Home » Virus List
Backdoor.Agent
Risk Level 1
 
File Size : 353792 KB
File Type : Portable Executable 32
File Name

7C7EFB8EFBDE7096B9E0ADC9E72F22D0.vir

MD5

7c7efb8efbde7096b9e0adc9e72f22d0

SHA1

fa8779d8268ba69dba668b6a9813bc4974b27930

SHA256

70ce7ece6a26652b83c78b833049a28be7b8f6cf3b311c216b

General information:

* File name: C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\7c7efb8efbde7096b9e0adc9e72f22d0.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{c9d04f3b-1c7e-11e6-979c-806e6f6e6963}
old value empty
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000

Changes to filesystem:

* No changes

Network services:

* Queries DNS "www.virustotal.com".
* Queries DNS "ssl.google-analytics.com".
* Queries DNS "stats.g.doubleclick.net".
* Queries DNS "clients2.google.com".
* Queries DNS "www.google.co.in".
* Queries DNS "apis.google.com".
* Queries DNS "ssl.gstatic.com".
* Queries DNS "www.google.com".
* Queries DNS "www.gstatic.com".
* Queries DNS "id.google.co.in".
* Queries DNS "www.microsoft.com".
* Queries DNS "safebrowsing.google.com".
* Queries DNS "m.webtrends.com".
* Queries DNS "microsoft.qualtrics.com".
* Queries DNS "ssl.microsofttranslator.com".
* Queries DNS "c1.microsoft.com".
* Queries DNS "c.microsoft.com".
* Queries DNS "jfe-cdn.qualtrics.com".
* Queries DNS "c.bing.com".
* Queries DNS "clients1.google.com".
* Queries DNS "vortex.data.microsoft.com".
* Queries DNS "zn0cjgsju6439lcsd-microsoft.siteintercept.qualtrics.com".
* Queries DNS "api.microsofttranslator.com".
* Queries DNS "ssl.bing.com".

Process/window/string information:

* Contains string Detected Anti-Malware Analyzer routine: Anubis detection ("76487-337-8429955-22614")
* Contains string Detected Anti-Malware Analyzer routine: CWSandbox detection ("76487-644-3177037-23510")
* Contains string Detected Anti-Malware Analyzer routine: JoeBox detection ("55274-640-2673064-23950")
* Contains string Detected Anti-Malware Analyzer routine: Sandboxie detection ("SbieDll.dll")
* Contains string Detected Anti-Malware Analyzer routine: VirtualBox detection ("VBoxService")
* Contains string Detected Anti-Malware Analyzer routine: WinDbg detection ("dbghelp.dll")
* Contains string Traces of AutoStart registry key ("Software\Microsoft\Windows\CurrentVersion\Run")
* Contains string Traces of dial-up connection stealer trojan ("L$_RasDefaultCredentials")
* Contains string Detected Anti-Malware Analyzer routine: Norman Sandbox detection ("CurrentUser")

Additional Information:

How To Remove 7C7EFB8EFBDE7096B9E0ADC9E72F22D0.vir

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 7C7EFB8EFBDE7096B9E0ADC9E72F22D0.vir located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top