Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 466944 KB
File Type : Portable Executable 32
File Name

hanter.exe

MD5

b12b54214269dfeac4d47df1a0c37d0d

SHA1

cf77a0e84ca1da6e9d356543e3aad02a51bd5ca1

SHA256

a103485b9ef3d6ddd91ecea9fe3df75365fb0d25e3c679f4eb

General information:

* File name: C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\New folder\Sample\b12b54214269dfeac4d47df1a0c37d0d.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{c9d04f3b-1c7e-11e6-979c-806e6f6e6963}
old value empty
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "b12b54214269dfeac4d47df1a0c37d0d.exe=Midrib3" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\New folder\Sample
binary data=4D006900640072006900620033000000

Changes to filesystem:

* No changes

Network services:

* Queries DNS "www.virustotal.com".
* Queries DNS "ssl.google-analytics.com".
* Queries DNS "virustotalcloud.appspot.com".
* Downloads file from "google.com/".
* Downloads file from "dlg-configs.buzzrin.de /config-from-production".
* Downloads file from "dlg-messages.buzzrin.de /1/dg/3/error".
* Downloads file from "dlg-messages.buzzrin.de /1/dg/3".
* Downloads file from "az687722.vo.msecnd.net/public-source/downloadguide/shareware-de/1.0/default/campaigns/product+website/ui/shareware-de-flow-5-text-en-us.zip".
* Downloads file from "az687722.vo.msecnd.net/public-source/downloadguide/shareware-de/1.0/default/campaigns/product+website/ui/last.zip".
* Downloads file from "az687722.vo.msecnd.net/public-source/downloadguide/shareware-de/1.0/default/campaigns/product+website/ui/yessearches-single-text-en-us.zip".
* Downloads file from "az687722.vo.msecnd.net/public-source/downloadguide/shareware-de/1.0/default/campaigns/product+website/ui/progress.zip".
* Downloads file from "az687722.vo.msecnd.net/public-source/downloadguide/shareware-de/1.0/default/campaigns/product+website/ui/base.zip".
* Downloads file from "az687722.vo.msecnd.net/public-source/downloadguide/shareware-de/1.0/default/campaigns/product+website/ui/pcspeedup-single-text-en-us.zip".
* Downloads file from "az687722.vo.msecnd.net/public-source/downloadguide/shareware-de/1.0/default/campaigns/product+website/ui/opera-single-text-en-us.zip".
* Downloads file from "az687722.vo.msecnd.net/public-source/downloadguide/shareware-de/1.0/default/campaigns/product+website/ui/my-pc-backup-single-text-en-us.zip".
* Downloads file from "www.shareware.de/images/software_icon_large/spintires-icon-546ac4be44d75.png".
* Downloads file from "crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl".
* Downloads file from "ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQDKfgk4eFlnv9iV6q4yK2qS".
* Downloads file from "d3j30ujq5cgnz5.cloudfront.net/main/cos_setup.exe".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/q5t17hcl?uid=B3A57DB7115B1E428081695633F67282&update0=version,201606061059&update1=sys,Windows.7.Professional&update4=ref,cos&update5=mode,&update6=sys0,Windows&update7=sys1,7&update8=sys2,Professional&update9=sys3,&update10=sys4,".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/gzi4nvrb?uid=B3A57DB7115B1E428081695633F67282&update0=version,201606061059&update1=sys,Windows.7.Professional&update4=ref,cos&update5=mode,&update6=sys0,Windows&update7=sys1,7&update8=sys2,Professional&update9=sys3,&update10=sys4,".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/q26tzhy6?uid=262929407_198339_B84975D2&update0=version,201606061059&update1=sys,Windows.7.Professional&update4=ref,cos&update5=mode,&update6=sys0,Windows&update7=sys1,7&update8=sys2,Professional&update9=sys3,&update10=sys4,".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/u2z5hyl2?uid=262929407_198339_B84975D2&update0=version,201606061059&update1=sys,Windows.7.Professional&update4=ref,cos&update5=mode,&update6=sys0,Windows&update7=sys1,7&update8=sys2,Professional&update9=sys3,&update10=sys4,".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/q5t17hcl?uid=B3A57DB7115B1E428081695633F67282&a=visit.dl.winmain.prestart4.448fbbb8135cfae740b9d9d720815259.1".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/q26tzhy6?uid=262929407_198339_B84975D2&a=visit.dl.winmain.prestart4.448fbbb8135cfae740b9d9d720815259.1".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/q5t17hcl?uid=B3A57DB7115B1E428081695633F67282&a=visit.dl.winmain.start.010".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/q26tzhy6?uid=262929407_198339_B84975D2&a=visit.dl.winmain.start.010".
* Downloads file from "d3pa4xcf10sh05.cloudfront.net /i4/22".
* Downloads file from "d1139uuzpj6eq0.cloudfront.net/r6/22_4c47b1a5000031b75208dcf163ffc9fd/1.n.7z".
* Downloads file from "yahoo.com/setting.doc".
* Downloads file from "www.yahoo.com/setting.doc".
* Downloads file from "crl.usertrust.com/AddTrustExternalCARoot.crl".
* Downloads file from "crl.microsoft.com/pki/crl/products/microsoftrootcert.crl".
* Downloads file from "crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl".
* Downloads file from "pki.google.com/GIAG2.crl".
* Downloads file from "crl.microsoft.com/pki/crl/products/WinPCA.crl".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/q5t17hcl?uid=B3A57DB7115B1E428081695633F67282&a=visit.dl.winmain.prestart4.448fbbb8135cfae740b9d9d720815259.2".
* Downloads file from "d3d5rryrijbudj.cloudfront.net/q26tzhy6?uid=262929407_198339_B84975D2&a=visit.dl.winmain.prestart4.448fbbb8135cfae740b9d9d720815259.2".
* Uses POST methods in HTTP.

Process/window/string information:

* Gets system default language ID.
* Checks for debuggers.

Additional Information:

How To Remove hanter.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where hanter.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top