TSPY_AGENT.JAAC
October 08, 2012
PLATFORM:
Windows 2000, XP, Server 2003
OVERALL RISK RATING:
REPORTED INFECTION:
SYSTEM IMPACT RATING:
INFORMATION EXPOSURE:
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Spyware
Destructiveness: No
Encrypted: No
In the wild: Yes
TECHNICAL DETAILS
File Size: 29,696 bytes
File Type: EXE
File Compression: UPX
Memory Resident: Yes
Initial Samples Received Date: 20 Aug 2010
Other System Modifications
This spyware adds the following registry entries:
HKEY_CURRENT_USER\Software\Elwofdd
session = "{random}"
It creates the following registry entry(ies) to bypass Windows Firewall:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path and file name} = "{malware path and file name}:*:Enabled:ipsec"