Home » Virus List
Backdoor.Agent
Risk Level 1
 
File Size : 799232 KB
File Type : Portable Executable file
File Name

a1d57e1f4b76602148fd5d69cd16d980

MD5

a1d57e1f4b76602148fd5d69cd16d980

SHA1

e65323aa02ddf2e066cec7b765cc742ef06e0912

SHA256

0c040f59b216d8f21d3af4c15db9b8141006725ba1abcca3c0

General information:

* File name: C:\Users\vmware\Desktop\malware\a1d57e1f4b76602148fd5d69cd16d980.exe

Changes to registry :

* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Creates value "Type=00000110" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GrayPigeon_Hacker.com.cn
* Creates value "Start=00000002" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GrayPigeon_Hacker.com.cn
* Creates value "DisplayName=GrayPigeon_Hacker.com.cn" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GrayPigeon_Hacker.com.cn
binary data=470072006100790050006900670065006F006E005F004800610063006B00650072002E0063006F006D002E0063006E000000
* Creates value "ImagePath=C:\Windows\Hacdddker.com.cn.exe" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GrayPigeon_Hacker.com.cn
binary data=43003A005C00570069006E0064006F00770073005C004800610063006400640064006B00650072002E0063006F006D002E0063006E002E006500780065000000

Changes to filesystem:

* Creates file (hidden) C:\Windows\Hacdddker.com.cn.exe
* Creates file C:\Users\vmware\AppData\Local\Temp\LLDFWF.TMP

Network services:

* Queries DNS "a5226406.3322.org".

Process/window/string information:

* Gets input locale identifiers.
* Checks for debuggers.
* Enables privilege SeDebugPrivilege.
* Opens a service named "GrayPigeon_Hacker.com.cn".
* Creates a service named "GrayPigeon_Hacker.com.cn".
* Starts a service.
* Creates process "null, C:\Program Files\Internet Explorer\IEXPLORE.EXE, null".
* Injects code into process "C:\Program Files\Internet Explorer\iexplore.exe".
* Enables process privileges.
* Contains string Traces of AutoStart registry key ("Software\Microsoft\Windows\CurrentVersion\Run")
* Sleeps 2 seconds.

Additional Information:

How To Remove a1d57e1f4b76602148fd5d69cd16d980

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where a1d57e1f4b76602148fd5d69cd16d980 located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top