Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 51712 KB
File Type : Portable Executable 32
File Name

GTA.exe

MD5

b6381dba0f21dafc6cbfb26bb5453ee4

SHA1

f3a9aae42ab333f19eb387e2ecd52d9135351a0d

SHA256

bcddfc76ca115eca7000be8304c3b51b01f91e38c10172eecb

General information:

* File name: C:\Users\cog\Desktop\Analyzed Viruses\Trojan.Generic\sample\b6381dba0f21dafc6cbfb26bb5453ee4.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{beddbb13-098b-11e6-a955-806e6f6e6963}
old value empty
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{beddbb14-098b-11e6-a955-806e6f6e6963}
old value empty
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "LangID=0904" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000

Changes to filesystem:

* Creates file C:\Users\cog\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_b6381dba0f21dafc_b87063b8fd304ccbc19f4814f2eef6abec85ebec_cab_0f100ee8\Report.wer
* Creates file C:\Users\cog\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_b6381dba0f21dafc_b87063b8fd304ccbc19f4814f2eef6abec85ebec_cab_0f100ee8\WER82F.tmp.mdmp
* Creates file C:\Users\cog\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_b6381dba0f21dafc_b87063b8fd304ccbc19f4814f2eef6abec85ebec_cab_0f100ee8\WERB783.tmp.WERInternalMetadata.xml
* Creates file C:\Users\cog\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_b6381dba0f21dafc_b87063b8fd304ccbc19f4814f2eef6abec85ebec_cab_0f100ee8\WERB811.tmp.hdmp

Network services:

* Queries DNS "en-us.appex-rf.msn.com".

Process/window/string information:

* Checks for debuggers.
* Creates an event named "Global\CorDBIPCSetupSyncEvent_3576".
* Creates process "C:\Windows\Microsoft.NET\Framework\v2.0.50727\\dw20.exe, dw20.exe -x -s 460, null".
* Injects code into process "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe".
* Enumerates running processes.
* Creates a mutex "Global\8bedfbe0-1ede-11e6-b3eb-080027767f0e".
* Enables privilege SeShutdownPrivilege.
* Enables process privileges.

Additional Information:

How To Remove GTA.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where GTA.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top