Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 103140 KB
File Type : Portable Executable file
File Name

a1d1989ce3e59415e0a69194a3f1a280.exe

MD5

a1d1989ce3e59415e0a69194a3f1a280

SHA1

da19722f0d5877d5926bcf9589cbfebdc56605d3

SHA256

59ee9b156f39098a32de6397824fcfdc470fc7b541f90c970c

General information:

* File name: C:\Users\vmware\Desktop\malware\a1d1989ce3e59415e0a69194a3f1a280.exe

Changes to registry :

* Creates value "AntiVirusOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "AntiVirusDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "FirewallDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "FirewallOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "UpdatesDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Creates value "UacDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center
* Modifies value "AntiVirusOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
old value empty
* Creates value "AntiVirusDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Creates value "FirewallDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Modifies value "FirewallOverride=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
old value empty
* Creates value "UpdatesDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Creates value "UacDisableNotify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Security Center\Svc
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Empties value "EnableLUA" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\policies\system
old value "EnableLUA=00000001"
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates value "StoreLocation=C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_explorer.exe_4d6e19152b12392d12eab687ab4dc607ee6363_cab_166254b4" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00550073006500720073005C0076006D0077006100720065005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C004E006F006E0043007200690074006900630061006C005F006500780070006C006F007200650072002E006500780065005F00340064003600650031003900310035003200620031003200330039003200640031003200650061006200360038003700610062003400640063003600300037006500650036003300360033005F006300610062005F00310036003600320035003400620034000000
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Empties value "EnableFirewall" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
old value "EnableFirewall=00000001"
* Modifies value "DisableNotifications=00000001" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
old value empty
* Creates value "v1_0=4831DF62" in key HKEY_CURRENT_USER\software\Ajnqgf
* Creates value "v2_0=00001B5D" in key HKEY_CURRENT_USER\software\Ajnqgf
* Creates value "v3_0=01036A29" in key HKEY_CURRENT_USER\software\Ajnqgf
* Creates value "1635216758=00000082" in key HKEY_CURRENT_USER\software\Ajnqgf\-317950876
* Creates value "-2049067560=00000023" in key HKEY_CURRENT_USER\software\Ajnqgf\-317950876
* Creates value "-413850802=000001E5" in key HKEY_CURRENT_USER\software\Ajnqgf\-317950876
* Creates value "1221365956=0D00687474703A2F2F616273757264697374616E2E756E61732E637A2F78732E6A706700687474703A2F2F636F6D6D756E697479726573706F6E64616C61726D2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F616369626164656D696E736161742E636F6D2F78732E6A706700687474703A2F2F6E6967687477617463686F6E6C696E652E636F6D2F696D616765732F732E6A706700687474703A2F2F65647567756964652E61652F696D616765732F78732E6A706700687474703A2F2F7069706C2E6F72672E696E2F696D616765732F6C6F676F662E67696600687474703A2F2F61636D2D696E666F2E636F2E6D612F696D616765732F78732E6A706700687474703A2F2F726973616272756E6F2E636F6D2E62722F6C6F676F662E67696600687474703A2F2F61646979616D616E6C696369676B6F66746563696D2E636F6D2F696D616765732F78732E6A706700687474703A2F2F7777772E61616E7368756D616E2E636F6D2F696D616765732F732E6A706700687474703A2F2F6D61786F7265677970742E636F6D2F696D616765732F6C6F676F662E67696600687474703A2F2F65747261756D2E636F6D2F696D616765732F732E6A706700687474703A2F2F36382E3136382E3232322E3230362F6C6F676F732E676966" in key HKEY_CURRENT_USER\software\Ajnqgf\-317950876
binary data=300044003000300036003800370034003700340037003000330041003200460032004600360031003600320037003300370035003700320036003400360039003700330037003400360031003600450032004500370035003600450036003100370033003200450036003300370041003200460037003800370033003200450036004100370030003600370030003000360038003700340037003400370030003300410032004600320046003600330036004600360044003600440037003500360045003600390037003400370039003700320036003500370033003700300036004600360045003600340036003100360043003600310037003200360044003200450036003300360046003600440032004600360039003600440036003100360037003600350037003300320046003600430036004600360037003600460032004500360037003600390036003600300030003600380037003400370034003700300033004100320046003200460036003100360033003600390036003200360031003600340036003500360044003600390036004500370033003600310036003100370034003200450036003300360046003600440032004600370038003700330032004500360041003700300036003700300030003600380037003400370034003700300033004100320046003200460036004500360039003600370036003800370034003700370036003100370034003600330036003800360046003600450036004300360039003600450036003500320045003600330036004600360044003200460036003900360044003600310036003700360035003700330032004600370033003200450036004100370030003600370030003000360038003700340037003400370030003300410032004600320046003600350036003400370035003600370037003500360039003600340036003500320045003600310036003500320046003600390036004400360031003600370036003500370033003200460037003800370033003200450036004100370030003600370030003000360038003700340037003400370030003300410032004600320046003700300036003900370030003600430032004500360046003700320036003700320045003600390036004500320046003600390036004400360031003600370036003500370033003200460036004300360046003600370036004600360036003200450036003700360039003600360030003000360038003700340037003400370030003300410032004600320046003600310036003300360044003200440036003900360045003600360036004600320045003600330036004600320045003600440036003100320046003600390036004400360031003600370036003500370033003200460037003800370033003200450036004100370030003600370030003000360038003700340037003400370030003300410032004600320046003700320036003900370033003600310036003200370032003700350036004500360046003200450036003300360046003600440032004500360032003700320032004600360043003600460036003700360046003600360032004500360037003600390036003600300030003600380037003400370034003700300033004100320046003