Home » Virus List
Worm.Generic
Risk Level 1
 
File Size : 339968 KB
File Type : Portable Executable 32
File Name

peter02.exe

MD5

b46c0a92f4c42c54cb39d487f8a8b740

SHA1

174b9cf40bd635629aa440332e9c99388ccf5973

SHA256

c79c54d1409f2bdff6b16f3fb9a9b11433f13589fd29e712f8

General information:

* File name: C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\b46c0a92f4c42c54cb39d487f8a8b740.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{c9d04f3b-1c7e-11e6-979c-806e6f6e6963}
old value empty
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "HWID=7B43363835354243312D453643452D344432322D413934392D4537463044333739363334307D" in key HKEY_CURRENT_USER\software\WinRAR
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "b46c0a92f4c42c54cb39d487f8a8b740.exe=Czarish0" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder
binary data=43007A006100720069007300680030000000

Changes to filesystem:

* Modifies file (empty) C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\b46c0a92f4c42c54cb39d487f8a8b740.exe

Network services:

* Queries DNS "kbfvzoboss.bid".
* Queries DNS "xdnmkypeter02.win".
* Queries DNS "www.virustotal.com".
* Queries DNS "ssl.google-analytics.com".
* Queries DNS "stats.g.doubleclick.net".
* Queries DNS "virustotalcloud.appspot.com".
* Queries DNS "www.msftncsi.com".
* Queries DNS "wpad.localdomain".
* Queries DNS "kkhandrnrxsvj.localdomain".
* Queries DNS "pnlqonogb.localdomain".
* Queries DNS "kqgazsiuauiqk.localdomain".
* Queries DNS "www.google.com".
* Queries DNS "dns.msftncsi.com".
* C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\b46c0a92f4c42c54cb39d487f8a8b740.exe Connects to "198.105.221.6" on port 80 (TCP - HTTP).
* Downloads file from "kbfvzoboss.bid /alpha/gate.php".
* Uses POST methods in HTTP.

Process/window/string information:

* Gets user name information.
* Gets system default language ID.
* Gets input locale identifiers.
* Gets volume information.
* Checks for debuggers.
* Enables privilege SeImpersonatePrivilege.
* Enables privilege SeTcbPrivilege.
* Enables privilege SeChangeNotifyPrivilege.
* Enables privilege SeCreateTokenPrivilege.
* Enables privilege SeBackupPrivilege.
* Enables privilege SeRestorePrivilege.
* Enables privilege SeIncreaseQuotaPrivilege.
* Enables privilege SeAssignPrimaryTokenPrivilege.
* Creates a mutex "Local\!IETld!Mutex".
* Creates process "null, "C:\Users\cognus\AppData\Local\Temp\5472234.bat" "C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\b46c0a92f4c42c54cb39d487f8a8b740.exe" , C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder".
* Injects code into process "C:\Windows\System32\cmd.exe".
* Creates process "null, "C:\Users\cognus\AppData\Local\Temp\5472483.bat" "C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\b46c0a92f4c42c54cb39d487f8a8b740.exe" , C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder".
* Enables process privileges.
* Sleeps 102 seconds.

Additional Information:

How To Remove peter02.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where peter02.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top