Home » Virus List
Trojan.Win32.Downloader
Risk Level 1
 
File Size : 2491496 KB
File Type : Portable Executable file Win32 EXE
File Name

2.exe

MD5

963595831515e24a27c1ef5fd6cf8212

SHA1

2030c518375b7310588b9135c2675f33abb812a9

SHA256

fe45946cd625fbf5f0173a8d011c0c61038464ae7d0efbd15c

General information:

* File name: C:\Users\Cognus\Desktop\report\4\2.exe

Changes to registry :

* Creates value "2.exe=32000000" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Cognus\Desktop\report\4

Changes to filesystem:

Creates file C:\Users\Cognus\AppData\Local\Temp\PSE20\963595831515e24a27c1ef5fd6cf8212\php.ini

Network services:

* Queries DNS "clients4.google.com".
* Queries DNS "5.dr-in.skype-cr.akadns.net".
* Queries DNS "3.dr-in.skype-cr.akadns.net".
* Queries DNS "7.dr-in.skype-cr.akadns.net".
* Queries DNS "resolver2.qheal.ctmail.com".
* Queries DNS "safebrowsing.google.com".
* Queries DNS "safebrowsing-cache.google.com".
* Queries DNS "webres2.qheal.ctmail.com".
* Queries DNS "resolver4.qheal.ctmail.com".
* Queries DNS "resolver5.qheal.ctmail.com".
* Queries DNS "webres1.qheal.ctmail.com".
* Queries DNS "webres3.qheal.ctmail.com".
* Queries DNS "webres4.qheal.ctmail.com".
* Queries DNS "webres5.qheal.ctmail.com".
* Queries DNS "resolver1.qheal.ctmail.com".
* Queries DNS "1.dr-in.skype-cr.akadns.net".
* Queries DNS "4.dr-in.skype-cr.akadns.net".
* Queries DNS "www.virustotal.com".
* Queries DNS "ssl.google-analytics.com".
* Queries DNS "stats.g.doubleclick.net".
* Queries DNS "chart.googleapis.com".
* Queries DNS "teredo.ipv6.microsoft.com".
* Downloads file from "www.adobe.com/support/loganalyzer".
* Downloads file from "www.adobe.com/favicon.ico".

Process/window/string information:

* Gets input locale identifiers.
* Checks for debuggers.
* Registers a hotkey.

Additional Information:

How To Remove 2.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 2.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top