Home » Virus List
Generic Worm
Risk Level 1
 
File Size : 5490148 KB
File Type : Portable Executable file
File Name

f10c5355779ad06f35b72b47031600ae.exe

MD5

f10c5355779ad06f35b72b47031600ae

SHA1

416e71988dbb87249830b861211faaf7f670bf86

SHA256

a8357afe8ea223bf99ee39ac5082fd731a0727beff56e3214c

General information:

* File name: C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe

Changes to registry :

* Creates value "r=31000000" in key HKEY_LOCAL_MACHINE\software\19659239224e364682fa4baf72c53ea4
* Creates value "Blob=0B000000010000002C000000470065006E006500720069006300200052006F006F0074002000540072007500730074002000430041000000030000000100000014000000CE1A3553BA6155DA5160097B4B1EA1FF4CBA719520000000010000005F0500003082055B30820347A00302010202100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05003020311E301C0603550403131547656E6572696320526F6F74205472757374204341301E170D3034303632373231303030305A170D3339313233313233353935395A3020311E301C0603550403131547656E6572696320526F6F7420547275737420434130820222300D06092A864886F70D01010105000382020F003082020A0282020100E3F7A3A92E8A1E450184F610ED122E2E95F8EEBEF310D633B33FB5B74BFB539EFB02511F2891D0CCCDE451EB360F00F93BD1C48C552899EA1B5FB973A6020F9B01871C0582810180EADD97FAC039B9F10265CA11BEC2BA9FEF5ED5530D0FF52FEF0E3EFA2A57CD716C588B379D5D836B7739A555F7FD035B04603CFA8767E2A4EDEF7BD8476C7E2D7F8856BD85B64B06489F0471EB45495FCC31E8197156009743BE16AE92FE2BF05B655856AF13B6EA148D4AAAECCD264CE8384FCFA0F814FB079395A129514DA2840EB2D6EEA591CE52DA683B484876437D54166FE8BCB77197589E328227D74F2766D137E1FEB53E6C7BA0DD6967C8B1B1D2486FFFC5346227335F938D023A9D3526BD7F956347D615685806E1B9331BD471C66A5BA65E0BE19DE81A32BA1E462B3E54B903D33EF4FC6B1FA54412201E485A3FBFD2E150043100860471C17CE2E769627C15A99910945502FEC75CC8C96C0744D86EF3237F49182760F5AB921EEEDC9925E13C9FDA8F2AE1F22359975D4FB96CE2FE1CC7E846180F504039A681573487E9FEF3CF0CA8E75B07D54C4B8D02B3E24B2CF4F66EA5F93D89D06D63634619D5F22862A42923F1A1A7FFB24C3652B432634994B2F711F25C855D79614A63ED4376AD7974C6DA2A7859DCAE775C6F3D691B90276A3A68A4C7D05E01F7FA3EA3BCF5903C744B4A62742042EAA3FBA041CDC1560CDAA90203010001A38198308195300F0603551D130101FF040530030101FF302F0603551D1F042830263024A022A020861E687474703A2F2F63726C2E67727369676E2E636F6D2F726F6F742E63726C30510603551D01044A3048801081CCA285444BBDF62F30A7426F3C0525A1223020311E301C0603550403131547656E6572696320526F6F7420547275737420434182100886B0C22AD1139740DCD1C5783A43BE300906052B0E03021D05000382020100DDFF3647576E7AE7A101FB531683247AF3276623F6CFABA169B78039019FAD7D1297E568E8D8FD115F431F8FFAB1DED33BC78159F3277CDBC1E21B7C54300F21D26B1CF7C6DFF5EE507FDBFCC0D71B67462EFC664ABEC83F11D1C04D064129B4FB794893B46E87E8068774575DED1C66B90C5DBF59FD188495116301FC109F2314BB0AB2D2201339D9D0D2BFC11F4CA78340F3D221788E887DC62D38554BDC8C5CD928A7EE33F63559DF868192C667215B4D7B917E383D365CAFF123987F05E0B340B5083C87F037725D525136C5CCDA2ACDC2D229AD6794A764A1BEF40FBAB55E3A0D432124C449EF956AFB0E75C388C629189D0D065956A81179BBB96D9E29B1C994FA8EB1AD2BB87467BCEF4749FED2197F4A3D8AE58B6765041B7D7FEC600E62E05707998D480CB81C2F2125D0C41504FC0449BBF7FC97E028E37357EC9FEB96D35721428633527FFEF4D1E34BCA9DEB16B1AD1D682DC199B654DAF18BF6F1699C47AD9A2C8109F5A3053745CC196D3474D94AC9BC78E7C0D6B198A890B506E74D9F3989D1A6C5DEFF18B4AF9680AD945F7EA46C116A57E6A117FF6D1014EDD19A8C55260B40EA310FEEEED5BFB42BAF8CAABD20CBB6263289DAB5E1BB3023417BF97ED5D14C91106D2473BC71DE95BFCDEB18093FD8B78FAEA0F8BFA8FA2348CCC289CB5CC76A37701842661A40E9EE0DDED2A3ABBA0F29E761D9E7F8DC" in key HKEY_LOCAL_MACHINE\software\microsoft\SystemCertificates\ROOT\Certificates\CE1A3553BA6155DA5160097B4B1EA1FF4CBA7195
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "LocalHost32=C:\Windows\system32\lpasrv.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
binary data=43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006C00700061007300720076002E006500780065000000
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "Boot Bus Extender=07000000070000000100000002000000040000000500000006000000EE030000" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\GroupOrderList
old value "Boot Bus Extender=06000000010000000200000003000000040000000500000006000000"
* Creates value "PendingFileRenameOperations=\??\C:\Users\vmware\AppData\Local\Temp\nsiC286.tmp\Lang\\??\C:\Users\vmware\AppData\Local\Temp\nsiC286.tmp\" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
binary data=5C003F003F005C0043003A005C00550073006500720073005C0076006D0077006100720065005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C006E007300690043003200380036002E0074006D0070005C004C0061006E0067005C00000000005C003F003F005C0043003A005C00550073006500720073005C0076006D0077006100720065005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C006E007300690043003200380036002E0074006D0070005C00000000000000
* Creates value "EventMessageFile=%SystemRoot%\System32\IoLogMsg.dll" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\System\sptd
binary data=2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0049006F004C006F0067004D00730067002E0064006C006C000000
* Creates value "TypesSupported=00000007" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\System\sptd
* Creates value "Type=00000001" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptd
* Creates value "ErrorControl=00000001" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptd
* Creates value "ImagePath=\SystemRoot\System32\Drivers\sptd.sys" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptd
binary data=5C00530079007300740065006D0052006F006F0074005C00530079007300740065006D00330032005C0044007200690076006500720073005C0073007000740064002E007300790073000000
* Creates value "Tag=00000007" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptd
* Creates value "s1=2DF9C43F" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptd\Cfg
* Creates value "s2=110480D0" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptd\Cfg
* Creates value "g0=3823E8D0BFF22D6F5B5818FC569B0D5E25C69D3F46BA02A3DF6758CD23E131B6" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptd\Cfg
* Creates Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptd\r0
* Modifies value "SppCreate (Enter)=40000000000000003FB8220773B6D101C8050000AC090000D0070000000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VSS\Diag\SPP
old value "SppCreate (Enter)=400000000000000026C93E1326B0D10120060000A4050000D0070000000000000000000000000000000000000000000000000000000000000000000000000000"
* Modifies value "SppCreate (Leave)=4000000000000000A32F4B0773B6D101C8050000AC090000D0070000010000000000000002230480000000000000000000000000000000000000000000000000" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VSS\Diag\SPP
old value "SppCreate (Leave)=4000000000000000330F0B1826B0D10120060000A4050000D0070000010000000000000000000000000000000000000000000000000000000000000000000000"
* Modifies value "SrCreateRp (Enter)=4000000000000000DE56200773B6D101C8050000AC090000D5070000000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VSS\Diag\SystemRestore
old value "SrCreateRp (Enter)=400000000000000026C93E1326B0D10120060000A4050000D5070000000000000000000000000000000000000000000000000000000000000000000000000000"
* Modifies value "SrCreateRp (Leave)=4000000000000000A32F4B0773B6D101C8050000AC090000D5070000010000000000000002230480000000000000000000000000000000000000000000000000" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VSS\Diag\SystemRestore
old value "SrCreateRp (Leave)=400000000000000094700D1826B0D10120060000A4050000D5070000010000000000000000000000000000000000000000000000000000000000000000000000"

