Home » Virus List
Trojan.Win32.Generic
Risk Level 1
 
File Size : 2885632 KB
File Type : Portable Executable file
File Name

Ghost Security Suite.exe

MD5

4d20881e559cfc0eb0eb8f9673a36500

SHA1

ddd54a45f260730cafe72fe5c8ce969ff67d1ed6

SHA256

a0220ee7bd7d13b70f84f7746d6622ce87a249c470e2cac7c4

General information:

* File name: C:\Users\vmware\Desktop\malware\Trats.exe

Changes to registry :

* No changes

Changes to filesystem:

* Modifies file C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
* Creates file C:\WINDOWS\system32\ikefghff.dll
* Creates file C:\WINDOWS\system32\sqzenptc.dll
* Creates file C:\WINDOWS\system32\wwknmphj.dll
* Creates file C:\WINDOWS\system32\xzrkdias.dll
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_wwk_6aad9a12a3d6a43592eb040aab72badd773fc81_cab_090cdfb7\Report.wer
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_wwk_6aad9a12a3d6a43592eb040aab72badd773fc81_cab_090cdfb7\WERD1A3.tmp.appcompat.txt
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_wwk_6aad9a12a3d6a43592eb040aab72badd773fc81_cab_090cdfb7\WERD2DC.tmp.WERInternalMetadata.xml
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_wwk_6aad9a12a3d6a43592eb040aab72badd773fc81_cab_090cdfb7\WERD34A.tmp.hdmp
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_wwk_6aad9a12a3d6a43592eb040aab72badd773fc81_cab_090cdfb7\WERDB66.tmp.mdmp
* Creates file C:\Users\vmware\AppData\Local\CrashDumps\rundll32.exe.2824.dmp
* Creates file C:\Users\vmware\AppData\Local\Temp\Trats.exe

Network services:

* No changes

Process/window/string information:

* Checks for debuggers.
* Creates an event named "E2354DDD7D8A4f99B765353352D3A00B".
* Creates process "null, rundll32.exe "C:\Windows\system32\wwknmphj.dll",G8E15CD1739054444A95E356DAC377FFC, null".
* Injects code into process "C:\Windows\System32\rundll32.exe".
* Creates a mutex "F485C91EFA4a0B6C9D7A48615EC0".
* Creates an event named "CD813ADC90A7A118CE870266".
* Creates process "null, C:\Users\vmware\AppData\Local\Temp\Trats.exe -minimize, null".
* Creates process "null, rundll32.exe "C:\Windows\system32\sqzenptc.dll",G8E15CD1739054444A95E356DAC377FFC, null".
* Enumerates running processes.
* Enables privilege SeDebugPrivilege.
* Injects code into process "C:\Windows\System32\WerFault.exe".
* Creates a mutex "Local\WERReportingForProcess2824".
* Creates a mutex "Global\adab5431-2278-11e6-8c41-000c29164906".
* Enables privilege SeShutdownPrivilege.
* Enables process privileges.
* Contains string Traces of AutoStart registry key ("Software\Microsoft\Windows\CurrentVersion\Run")
* Sleeps 10 seconds.

Additional Information:

How To Remove Ghost Security Suite.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where Ghost Security Suite.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top