Home » Virus List
Risk Level 1
File Size : 15127040 KB
File Type : Portable Executable file
File Name








General information:

* File name: C:\Users\vmware\Desktop\malware\5949D6909D63FC4B89D1A2D10E3D7373.exe

Changes to registry :

no change

Changes to filesystem:

* Modifies file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\$I91DG5N.exe
* Modifies file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\$IW4YIZN.exe
* Modifies file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\$R91DG5N.exe
* Modifies file C:\$Recycle.Bin\S-1-5-21-4181251035-1584676081-2777171207-1000\$RW4YIZN.exe
* Modifies file C:\Boot\memtest.exe
* Modifies file C:\bsa\BSA.EXE
* Modifies file C:\bsa\EXEINFO.EXE
* Modifies file C:\bsa\HAPI.EXE
* Modifies file C:\bsa\HEXDIVE.EXE
* Modifies file C:\bsa\LANG\Translator.exe
* Modifies file C:\bsa\MAEC\bsa_to_maec.exe
* Modifies file C:\bsa\MDMP32.EXE
* Modifies file C:\bsa\MDMP64.EXE
* Modifies file C:\bsa\PCAP\NetworkMinerConsole.exe
* Modifies file C:\bsa\PCAP\TCPRECON.EXE
* Modifies file C:\bsa\PCAP\UUDEVIEW.EXE
* Modifies file C:\bsa\PEID.EXE
* Modifies file C:\bsa\R3S32.EXE
* Modifies file C:\bsa\R3S64.EXE
* Modifies file C:\bsa\SIGNSRCH.EXE
* Creates file C:\Users\vmware\AppData\Local\Temp\5949D6909D63FC4B89D1A2D10E3D7373.exe
* Creates file (empty) C:\Users\vmware\Desktop\malware\pi_rec.txt

Network services:

* Queries DNS "safebrowsing.google.com".
* Queries DNS "wpad.localdomain".
* Queries DNS "safebrowsing-cache.google.com".
* Queries DNS "dns.msftncsi.com".
* Queries DNS "clients4.google.com".
* Downloads file from "ip-api.com/json".
* Downloads file from "khit.cn/soft/azbconfig.ini".
* Downloads file from "khit.cn/soft/kp1configuration.ini".
* Downloads file from "xmp.down.sandai.net/kankan/OnlineInstaller-SIjhaqws37.exe".
* Downloads file from "bos.nj.bpc.baidu.com/v1/baiduplayer/player/BaiduPlayer5SetupSilent_405.exe".

Process/window/string information:

* Checks for debuggers.
* Enumerates running processes.
* Sleeps 53 seconds.

Additional Information:

How To Remove 5949d6909d63fc4b89d1a2d10e3d7373.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 5949d6909d63fc4b89d1a2d10e3d7373.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.