Home » Virus List
PUP.Generic
Risk Level 1
 
File Size : 613184 KB
File Type : Portable Executable file Win32 EXE
File Name

pdflite.exe

MD5

eb90eca5e4464585e0fe74086cd5629e

SHA1

88c5431363a71be0658b3918ad9c84d26893f3fa

SHA256

255a57f58f748a8c3498f13d50911958564135290f8e497283

General information:

* File name: C:\Users\Cognus\Desktop\report\9\pdflite.exe

Changes to registry :

* Creates value "LangID=0904" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "WMIC.exe=WMI Commandline Utility" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32\wbem
binary data=57004D004900200043006F006D006D0061006E0064006C0069006E00650020005500740069006C006900740079000000

Changes to filesystem:

* Creates file C:\Users\Cognus\AppData\Local\Temp\81462968491.txt
* Creates file C:\Users\Cognus\AppData\Local\Temp\cbdcabfcefg.exe
* Creates file C:\Users\Cognus\AppData\Local\Temp\cbdcabfcefg.zip
* Creates file C:\Users\Cognus\AppData\Local\Temp\nsiE035.tmp\dmc.dll
* Creates file C:\Users\Cognus\AppData\Local\Temp\nsiE035.tmp\nsisunz.dll
* Creates file C:\Users\Cognus\AppData\Local\Temp\rc10.cbdcabfcefg

Network services:

* Queries DNS "crl.globalsign.net".
* Queries DNS "ocsp2.globalsign.com".
* Queries DNS "crl.globalsign.com".
* Queries DNS "6.dr-in.skype-cr.akadns.net".
* Queries DNS "2.dr-in.skype-cr.akadns.net".
* Queries DNS "mobile.pipe.aria.microsoft.com".
* Queries DNS "webres1.qheal.ctmail.com".
* Queries DNS "d.chango.com".
* Queries DNS "1.dr-in.skype-cr.akadns.net".
* Queries DNS "7.dr-in.skype-cr.akadns.net".
* Queries DNS "resolver3.qheal.ctmail.com".
* Queries DNS "resolver5.qheal.ctmail.com".
* Queries DNS "dis.criteo.com".
* Queries DNS "teredo.ipv6.microsoft.com".
* Queries DNS "data-cdn.mbamupdates.com".
* Downloads file from "www.adobe.com/support/loganalyzer".
* Downloads file from "www.adobe.com/favicon.ico".

Process/window/string information:

* Gets user name information.
* Gets computer name.
* Checks for debuggers.
* Creates process "null, C:\Users\Cognus\AppData\Local\Temp\cbdcabfcefg.exe 0-5-9-5-6-3-7-0-2-6-4 L0tAPzc0MTA3GitTUDlLQ0E2MB4pSkVPTkpMSEJEOyscLz9ATk5GPT0wMDM2LBcqPUY9PS4aK1BNRj9PQE1fRz45MjAwMDAdKFNDTFJFTVZQTEk2aHJubDoqJm5fb28ucmJhLVxnaydhWnRfKGVuYWYbKUBFSUFFRUQ4Fyo+LjYyLiosICo7LTcqKiAtPi89KCgbKUEtPSsrHC8/LDgnLhkvTkxLRFA6T1lNS0lUOz9ZOBcqSk9IRFM9UF9ATEc7OhkvTkxLRFA6T1lLOk1DN0xEQWNkbmIZL0NSQV9QSUc3ZW10bjQrL19mcmhpaGFiKGxkYWNkbmInY21nK3Nga3BqKmlkZGZldGAkKyguKi4uKCwuYG9gGiw+WENZP00/Q0RIQjYgLUJLU09WPUxMUFNDTDk1GyZPQj5HS1dJUV9QSUc3ZW10bjQrL21ca2, null".
* Injects code into process "C:\Sandbox\Cognus\DefaultBox\user\current\AppData\Local\Temp\cbdcabfcefg.exe".
* Creates process "null, wmic /output:C:\Users\Cognus\AppData\Local\Temp\81462968491.txt bios get serialnumber, null".
* Injects code into process "C:\Windows\System32\wbem\WMIC.exe".
* Enables privilege SeIncreaseQuotaPrivilege.
* Enables privilege SeSecurityPrivilege.
* Enables privilege SeTakeOwnershipPrivilege.
* Enables privilege SeSystemProfilePrivilege.
* Enables privilege SeProfileSingleProcessPrivilege.
* Enables process privileges.
* Sleeps 60 seconds.

Additional Information:

How To Remove pdflite.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where pdflite.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top