200460036003100360034003600390037003900360031003600440036003100360045003600430036003900360033003600390036003700360042003600460036003600370034003600350036003300360039003600440032004500360033003600460036004400320046003600390036004400360031003600370036003500370033003200460037003800370033003200450036004100370030003600370030003000360038003700340037003400370030003300410032004600320046003700370037003700370037003200450036003100360031003600450037003300360038003700350036004400360031003600450032004500360033003600460036004400320046003600390036004400360031003600370036003500370033003200460037003300320045003600410037003000360037003000300036003800370034003700340037003000330041003200460032004600360044003600310037003800360046003700320036003500360037003700390037003000370034003200450036003300360046003600440032004600360039003600440036003100360037003600350037003300320046003600430036004600360037003600460036003600320045003600370036003900360036003000300036003800370034003700340037003000330041003200460032004600360035003700340037003200360031003700350036004400320045003600330036004600360044003200460036003900360044003600310036003700360035003700330032004600370033003200450036004100370030003600370030003000360038003700340037003400370030003300410032004600320046003300360033003800320045003300310033003600330038003200450033003200330032003300320032004500330032003300300033003600320046003600430036004600360037003600460037003300320045003600370036003900360036000000
* Creates value "-1438384582=4F7D820B432F26FEC78339B723FD1BE48E844F898DB33C8628BF961D1FE34A2DDA61339CFAB4653A8540A21159436F3E050E0D5733FBA12C751F6F75BCED727A627777851ADDE6FC4641F1F705AA46F283F829042ADAB8F154B6418FC0E2FF812CF7DB6F97F16B0DB03D5A0E63B243FD868CDB3B12A4382F091F9599D98DF81C" in key HKEY_CURRENT_USER\software\Ajnqgf\-317950876
binary data=34004600370044003800320030004200340033003200460032003600460045004300370038003300330039004200370032003300460044003100420045003400380045003800340034004600380039003800440042003300330043003800360032003800420046003900360031004400310046004500330034004100320044004400410036003100330033003900430046004100420034003600350033004100380035003400300041003200310031003500390034003300360046003300450030003500300045003000440035003700330033004600420041003100320043003700350031004600360046003700350042004300450044003700320037004100360032003700370037003700380035003100410044004400450036004600430034003600340031004600310046003700300035004100410034003600460032003800330046003800320039003000340032004100440041004200380046003100350034004200360034003100380046004300300045003200460046003800310032004300460037004400420036004600390037004600310036004200300044004200300033004400350041003000450036003300420032003400330046004400380036003800430044004200330042003100320041003400330038003200460030003900310046003900350039003900440039003800440046003800310043000000
* Creates value "ShellViewReentered=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d830145d-1c80-11e6-b8aa-806e6f6e6963}
old value empty
* Creates value "DisableTaskMgr=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\policies\system
* Creates value "DisableRegistryTools=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\policies\system
* Creates value "StoreLocation=C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_explorer.exe_4d6e19152b12392d12eab687ab4dc607ee6363_cab_166254b4" in key HKEY_CURRENT_USER\software\Microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00550073006500720073005C0076006D0077006100720065005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C004E006F006E0043007200690074006900630061006C005F006500780070006C006F007200650072002E006500780065005F00340064003600650031003900310035003200620031003200330039003200640031003200650061006200360038003700610062003400640063003600300037006500650036003300360033005F006300610062005F00310036003600320035003400620034000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Modifies value "MRUListEx=02000000050000000600000003000000040000000000000001000000FFFFFFFF" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0
old value "MRUListEx=06000000050000000300000004000000000000000200000001000000FFFFFFFF"
* Modifies value "MinPos1596x748x96(1).x=FFFFFFFF" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
old value "MinPos1596x748x96(1).x=FFFF8300"
* Modifies value "MinPos1596x748x96(1).y=FFFFFFFF" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
old value "MinPos1596x748x96(1).y=FFFF8300"
* Modifies value "WinPos1596x748x96(1).left=000000BB" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
old value "WinPos1596x748x96(1).left=FFFFFFF3"
* Modifies value "WinPos1596x748x96(1).top=00000001" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
old value "WinPos1596x748x96(1).top=00000115"
* Modifies value "WinPos1596x748x96(1).right=00000402" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
old value "WinPos1596x748x96(1).right=0000033A"
* Modifies value "WinPos1596x748x96(1).bottom=0000028E" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
old value "WinPos1596x748x96(1).bottom=000003A2"
* Empties value "WFlags" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
old value "WFlags=00000002"
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "explorer.exe=Windows Explorer" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows
binary data=570069006E0064006F007700730020004500780070006C006F007200650072000000

Changes to filesystem:

* Modifies file C:\Windows\SYSTEM.INI
* Modifies file C:\Users\vmware\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
* Modifies file C:\Users\vmware\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
* Modifies file C:\Users\vmware\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
* Modifies file C:\Users\vmware\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_explorer.exe_4d6e19152b12392d12eab687ab4dc607ee6363_cab_166254b4\Report.wer
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_explorer.exe_4d6e19152b12392d12eab687ab4dc607ee6363_cab_166254b4\WER45D6.tmp.mdmp

Network services:

* No changes

Process/window/string information:

* Gets computer name.
* Checks for debuggers.
* Creates process "null, "C:\Windows\explorer.exe" "C:", null".
* Injects code into process "C:\Windows\explorer.exe".
* Enumerates running processes.
* Sleeps 1444 seconds.

Additional Information:

How To Remove a1d1989ce3e59415e0a69194a3f1a280.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where a1d1989ce3e59415e0a69194a3f1a280.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top