Home » Virus List
Worm.Generic
Risk Level 1
 
File Size : 1029886 KB
File Type : Portable Executable file
File Name

a1cf68c4aff4a07a90af3c8e0f46e760.exe

MD5

a1cf68c4aff4a07a90af3c8e0f46e760

SHA1

6c6021f1ba8e96b31ad0e6897dba19c0e8f97e3a

SHA256

a48407f63b16b0ca51e329d931e3cdde93eaf019b14316e75b

General information:

* File name: C:\Users\vmware\Desktop\malware\a1cf68c4aff4a07a90af3c8e0f46e760.exe

Changes to registry :

no change

Changes to filesystem:

* Modifies file C:\bsa\BSA.EXE
* Modifies file C:\bsa\EXEINFO.EXE
* Modifies file C:\bsa\LANG\Translator.exe
* Modifies file C:\bsa\PEID.EXE
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\ConvertInkStore.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\InkWatson.exe
* Modifies file C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
* Creates file C:\Windows\svchost.exe
* Creates file C:\Users\vmware\AppData\Local\Temp\aff3303.tmp
* Creates file C:\Users\vmware\AppData\Local\Temp\lef3073.tmp
* Modifies file C:\Users\vmware\Desktop\malware\a1cf68c4aff4a07a90af3c8e0f46e760.exe

Network services:

no change

Process/window/string information:

* Gets input locale identifiers.
* Creates process "null, "C:\Windows\svchost.exe" "C:\Users\vmware\Desktop\malware\a1cf68c4aff4a07a90af3c8e0f46e760.exe" , C:\Users\vmware\Desktop\malware".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\drive\C\Windows\svchost.exe".
* Creates process "null, "C:\Users\vmware\Desktop\malware\a1cf68c4aff4a07a90af3c8e0f46e760.exe" , C:\Users\vmware\Desktop\malware".
* Contains string Checked for Microsoft PowerPoint software presence ("POWERPNT.EXE")
* Contains string Checked for The Hacker security software presence ("TH.EXE")
* Sleeps 197 seconds.

Additional Information:

How To Remove a1cf68c4aff4a07a90af3c8e0f46e760.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where a1cf68c4aff4a07a90af3c8e0f46e760.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top