Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 2428416 KB
File Type : Portable Executable file Win32 EXE
File Name

llop(1).exe

MD5

7c9151729d70fb90e2aeccd6b0be7cb9

SHA1

ef65429d2a60dccda15c6b93eca57c5fde1c254e

SHA256

321fb4ecaed7378e3c8beeb652ed4d8ecc39d2d97095c3dcc5

General information:

* File name: C:\Users\Cognus\Desktop\report\injector dd\llop(1).exe.exe

Changes to registry :

* Creates value "llop(1).exe.exe=Contraband match" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Cognus\Desktop\report\injector dd
binary data=43006F006E00740072006100620061006E00640020006D0061007400630068000000
* Creates value "MSBuild.exe=20000000" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\Microsoft.NET\Framework\v2.0.50727

Changes to filesystem:

* Creates file C:\Users\Cognus\AppData\Roaming\FBBE3336-6481-4CB0-A39C-2D0664723C1F\run.dat
* Creates file C:\Users\Cognus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dll.sys.exe

Network services:

* Queries DNS "mrlarger2.ddns.net".
* Queries DNS "cms.quantserve.com".
* Queries DNS "clients4.google.com".

Process/window/string information:

* Gets input locale identifiers.
* Gets computer name.
* Checks for debuggers.
* Registers as clipboard viewer.
* Removes Zone.Identifier information.
* Creates process "\Windows\System32\calc.exe, null, null".
* Injects code into process "C:\Windows\System32\calc.exe".
* Enumerates running processes.
* Creates process "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, "C:\Users\Cognus\Desktop\report\injector dd\llop(1).exe.exe" , null".
* Injects code into process "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe".
* Creates an event named "Global\CorDBIPCSetupSyncEvent_3860".
* Creates a mutex "Global\{304d3df5-28c4-4a3a-86d5-dc78f1091828}".
* Creates a mutex "Global\.net clr networking".
* Enables privilege SeDebugPrivilege.
* Creates an event named "Global\CorDBIPCSetupSyncEvent_1860".
* Terminates process "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"

Additional Information:

How To Remove llop(1).exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where llop(1).exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top