Home » Virus List
Generic Worm
Risk Level 1
 
File Size : 2297344 KB
File Type : Portable Executable file
File Name

Lamer.exe

MD5

04d1efe70bb12db8a3b73b241c2c5e7f

SHA1

fcf7ccd9eb40a4126432cc7fd6e46905b1295ca8

SHA256

6f6fd0c67b6ead338982d9d02c628bd1d3c679ae94ebbea067

General information:

* File name: C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates value "ExceptionRecord=050000C00000000000000000A38E4000020000000100000042FC25003F0001000000000000000000000000000000000000000000000000007F02000000000000FFFF0000000000000000000000000000" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
* Creates value "StoreLocation=C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Lame_5a577add2cc6ee983eb8ae357a9f92e0680dc_cab_0c52e5eb" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C00410070007000430072006100730068005F00560069007200750073002E00570069006E00330032002E004C0061006D0065005F0035006100350037003700610064006400320063006300360065006500390038003300650062003800610065003300350037006100390066003900320065003000360038003000640063005F006300610062005F00300063003500320065003500650062000000
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d830145d-1c80-11e6-b8aa-806e6f6e6963}
old value empty
* Creates value "StoreLocation=C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Lame_5a577add2cc6ee983eb8ae357a9f92e0680dc_cab_0c52e5eb" in key HKEY_CURRENT_USER\software\Microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C00410070007000430072006100730068005F00560069007200750073002E00570069006E00330032002E004C0061006D0065005F0035006100350037003700610064006400320063006300360065006500390038003300650062003800610065003300350037006100390066003900320065003000360038003000640063005F006300610062005F00300063003500320065003500650062000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "Virus.Win32.Lamer.exe.tmp=Virus.Win32.Lamer.exe.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000
* Creates value "Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp=Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E004C0061006D00650072002E006500780065002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070002E0074006D0070000000

Changes to filesystem:

* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Lame_5a577add2cc6ee983eb8ae357a9f92e0680dc_cab_0c52e5eb\Report.wer
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Lame_5a577add2cc6ee983eb8ae357a9f92e0680dc_cab_0c52e5eb\WER4D64.tmp.appcompat.txt
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Lame_5a577add2cc6ee983eb8ae357a9f92e0680dc_cab_0c52e5eb\WER559F.tmp.WERInternalMetadata.xml
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Lame_5a577add2cc6ee983eb8ae357a9f92e0680dc_cab_0c52e5eb\WER6337.tmp.hdmp
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Lame_5a577add2cc6ee983eb8ae357a9f92e0680dc_cab_0c52e5eb\WERC2A6.tmp.mdmp
* Creates file C:\Users\vmware\AppData\Local\CrashDumps\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.2356.dmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\2TDTZZX1J.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\4AVKSLB7JZ3.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\6YDBOC42.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\BUFNNN.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\CDSC6.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\DBRLBR1GMUM.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\G1C5P9NW6.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\IIKWQIX4C9KS.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\NQE86S.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\QX7IVIVP3.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\RXEE38Z.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\V49BX5NXN91.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\W48PUUE75.tmp
* Creates file (empty) C:\Users\vmware\Desktop\malware\Y13WZH1ST8I.tmp

Network services:

* Queries DNS "www.lmok123.com".
* Queries DNS "easycf.51.net".
* C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe Connects to "209.99.40.223" on port 80 (TCP - HTTP).
* C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp Connects to "118.144.82.146" on port 80 (TCP - HTTP).
* C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp Connects to "58.49.58.20" on port 80 (TCP - HTTP).
* C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp Connects to "209.99.40.222" on port 80 (TCP - HTTP).
* Downloads file from "www.lmok123.com/kills.txt".
* Downloads file from "easycf.51.net/kills.txt".
* Downloads file from "58.49.58.20/kills.txt".

Process/window/string information:

* Keylogger functionality.
* Checks for debuggers.
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp, null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Lamer.exe.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp.tmp".
* Creates process "C:\Windows\system32\WerFault.exe, C:\Windows\system32\WerFault.exe -u -p 2356 -s 188, C:\Windows\system32".
* Injects code into process "C:\Windows\System32\WerFault.exe".
* Enumerates running processes.
* Creates a mutex "Local\WERReportingForProcess2356".
* Enables privilege SeDebugPrivilege.
* Creates a mutex "Global\237fbb62-2264-11e6-8c41-000c29164906".
* Enables privilege SeShutdownPrivilege.
* Enables process privileges.
* Contains string Checked for AVG security software presence ("AVGW")
* Sleeps 2214 seconds.

Additional Information:

How To Remove Lamer.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where Lamer.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top