Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 1993205 KB
File Type : 41
File Name

Clientmanager.exe

MD5

3f0b33e372a7fd56eeed16f0accd6905

SHA1

bf97a67c3b1360e6abb6ad56c59087c814110fa3

SHA256

658e01663e946016ff8061deaa876a34f1160e351e2b051c91

General information:

Clientmanager.exe

Changes to registry :

* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "Clientmanager.exe=Clientmanager.exe" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\AppData\Roaming
binary data=43006C00690065006E0074006D0061006E0061006700650072002E006500780065000000

Changes to filesystem:

* Creates file C:\Users\vmware\AppData\Roaming\Clientmanager.exe
* Creates file (empty) C:\Users\vmware\AppData\Roaming\Monitor\Guard\1
* Creates file (hidden) C:\Users\vmware\AppData\Roaming\MPCQdICgZaieFadU.exe
* Creates file (empty) C:\Users\vmware\Desktop\malware\3f0b33e372a7fd56eeed16f0accd6905.exe

Network services:

* Queries DNS "csstore.truedns.xyz".

Process/window/string information:

* Gets input locale identifiers.
* Gets computer name.
* Decrypts data.
* Checks for debuggers.
* Installs a hook procedure that monitors keystroke messages.
* Modifies access control lists (ACLs) of files.
* Creates process "null, C:\Users\vmware\AppData\Roaming\Clientmanager.exe /m"C:\Users\vmware\Desktop\malware\3f0b33e372a7fd56eeed16f0accd6905.exe", C:\Users\vmware\Desktop\malware".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\AppData\Roaming\Clientmanager.exe".
* Creates process "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe, , null".
* Injects code into process "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe".
* Enumerates running processes.
* Creates an event named "Global\CorDBIPCSetupSyncEvent_2304".
* Creates a mutex "Global\ 2313ab22909e9995d82371fe61705232a8649c03c3d2ea49a19ae95598c1a83f".
* Creates a mutex "Global\.net clr networking".
* Sleeps 68856 seconds.

Additional Information:

How To Remove Clientmanager.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where Clientmanager.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top