Home » Virus List
InfoStealer.LusyPOS
Risk Level 1
 
File Size : 2817024 KB
File Type : Portable Executable file
File Name

6b13b3131c569ef5a6c596e6acef4046.exe

MD5

6b13b3131c569ef5a6c596e6acef4046

SHA1

8e7c4fde2db2cffd456ff8c3208e163ff80f2a04

SHA256

8d2a4462332466962f8902765e2eabd79fbb6b61838967aef6

General information:

6b13b3131c569ef5a6c596e6acef4046.exe

Changes to registry :

* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\6B13B3131C569EF5A6C596E6ACEF4046_RASAPI32
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\6B13B3131C569EF5A6C596E6ACEF4046_RASAPI32
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\6B13B3131C569EF5A6C596E6ACEF4046_RASAPI32
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\6B13B3131C569EF5A6C596E6ACEF4046_RASAPI32
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\6B13B3131C569EF5A6C596E6ACEF4046_RASMANCS
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\6B13B3131C569EF5A6C596E6ACEF4046_RASMANCS
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\6B13B3131C569EF5A6C596E6ACEF4046_RASMANCS
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\6B13B3131C569EF5A6C596E6ACEF4046_RASMANCS
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "csrss=C:\Arquivos de programas\WindowsUpdate.scr" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
binary data=43003A005C004100720071007500690076006F0073002000640065002000700072006F006700720061006D00610073005C00570069006E0064006F00770073005500700064006100740065002E007300630072000000
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps

Changes to filesystem:

* Creates file (empty) C:\Windows\system32OpenGL.dat

Network services:

* Looks for an Internet connection.
* Queries DNS "ftp.t35.com".
* Downloads file from "www.lmok123.com/kills.txt".
* Downloads file from "easycf.51.net/kills.txt".
* Downloads file from "58.49.58.20/kills.txt".

Process/window/string information:

* Gets user name information.
* Gets input locale identifiers.
* Gets computer name.
* Checks for debuggers.
* Opens a service named "rasman".
* Opens a service named "Sens".
* Creates process "null, IExplore WWW_GetWindowInfo, null".

Additional Information:

How To Remove 6b13b3131c569ef5a6c596e6acef4046.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 6b13b3131c569ef5a6c596e6acef4046.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top