Home » Virus List
Trojan.Win32.Generic
Risk Level 1
 
File Size : 2060579 KB
File Type : Portable Executable file
File Name

68df38b654f79ac7355c5d0d2f909138.exe

MD5

68df38b654f79ac7355c5d0d2f909138

SHA1

e8db33d330e4af505131be33e41ce7684e88a7dd

SHA256

5aff6c65cd2f10cf7def684d51e195428d2d5864f2df3df64c

General information:

* File name: C:\Users\vmware\Desktop\malware\Virus.Win32.Sality.exe

Changes to registry :

* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "Virus.Win32.Sality.exe=Virus.Win32.Sality.exe" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\vmware\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E00530061006C006900740079002E006500780065000000
* Creates value "Virus.Win32.Sality.~01=Macromedia Flash Player 6.0 r21" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=4D006100630072006F006D006500640069006100200046006C00610073006800200050006C006100790065007200200036002E003000200020007200320031000000

Changes to filesystem:

* Modifies file C:\Boot\memtest.exe
* Modifies file C:\bsa\BSA.EXE
* Modifies file C:\bsa\EXEINFO.EXE
* Modifies file C:\bsa\HAPI.EXE
* Modifies file C:\bsa\LANG\Translator.exe
* Modifies file C:\bsa\MAEC\bsa_to_maec.exe
* Modifies file C:\bsa\MDMP32.EXE
* Modifies file C:\bsa\MDMP64.EXE
* Modifies file C:\bsa\PCAP\UUDEVIEW.EXE
* Creates file (hidden) C:\Users\vmware\Desktop\malware\Virus.Win32.Sality.~01

Network services:

no change

Process/window/string information:

* Keylogger functionality.
* Checks for debuggers.
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Sality.~01, C:\Users\vmware\Desktop\malware\".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Sality.~01".
* Opens a service named "AudioSrv".
* Creates a mutex "Local\MidiMapper_modLongMessage_RefCnt".
* Sleeps 419 seconds.

Additional Information:

How To Remove 68df38b654f79ac7355c5d0d2f909138.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 68df38b654f79ac7355c5d0d2f909138.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top