Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 202752 KB
File Type : Portable Executable 32
File Name

b0ec5f5730df9e4b6d7e9865db44bc20.virus

MD5

b0ec5f5730df9e4b6d7e9865db44bc20

SHA1

c6e999b56186350b3bc8b435ea071667338c9e35

SHA256

a6a0de39bcc577bdcd21dfbbeef848e32b9ffe66274e52d331

General information:

* File name: C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\Sample\b0ec5f5730df9e4b6d7e9865db44bc20.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Creates value "Type=00000010" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\spsrv
* Creates value "Start=00000002" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\spsrv
* Creates value "ErrorControl=00000001" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\spsrv
* Creates value "DisplayName=Windows Protection" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\spsrv
binary data=570069006E0064006F00770073002000500072006F00740065006300740069006F006E000000
* Creates value "ImagePath=C:\Windows\system32\mmciles.exe -k" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\spsrv
binary data=43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D006D00630069006C00650073002E0065007800650020002D006B000000
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{c9d04f3b-1c7e-11e6-979c-806e6f6e6963}
old value empty
* Creates value "chanhost=C:\Users\cognus\AppData\Roaming\clicview\consutil.exe" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0063006C006900630076006900650077005C0063006F006E0073007500740069006C002E006500780065000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "cmd.exe=Windows Command Processor" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32
binary data=570069006E0064006F0077007300200043006F006D006D0061006E0064002000500072006F0063006500730073006F0072000000

Changes to filesystem:

* Creates file C:\Windows\system32\mmciles.exe
* Creates file C:\Users\cognus\AppData\Roaming\clicview\consutil.exe
* Modifies file (empty) C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\Sample\b0ec5f5730df9e4b6d7e9865db44bc20.exe

Network services:

* Queries DNS "www.virustotal.com".
* Queries DNS "ssl.google-analytics.com".
* Downloads file from "google.com/".

Process/window/string information:

* Gets volume information.
* Gets computer name.
* Checks for debuggers.
* Creates process "C:\Users\cognus\AppData\Roaming\clicview\consutil.exe, null, C:\Users\cognus\AppData\Roaming".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\AppData\Roaming\clicview\consutil.exe".
* Enumerates running processes.
* Creates process "C:\Users\cognus\AppData\Local\Temp\~70CC.tmp, null, C:\Users\cognus\AppData\Local\Temp\".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\AppData\Local\Temp\~70CC.tmp".
* Creates an event named "6d25f688357048c1bfeecb6afc2344a9".
* Creates an event named "5bf1c81470a844aca3d3ed6f03315cf9".
* Creates process "C:\Users\cognus\AppData\Local\Temp\~73AA.tmp, null, C:\Users\cognus\AppData\Local\Temp\".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\AppData\Local\Temp\~73AA.tmp".
* Creates process "C:\Windows\system32\cmd.exe, /C 2782231.cmd, C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\Sample".
* Injects code into process "C:\Windows\System32\cmd.exe".
* Creates process "C:\Users\cognus\AppData\Local\Temp\~75FC.tmp, null, C:\Users\cognus\AppData\Local\Temp\".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\AppData\Local\Temp\~75FC.tmp".
* Creates process "C:\Windows\system32\config\systemprofile\AppData\Local\Temp, null, C:\Windows\system32\config\systemprofile\AppData\Local\Temp\".
* Creates process "C:\Users\cognus\AppData\Local\Temp\~7909.tmp, null, C:\Users\cognus\AppData\Local\Temp\".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\AppData\Local\Temp\~7909.tmp".
* Creates process "C:\Users\cognus\AppData\Local\Temp\~7DBB.tmp, null, C:\Users\cognus\AppData\Local\Temp\".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\AppData\Local\Temp\~7DBB.tmp".
* Creates process "C:\Users\cognus\AppData\Local\Temp\~8145.tmp, null, C:\Users\cognus\AppData\Local\Temp\".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\AppData\Local\Temp\~8145.tmp".
* Creates process "C:\Windows\system32\attrib.exe, attrib -r -s -h "b0ec5f5730df9e4b6d7e9865db44bc20.exe", C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\Sample".
* Injects code into process "C:\Windows\System32\attrib.exe".
* Sleeps 3 seconds.

Additional Information:

How To Remove b0ec5f5730df9e4b6d7e9865db44bc20.virus

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where b0ec5f5730df9e4b6d7e9865db44bc20.virus located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top