Home » Virus List
PUP.Generic
Risk Level 1
 
File Size : 2979328 KB
File Type : Portable Executable file
File Name

ProRat.exe

MD5

61d3686ebf0a26bd83c5234d28667aae

SHA1

fe8af6a53190c46707d1be18c975dc85fd37a05e

SHA256

eeb928f306c170e1fa4d80a4d914f7401c83a62063a35c4a1d

General information:

* File name: C:\Users\vmware\Desktop\report\128\ProRat.exe

Changes to registry :

* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d830145d-1c80-11e6-b8aa-806e6f6e6963}
old value empty
* Creates value "skin=30000000" in key HKEY_CURRENT_USER\software\P�O Group\ProMessenger
* Creates value "Genel_Sifre=123456" in key HKEY_CURRENT_USER\software\P�O Group\ProRat V1.9
binary data=3100320033003400350036000000
* Creates value "Son_Ip=127.0.0.1" in key HKEY_CURRENT_USER\software\P�O Group\ProRat V1.9
binary data=3100320037002E0030002E0030002E0031000000
* Creates value "Son_Port=5110" in key HKEY_CURRENT_USER\software\P�O Group\ProRat V1.9
binary data=35003100310030000000
* Creates value "skin=30000000" in key HKEY_CURRENT_USER\software\P�O Group\ProRat V1.9
* Creates value "LanguageId=30000000" in key HKEY_CURRENT_USER\software\P�O Group\ProRat V1.9
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "ProRat.exe.exe=ProHack.Net Remote Administrator Tool" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\vmware\Desktop\malware
binary data=500072006F004800610063006B002E004E00650074002000520065006D006F00740065002000410064006D0069006E006900730074007200610074006F007200200054006F006F006C000000
* Creates value "ProConnective.exe=ProHack.Net Reverse Connective Tool" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=500072006F004800610063006B002E004E006500740020005200650076006500720073006500200043006F006E006E00650063007400690076006500200054006F006F006C000000
* Creates value "ProRat.exe.exe=ProHack.Net Remote Administrator Tool" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\vmware\Desktop\report\128
binary data=500072006F004800610063006B002E004E00650074002000520065006D006F00740065002000410064006D0069006E006900730074007200610074006F007200200054006F006F006C000000

Changes to filesystem:

* Creates file C:\Users\vmware\Desktop\malware\ProConnective.exe
* Creates file C:\Users\vmware\Desktop\report\128\language\English.ini

Network services:

Process/window/string information:

* Gets user name information.
* Gets input locale identifiers.
* Checks for debuggers.
* Enumerates running processes.

Additional Information:

How To Remove ProRat.exe

1.Download free antivirus software for pc
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where ProRat.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top