X-Agent 3.0 Pro

X-Agent 3.0 Pro
(Trojan-Spy.Win32.VB.tp)
(Trojan-Spy.Win32.Agent.byc)
(Trojan-Spy.Win32.Ardamax.e)
(not-a-virus:PSWTool.Win32.MailPassView.q)
(not-a-virus:PSWTool.Win32.Messen.106)
(not-a-virus:PSWTool.Win32.PassView.bj)
(Trojan-Spy.Win32.VB.tp)
(not-a-virus:Monitor.Win32.Ardamax.dc)
(Trojan-Spy.Win32.Ardamax.w)
(not-a-virus:Monitor.Win32.Ardamax.271)
(Trojan-Spy.Win32.Ardamax.u)
(Backdoor.Win32.Delf.nrv)
(Trojan.Win32.Agent.wi)

by UmmU

Released in January 2009

Made in Turkey

more versions





Constructor:
Dropped Files:
c:\Documents and Settings\Kobayashi\Local Settings\Temp\Install.exe 
Size: 490,803 bytes 

c:\Documents and Settings\Kobayashi\Local Settings\Temp\Keylogger-MEGASECURITY.txt 

c:\Documents and Settings\Kobayashi\Local Settings\Temp\mail.exe 
Size: 46,080 bytes 

c:\Documents and Settings\Kobayashi\Local Settings\Temp\mail.txt 

c:\Documents and Settings\Kobayashi\Local Settings\Temp\msn.exe 
Size: 44,544 bytes 

c:\Documents and Settings\Kobayashi\Local Settings\Temp\msn.txt 

c:\Documents and Settings\Kobayashi\Local Settings\Temp\pspv.exe 
Size: 52,736 bytes 

c:\Documents and Settings\Kobayashi\Local Settings\Temp\pspv.txt 

c:\Documents and Settings\Kobayashi\Local Settings\Temp\server.exe 
Size: 664,055 bytes 

c:\Documents and Settings\Kobayashi\Local Settings\Temp\X-Agent 3.0.exe 
Size: 2,349,056 bytes 

c:\WINDOWS\system32AKV.exe 
Size: 402,944 bytes 

c:\WINDOWS\system32YDWB.001 
Size: 512 bytes
 
c:\WINDOWS\system32YDWB.006 
Size: 7,680 bytes 

c:\WINDOWS\system32YDWB.007 
Size: 5,632 bytes 

c:\WINDOWS\system32YDWB.exe 
Size: 482,816 bytes 

c:\WINDOWS\system32\1298.ftp 
Date: 3/23/2009 1:42 PM 
Size: 15 bytes 

c:\WINDOWS\system32\1298.pass 
Date: 3/23/2009 1:42 PM 
Size: 6 bytes 

c:\WINDOWS\system32\1298.usr 
Date: 3/23/2009 1:42 PM 
Size: 10 bytes 

c:\WINDOWS\system32\blckx.exe 
Date: 3/23/2009 1:43 PM 
Size: 618,496 bytes 

c:\WINDOWS\system32\ftdutil.exe 
Size: 65,536 bytes 

c:\WINDOWS\system32\ip.php 
Date: 3/23/2009 1:43 PM 
Size: 40 bytes 

c:\WINDOWS\system32\ntvxdc.exe 
Size: 65,536 bytes 

c:\WINDOWS\system32\viclgkc.dll 
Size: 107 bytes 

c:\WINDOWS\system32\wcsydrv.exe 
Size: 65,536 bytes 

c:\WINDOWS\system32\wintgtsv.exe 
Size: 65,536 bytes 

c:\WINDOWS\system32\drivers\ctfmon.exe 
Size: 212,992 bytes 

c:\WINDOWS\system32\drivers\PicFormat32.dll 
Size: 121,564 bytes 

c:\WINDOWS\system32\drivers\PicFormat32.ocx 
Size: 36,864 bytes
 
c:\WINDOWS\system32\drivers\rundll32.exe 
Size: 200,704 bytes 

c:\WINDOWS\system32\drivers\svchost.exe 
Size: 176,128 bytes 


Added to Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "msconfig" 
Data: C:\WINDOWS\system32\blckx.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Virtual Java" 
Data: wintgtsv.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Sys Startup" 
Data: wintgtsv.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Windows start" 
Data: explorer.exe wintgtsv.exe 





Server
Size: 688,128 bytes

		

Tested on Windows XP
March 23, 2009

MegaSecurity