Home » Virus List
Worm.Generic
Risk Level 1
 
File Size : 113110 KB
File Type : Portable Executable file
File Name

a1d45b4e55443962b9e119d7c47563e0

MD5

a1d45b4e55443962b9e119d7c47563e0

SHA1

abd5bd413e2a94066f213533a5e64503de804954

SHA256

097dec29ecbd88c948e4518bbed73fea6ba6a4a19d21efeecd

General information:

* File name: C:\Users\vmware\Desktop\malware\a1d45b4e55443962b9e119d7c47563e0.exe

Changes to registry :

* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Modifies value "ExceptionRecord=050000C00000000000000000000000000200000000000000000000003F0001000000000000000000000000000000000000000000000000007F02000000000000FFFF0000000000000000000000000000" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
old value "ExceptionRecord=050000C000000000000000002F12F1000200000000000000000000003F0001000000000000000000000000000000000000000000000000007F02000000000000FFFF0000E991F2000000000048734000"
* Creates value "StoreLocation=C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_a1d45b4e55443962_268ccaacef8d1d64878116851a1b7c36f05e35_cab_0a1f9020" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00550073006500720073005C0076006D0077006100720065005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C00410070007000430072006100730068005F0061003100640034003500620034006500350035003400340033003900360032005F00320036003800630063006100610063006500660038006400310064003600340038003700380031003100360038003500310061003100620037006300330036006600300035006500330035005F006300610062005F00300061003100660039003000320030000000
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps

Changes to filesystem:

* Creates file C:\Users\vmware\AppData\Local\CrashDumps\a1d45b4e55443962b9e119d7c47563e0.exe.3392.dmp
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_a1d45b4e55443962_268ccaacef8d1d64878116851a1b7c36f05e35_cab_0a1f9020\Report.wer
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_a1d45b4e55443962_268ccaacef8d1d64878116851a1b7c36f05e35_cab_0a1f9020\WER8854.tmp.appcompat.txt
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_a1d45b4e55443962_268ccaacef8d1d64878116851a1b7c36f05e35_cab_0a1f9020\WER89EA.tmp.WERInternalMetadata.xml
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_a1d45b4e55443962_268ccaacef8d1d64878116851a1b7c36f05e35_cab_0a1f9020\WER8A97.tmp.hdmp
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_a1d45b4e55443962_268ccaacef8d1d64878116851a1b7c36f05e35_cab_0a1f9020\WER8E30.tmp.mdmp

Network services:

no change

Process/window/string information:

* Checks for debuggers.
* Creates process "C:\Windows\system32\WerFault.exe, C:\Windows\system32\WerFault.exe -u -p 3392 -s 104, C:\Windows\system32".
* Injects code into process "C:\Windows\System32\WerFault.exe".
* Enumerates running processes.
* Creates a mutex "Local\WERReportingForProcess3392".
* Enables privilege SeDebugPrivilege.
* Creates a mutex "Global\8db4a51b-2245-11e6-b3fb-000c29f0d582".
* Enables privilege SeShutdownPrivilege.
* Enables process privileges.

Additional Information:

How To Remove a1d45b4e55443962b9e119d7c47563e0

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where a1d45b4e55443962b9e119d7c47563e0 located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top