Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 934400 KB
File Type : Portable Executable 32
File Name

lasahoya.exe

MD5

ab586f3a738d9b1c6a28a5c6f955cdf0

SHA1

7de8b2479196a89fa519864ff1b3dcf19d8371a0

SHA256

1a640bc6ec4ddddeb4ee2998ed064a460de11c29809440c601

General information:

* File name: C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\Sample\ab586f3a738d9b1c6a28a5c6f955cdf0.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{c9d04f3b-1c7e-11e6-979c-806e6f6e6963}
old value empty
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000

Changes to filesystem:

* No changes

Network services:

* Queries DNS "www.google.co.in".
* Queries DNS "apis.google.com".
* Queries DNS "id.google.co.in".
* Queries DNS "ssl.gstatic.com".
* Queries DNS "www.google.com".
* Queries DNS "www.gstatic.com".
* Queries DNS "wpad.localdomain".
* Queries DNS "safebrowsing.google.com".
* Queries DNS "safebrowsing-cache.google.com".

Process/window/string information:

* Checks for debuggers.
* Enumerates running processes.
* Creates an event named "Global\CorDBIPCSetupSyncEvent_1696".
* Enables privilege SeDebugPrivilege.
* Creates process "null, C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\Sample\ab586f3a738d9b1c6a28a5c6f955cdf0.exe, null".
* Enables process privileges.

Additional Information:

How To Remove lasahoya.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where lasahoya.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top