Changes to filesystem:

* Creates file C:\Windows\system32\Drivers\sptd.sys
* Creates file C:\Windows\system32\lpasrv.exe
* Creates file C:\Users\vmware\AppData\Local\Temp\nsiC286.tmp\Lang\ENU.dll
* Creates file C:\Users\vmware\AppData\Local\Temp\nsiC286.tmp\setuphlp.dll
* Creates file C:\Users\vmware\AppData\Roaming\DAEMON Tools\daemontools.ini
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.tmp

Network services:

no change

Process/window/string information:

* Keylogger functionality.
* Gets system default language ID.
* Gets input locale identifiers.
* Gets volume information.
* Checks for debuggers.
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.tmp".
* Creates process "null, "C:\Users\vmware\AppData\Local\Temp\nsiC286.tmp\SPTDinst-x86.exe" add /q, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\AppData\Local\Temp\nsiC286.tmp\SPTDinst-x86.exe".
* Creates a service named "sptd".
* Enables privilege SeShutdownPrivilege.
* Enables process privileges.
* Ends Windows session.
* Contains string Traces of AutoStart registry key ("Software\Microsoft\Windows\CurrentVersion\Run")
* Contains string Detected Anti-Malware Analyzer routine: Norman Sandbox detection ("CurrentUser")
* Sleeps 60 seconds.

Additional Information:

How To Remove f10c5355779ad06f35b72b47031600ae.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where f10c5355779ad06f35b72b47031600ae.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top