Home » Virus List
Trojan.Win32.Generic
Risk Level 1
 
File Size : 1823289 KB
File Type : Portable Executable file
File Name

360Safe.exe

MD5

ed93e401437c9343faf45da2dde0ee62

SHA1

696928f25c822f6f32c0e3ad727d6391eb6596f5

SHA256

f9bea4f6d5cbedc530614f68fc7f2dd07d94f0fb125213058a

General information:

* File name: C:\Users\vmware\Desktop\malware\360Safe.EXE

Changes to registry :

no change

Changes to filesystem:

* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_360Safe.EXE_349f4b42934595e2516a68d14ac11c759ff023e2_cab_0f2b7582\Report.wer
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_360Safe.EXE_349f4b42934595e2516a68d14ac11c759ff023e2_cab_0f2b7582\WER6972.tmp.appcompat.txt
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_360Safe.EXE_349f4b42934595e2516a68d14ac11c759ff023e2_cab_0f2b7582\WER6A7C.tmp.WERInternalMetadata.xml
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_360Safe.EXE_349f4b42934595e2516a68d14ac11c759ff023e2_cab_0f2b7582\WER6AEA.tmp.hdmp
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_360Safe.EXE_349f4b42934595e2516a68d14ac11c759ff023e2_cab_0f2b7582\WER71ED.tmp.mdmp
* Creates file C:\Users\vmware\AppData\Local\CrashDumps\360Safe.EXE.3332.dmp

Network services:

no change

Process/window/string information:

* Checks for debuggers.
* Creates process "C:\Windows\system32\WerFault.exe, C:\Windows\system32\WerFault.exe -u -p 3332 -s 224, C:\Windows\system32".
* Injects code into process "C:\Windows\System32\WerFault.exe".
* Enumerates running processes.
* Creates a mutex "Local\WERReportingForProcess3332".
* Enables privilege SeDebugPrivilege.
* Creates a mutex "Global\3470a2bf-232c-11e6-95ac-000c29164906".
* Enables privilege SeShutdownPrivilege.
* Enables process privileges.
* Contains string Traces of AutoStart registry key ("Software\Microsoft\Windows\CurrentVersion\Run")
* Contains string Checked for 360 security software presence ("360HOTFIX.EXE")
* Contains string Checked for 360 security software presence ("360RPT.EXE")
* Contains string Checked for 360 security software presence ("360SAFE.EXE")
* Contains string Checked for 360 security software presence ("360SAFEBOX.EXE")
* Contains string Checked for 360 security software presence ("360TRAY.EXE")
* Contains string Checked for 360 security software presence ("ANTIARP.EXE")
* Contains string Checked for Kaspersky security software presence ("AVP.EXE")
* Contains string Checked for 360 security software presence ("BOXMOD.EXE")
* Contains string Checked for Kaspersky security software presence ("KAV.EXE")
* Contains string Checked for Jianming security software presence ("KVXP.KXP")
* Contains string Checked for McAfee security software presence ("MCAFEE")
* Contains string Checked for Trend Micro security software presence ("NTRTSCAN")
* Contains string Checked for registry software presence ("REGEDIT.EXE")
* Contains string Checked for 360 Security software presence ("SAFEBOXTRAY.EXE")

Additional Information:

How To Remove 360Safe.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 360Safe.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top