Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 51712 KB
File Type : Portable Executable 32
File Name

GTA.exe

MD5

ab400a98ec5fde491ff1e90f10b9d281

SHA1

833d1bbb5eeffa972e969d313a7768bc1af9f5de

SHA256

ec209f2952b564494f06c072bc992713cf9f98d54c88c0bfcc

General information:

* File name: C:\Users\cog\Desktop\Analyzed Viruses\Backdoor.Generic\Sample\ab400a98ec5fde491ff1e90f10b9d281.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{beddbb13-098b-11e6-a955-806e6f6e6963}
old value empty
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{beddbb14-098b-11e6-a955-806e6f6e6963}
old value empty
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "LangID=0904" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "ab400a98ec5fde491ff1e90f10b9d281.exe=ab400a98ec5fde491ff1e90f10b9d281.exe" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\cog\Desktop\Analyzed Viruses\Backdoor.Generic\Sample
binary data=610062003400300030006100390038006500630035006600640065003400390031006600660031006500390030006600310030006200390064003200380031002E006500780065000000
* Creates value "cmd.exe=Windows Command Processor" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\system32
binary data=570069006E0064006F0077007300200043006F006D006D0061006E0064002000500072006F0063006500730073006F0072000000
* Creates value "shutdown.exe=Windows Shutdown and Annotation Tool" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32
binary data=570069006E0064006F00770073002000530068007500740064006F0077006E00200061006E006400200041006E006E006F0074006100740069006F006E00200054006F006F006C000000

Changes to filesystem:

No changes

Network services:

No changes

Process/window/string information:

* Gets system default language ID.
* Checks for debuggers.
* Creates process "null, "C:\Users\cog\AppData\Local\Temp\C152.tmp\test.bat" "C:\Users\cog\Desktop\Analyzed Viruses\Backdoor.Generic\Sample\ab400a98ec5fde491ff1e90f10b9d281.exe", C:\Users\cog\Desktop\Analyzed Viruses\Backdoor.Generic\Sample\".
* Injects code into process "C:\Windows\System32\cmd.exe".
* Creates process "C:\Windows\system32\shutdown.exe, shutdown -s -t 4 -c :D, C:\Users\cog\Desktop\Analyzed Viruses\Backdoor.Generic\Sample".
* Injects code into process "C:\Windows\System32\shutdown.exe".
* Enables privilege SeShutdownPrivilege.
* Enables privilege SeRemoteShutdownPrivilege.
* Enables process privileges.
* Sleeps 7 seconds.

Additional Information:

How To Remove GTA.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where GTA.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top