Home » Virus List
Trojan.Win32.Generic
Risk Level 1
 
File Size : 960440 KB
File Type : Portable Executable file
File Name

Downloader.exe

MD5

ae4a40c3383e9e27823ba4ee5fab36de

SHA1

ff125d49b34ec818844187d250ced4473a7c1df4

SHA256

cd7c6fb0e500e22f2f01f04cca8b922225239de757d6049b7d

General information:

* File name: C:\Users\vmware\Desktop\malware\Downloader.exe

Changes to registry :

* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates value "ExceptionRecord=050000C00000000000000000000000000200000000000000000000003F0001000000000000000000000000000000000000000000000000007F02000000000000FFFF0000000000000000000000000000" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
* Creates value "StoreLocation=C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Downloader.exe_8d89a97e94e3e115513353bb761b974cd46e88e0_cab_0f9ffda4" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C00410070007000430072006100730068005F0044006F0077006E006C006F0061006400650072002E006500780065005F0038006400380039006100390037006500390034006500330065003100310035003500310033003300350033006200620037003600310062003900370034006300640034003600650038003800650030005F006300610062005F00300066003900660066006400610034000000
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps

Changes to filesystem:

* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Downloader.exe_8d89a97e94e3e115513353bb761b974cd46e88e0_cab_0f9ffda4\Report.wer
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Downloader.exe_8d89a97e94e3e115513353bb761b974cd46e88e0_cab_0f9ffda4\WERF3D5.tmp.appcompat.txt
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Downloader.exe_8d89a97e94e3e115513353bb761b974cd46e88e0_cab_0f9ffda4\WERF4FE.tmp.WERInternalMetadata.xml
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Downloader.exe_8d89a97e94e3e115513353bb761b974cd46e88e0_cab_0f9ffda4\WERF5BA.tmp.hdmp
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Downloader.exe_8d89a97e94e3e115513353bb761b974cd46e88e0_cab_0f9ffda4\WERFB37.tmp.mdmp
* Creates file C:\Users\vmware\AppData\Local\CrashDumps\Downloader.exe.2692.dmp

Network services:

no change

Process/window/string information:

* Checks for debuggers.
* Creates process "C:\Windows\system32\WerFault.exe, C:\Windows\system32\WerFault.exe -u -p 2692 -s 128, C:\Windows\system32".
* Injects code into process "C:\Windows\System32\WerFault.exe".
* Enumerates running processes.
* Creates a mutex "Local\WERReportingForProcess2692".
* Enables privilege SeDebugPrivilege.
* Creates a mutex "Global\676f6385-2327-11e6-95ac-000c29164906".
* Enables privilege SeShutdownPrivilege.
* Enables process privileges.

Additional Information:

How To Remove Downloader.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where Downloader.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top