Home » Virus List
SuspMal.gen
Risk Level 1
 
File Size : 22016 KB
File Type : Portable Executable 32
File Name

Missed-message.exe

MD5

7b6b62f144c0e1e00121ef75149003af

SHA1

bcb2e9c66e38316788365d0a0a90579f0e9b5cbd

SHA256

e6a5516262bf56cbf53ab9ce64541de4efd09298e20fb6e576

General information:

* File name: C:\Users\cognus\Desktop\cutwail_Samples\e6a5516262bf56cbf53ab9ce64541de4efd09298e20fb6e576b62b5a48baba1f.exe

Changes to registry :

* Modifies value "SavedLegacySettings=4600000017000000090000000000000000000000000000000400000000000000A0C3328AC1A9D101000000000000000000000000020000001700000000000000FE80000000000000C87CCB522245EA720B0000001C00000000000000000000000000000000200000002000000010000001000000ED0300000906020008000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFFC0B0EAF9D426D011BBBF00AA006C34E402000000C0A887820000000000000000606E2100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
old value "SavedLegacySettings=4600000016000000090000000000000000000000000000000400000000000000A0C3328AC1A9D101000000000000000000000000020000001700000000000000FE80000000000000C87CCB522245EA720B0000001C00000000000000000000000000000000200000002000000010000001000000ED0300000906020008000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFFC0B0EAF9D426D011BBBF00AA006C34E402000000C0A887820000000000000000606E2100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000

Changes to filesystem:

* Creates file C:\Users\cognus\AppData\Local\Temp\budha.exe
* Modifies file (empty) C:\Users\cognus\Desktop\cutwail_Samples\e6a5516262bf56cbf53ab9ce64541de4efd09298e20fb6e576b62b5a48baba1f.exe

Network services:

* Queries DNS "findforensicnursing.com".
* Queries DNS "jojik-international.com".
* Queries DNS "incoming.telemetry.mozilla.org".
* Queries DNS "pipeline-tee-p-elb-1rmutea6wo4sp-880153968.us-west-2.elb.amazonaws.com".

Process/window/string information:

* Gets user name information.
* Checks for debuggers.
* Opens a service named "AudioSrv".
* Creates a mutex "Local\MidiMapper_modLongMessage_RefCnt".
* Creates process "C:\Users\cognus\AppData\Local\Temp\budha.exe, "C:\Users\cognus\AppData\Local\Temp\budha.exe" , C:\Users\cognus\AppData\Local\Temp\".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\AppData\Local\Temp\budha.exe".
* Enables privilege SeAuditPrivilege.
* Opens a service named "Sens".
* Opens a service named "rasman".
* Enables process privileges.

Additional Information:

How To Remove Missed-message.exe

1.Download free Anti virus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where Missed-message.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top