Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 35840 KB
File Type : Portable Executable file
File Name

6d3bd40dd6882d6c1a2225e340cf18f0.exe

MD5

6d3bd40dd6882d6c1a2225e340cf18f0

SHA1

e0791995b15f00e888c6754283e49eea661696b4

SHA256

64b11bc1e71bfd680bc9a094e4290a496fe252174625d804cb

General information:

* File name: C:\Users\vmware\Desktop\malware\6d3bd40dd6882d6c1a2225e340cf18f0.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d830145d-1c80-11e6-b8aa-806e6f6e6963}
old value empty
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "6d3bd40dd6882d6c1a2225e340cf18f0.exe=6d3bd40dd6882d6c1a2225e340cf18f0.exe" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\vmware\Desktop\malware
binary data=360064003300620064003400300064006400360038003800320064003600630031006100320032003200350065003300340030006300660031003800660030002E006500780065000000
* Creates value "cmd.exe=Windows Command Processor" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32
binary data=570069006E0064006F0077007300200043006F006D006D0061006E0064002000500072006F0063006500730073006F0072000000
* Creates value "tasklist.exe=Lists the current running tasks" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32
binary data=4C00690073007400730020007400680065002000630075007200720065006E0074002000720075006E006E0069006E00670020007400610073006B0073000000

Changes to filesystem:

* Modifies file (empty) C:\Users\vmware\Desktop\malware\6d3bd40dd6882d6c1a2225e340cf18f0.exe

Network services:

* Queries DNS "time.windows.com".
* Queries DNS "dns.msftncsi.com".

Process/window/string information:

* Gets user name information.
* Gets system default language ID.
* Gets volume information.
* Gets computer name.
* Checks for debuggers.
* Opens a service named "AudioSrv".
* Creates a mutex "Local\MidiMapper_modLongMessage_RefCnt".
* Anti-Malware Analyzer routine: Sandboxie detection.
* Anti-Malware Analyzer routine: WinDbg detection.
* Creates process "C:\Windows\System32\cmd.exe, "C:\Windows\System32\cmd.exe" /c tasklist&&del 6d3bd40dd6882d6c1a2225e340cf18f0.exe, C:\Users\vmware\Desktop\malware".
* Injects code into process "C:\Windows\System32\cmd.exe".
* Creates process "C:\Windows\system32\tasklist.exe, tasklist, C:\Users\vmware\Desktop\malware".
* Injects code into process "C:\Windows\System32\tasklist.exe".
* Enables privilege SeDebugPrivilege.
* Enumerates running processes.
* Enables process privileges.
* Sleeps 60 seconds.

Additional Information:

How To Remove 6d3bd40dd6882d6c1a2225e340cf18f0.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 6d3bd40dd6882d6c1a2225e340cf18f0.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top