Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 103140 KB
File Type : Portable Executable file
File Name

a1d14691cec7230faebe7693463603c0.exe

MD5

a1d14691cec7230faebe7693463603c0

SHA1

fcc4e94fef9ad12f174bd269407a2157fd5d1880

SHA256

a16b8946b2f2552710c58b39d7057e8c3a0be4fcda441dce0b

General information:

* File name: C:\Users\vmware\Desktop\malware\a1d14691cec7230faebe7693463603c0.exe

Changes to registry :

* Modifies value "AntiVirusOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
old value empty
* Creates value "AntiVirusDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Creates value "FirewallDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Modifies value "FirewallOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
old value empty
* Creates value "UpdatesDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Creates value "UacDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps

Changes to filesystem:

* Modifies file C:\Users\vmware\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
* Modifies file C:\Users\vmware\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
* Modifies file C:\Users\vmware\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
* Modifies file C:\Users\vmware\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Network services:

no change

Process/window/string information:

* Gets computer name.
* Checks for debuggers.
* Creates process "null, "C:\Windows\explorer.exe" "C:", null".
* Injects code into process "C:\Windows\explorer.exe".
* Enumerates running processes.
* Sleeps 849 seconds.

Additional Information:

How To Remove a1d14691cec7230faebe7693463603c0.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where a1d14691cec7230faebe7693463603c0.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top