Home » Virus List
Worm.Generic
Risk Level 1
 
File Size : 70721 KB
File Type : Portable Executable file
File Name

02bc4852fe7c03ce3b81780a8cb19600.exe

MD5

02bc4852fe7c03ce3b81780a8cb19600

SHA1

29c60c1078ad6ac8da50f653513f37ee588eff7a

SHA256

d564b1ed54d23b01cbd729f7b00c60af20ba8c92825eae5451

General information:

* File name: C:\Users\vmware\Desktop\malware\02bc4852fe7c03ce3b81780a8cb19600.exe

Changes to registry :

* Modifies value "load=C:\Windows\rundl132.exe" in key HKEY_CURRENT_USER\software\Microsoft\Windows NT\CurrentVersion\Windows
binary data=43003A005C00570069006E0064006F00770073005C00720075006E0064006C003100330032002E006500780065000000
old value "load=0000"
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "net.exe=Net Command" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32
binary data=4E0065007400200043006F006D006D0061006E0064000000
* Creates value "net1.exe=Net Command" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32
binary data=4E0065007400200043006F006D006D0061006E0064000000
* Creates value "Logo1_.exe=Logo1_.exe" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\drive\C\Windows
binary data=4C006F0067006F0031005F002E006500780065000000
* Creates value "cmd.exe=Windows Command Processor" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\system32
binary data=570069006E0064006F0077007300200043006F006D006D0061006E0064002000500072006F0063006500730073006F0072000000

Changes to filesystem:

* Creates file C:\Windows\Dll.dll
* Creates file C:\Windows\Logo1_.exe
* Creates file C:\Windows\rundl132.exe
* Creates file (empty) C:\Users\vmware\AppData\Local\Temp\$$aEF51.tmp
* Modifies file C:\Users\vmware\Desktop\malware\02bc4852fe7c03ce3b81780a8cb19600.exe

Network services:

no change

Process/window/string information:

* Gets volume information.
* Checks for debuggers.
* Enumerates running processes.
* Creates process "null, net stop "Kingsoft AntiVirus Service", null".
* Injects code into process "C:\Windows\System32\net.exe".
* Creates process "null, C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service", null".
* Injects code into process "C:\Windows\System32\net1.exe".
* Opens a service named "KINGSOFT ANTIVIRUS SERVICE".
* Creates process "null, C:\Users\vmware\AppData\Local\Temp\$$aEF51.bat, C:\Users\vmware\Desktop\malware\".
* Injects code into process "C:\Windows\System32\cmd.exe".
* Creates process "null, C:\Windows\Logo1_.exe, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\drive\C\Windows\Logo1_.exe".
* Creates process "C:\Users\vmware\Desktop\malware\02bc4852fe7c03ce3b81780a8cb19600.exe, "C:\Users\vmware\Desktop\malware\02bc4852fe7c03ce3b81780a8cb19600.exe", C:\Users\vmware\Desktop\malware".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\02bc4852fe7c03ce3b81780a8cb19600.exe".
* Sleeps 33 seconds.

Additional Information:

How To Remove 02bc4852fe7c03ce3b81780a8cb19600.exe

1.Download Antivirus for windows PC
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 02bc4852fe7c03ce3b81780a8cb19600.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top