rtf	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\jigi	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\program files (x86)\windows nt\accessories\wordpad.exe.friendlyappname	WordPad	RegNtPreCreateKey
HKCU\local settings\software\microsoft\windows\shell\muicache::c:\program files (x86)\windows nt\accessories\wordpad.exe.applicationcompany	Microsoft Corporation	RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::wrap		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::showstatusbar		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::showruler		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::units		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::maximized		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::framerect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::pagemargin	܈֠܈֠	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::printpagenum		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\applets\wordpad\options::defaultformat		RegNtPreCreateKey

Windows API Usage

Category	API
Other Suspicious	SetWindowsHookEx

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Agent.BE

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

File System Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Downloader.Parshell

Trojan.Wintrim.gen!J

Jimmy Kimmel is the Most Risky Celebrity to Search...

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Is Stuck on Gray Screen

Discord Shows Black Screen when Sharing Screen