Home » Virus List
Trojan.Win32.Generic
Risk Level 1
 
File Size : 15127040 KB
File Type : Portable Executable file
File Name

5949d6909d63fc4b89d1a2d10e3d7373.exe

MD5

5949d6909d63fc4b89d1a2d10e3d7373

SHA1

bbed64ae6fa7b56775cf0c1e0da874fe5f841e88

SHA256

2b78c327547ed25e01b858386027b70857236c5b86ef609821

General information:

* File name: C:\Users\vmware\Desktop\malware\5949D6909D63FC4B89D1A2D10E3D7373.exe

Changes to registry :

no change

Changes to filesystem:

* Modifies file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\$I91DG5N.exe
* Modifies file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\$IW4YIZN.exe
* Modifies file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\$R91DG5N.exe
* Modifies file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\$RW4YIZN.exe
* Modifies file C:\Boot\memtest.exe
* Modifies file C:\bsa\BSA.EXE
* Modifies file C:\bsa\EXEINFO.EXE
* Modifies file C:\bsa\HAPI.EXE
* Modifies file C:\bsa\HEXDIVE.EXE
* Modifies file C:\bsa\LANG\Translator.exe
* Modifies file C:\bsa\MAEC\bsa_to_maec.exe
* Modifies file C:\bsa\MDMP32.EXE
* Modifies file C:\bsa\MDMP64.EXE
* Modifies file C:\bsa\PCAP\NetworkMinerConsole.exe
* Modifies file C:\bsa\PCAP\TCPRECON.EXE
* Modifies file C:\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\bsa\PEID.EXE
* Modifies file C:\bsa\R3S32.EXE
* Modifies file C:\bsa\R3S64.EXE
* Modifies file C:\bsa\SIGNSRCH.EXE
* Creates file C:\Users\vmware\AppData\Local\Temp\5949D6909D63FC4B89D1A2D10E3D7373.exe
* Creates file (empty) C:\Users\vmware\Desktop\malware\pi_rec.txt

Network services:

* Queries DNS "safebrowsing.google.com".
* Queries DNS "wpad.localdomain".
* Queries DNS "safebrowsing-cache.google.com".
* Queries DNS "dns.msftncsi.com".
* Queries DNS "clients4.google.com".
* Downloads file from "ip-api.com/json".
* Downloads file from "khit.cn/soft/azbconfig.ini".
* Downloads file from "khit.cn/soft/kp1configuration.ini".
* Downloads file from "xmp.down.sandai.net/kankan/OnlineInstaller-SIjhaqws37.exe".
* Downloads file from "bos.nj.bpc.baidu.com/v1/baiduplayer/player/BaiduPlayer5SetupSilent_405.exe".

Process/window/string information:

* Checks for debuggers.
* Enumerates running processes.
* Sleeps 53 seconds.

Additional Information:

How To Remove 5949d6909d63fc4b89d1a2d10e3d7373.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 5949d6909d63fc4b89d1a2d10e3d7373.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top