Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 317382 KB
File Type : Portable Executable file
File Name

msnmsgr.exe

MD5

9d5e79aa8a713194dddd185126b401d0

SHA1

94eac0337b6af9b933a370f66c97551ecd0d519f

SHA256

f04507d093153bbdd9ee85f795954e9fc27e947884de52e618

General information:

* File name: C:\Users\vmware\Desktop\malware\9d5e79aa8a713194dddd185126b401d0.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Creates value "msnmsg32.exe=C:\Users\Public\J-93219-1923-12901\msnmsg32.exe:*:Enabled:Mobile Device Service" in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Public\J-93219-1923-12901
binary data=43003A005C00550073006500720073005C005000750062006C00690063005C004A002D00390033003200310039002D0031003900320033002D00310032003900300031005C006D0073006E006D0073006700330032002E006500780065003A002A003A0045006E00610062006C00650064003A004D006F00620069006C0065002000440065007600690063006500200053006500720076006900630065000000
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d830145d-1c80-11e6-b8aa-806e6f6e6963}
old value empty
* Creates value "Mobile Device Service=C:\Users\Public\J-93219-1923-12901\msnmsg32.exe" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
binary data=43003A005C00550073006500720073005C005000750062006C00690063005C004A002D00390033003200310039002D0031003900320033002D00310032003900300031005C006D0073006E006D0073006700330032002E006500780065000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000

Changes to filesystem:

* Creates hidden folder C:\Users\Public\J-93219-1923-12901
* Creates file (hidden) C:\Users\Public\J-93219-1923-12901\msnmsg32.exe

Network services:

* Queries DNS "team.radiozeri.de".

Process/window/string information:

* Gets user name information.
* Gets computer name.
* Checks for debuggers.
* Creates process "null, "C:\Users\vmware\Desktop\malware\9d5e79aa8a713194dddd185126b401d0.exe" , null".
* Opens a service named "Csc".
* Opens a service named "CscService".
* Creates a mutex "{C20CD437-BA6D-4ebb-B190-70B43DE3B0F3}".
* Creates a mutex "_SHuassist.mtx".
* Creates process "C:\Users\Public\J-93219-1923-12901\msnmsg32.exe, "C:\Users\Public\J-93219-1923-12901\msnmsg32.exe" , C:\Users\vmware\Desktop\malware".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\public\J-93219-1923-12901\msnmsg32.exe".
* Creates process "null, "C:\Users\Public\J-93219-1923-12901\msnmsg32.exe" , null".
* Sleeps 166602 seconds.

Additional Information:

How To Remove msnmsgr.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where msnmsgr.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top