Home » Virus List
Trojan.Win32.Generic
Risk Level 1
 
File Size : 5345280 KB
File Type : Portable Executable file
File Name

Saburex.exe

MD5

30b9117ad415a34548a57625f959c3eb

SHA1

3430bf9d985d0e980d1861b0912fee5e71db8374

SHA256

61c119de9fd4e26e893464287a9769796855688ecd730950f5

General information:

* File name: C:\Users\vmware\Desktop\malware\Virus.Win32.Saburex.exe

Changes to registry :

* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates value "ExceptionRecord=050000C00000000000000000FC1240000200000001000000000000003F0001000000000000000000000000000000000000000000000000007F02000000000000FFFF0000000000000000000000000000" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
* Creates value "StoreLocation=C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Sabu_a7d376a6ac7a92a33812b9814f22fc7647d61_cab_0abca832" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C00410070007000430072006100730068005F00560069007200750073002E00570069006E00330032002E0053006100620075005F0061003700640033003700360061003600610063003700610039003200610033003300380031003200620039003800310034006600320032006600630037003600340037006400360031005F006300610062005F00300061006200630061003800330032000000
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Creates value "StoreLocation=C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Sabu_a7d376a6ac7a92a33812b9814f22fc7647d61_cab_0abca832" in key HKEY_CURRENT_USER\software\Microsoft\Windows\Windows Error Reporting\Debug
binary data=43003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005700450052005C005200650070006F0072007400510075006500750065005C00410070007000430072006100730068005F00560069007200750073002E00570069006E00330032002E0053006100620075005F0061003700640033003700360061003600610063003700610039003200610033003300380031003200620039003800310034006600320032006600630037003600340037006400360031005F006300610062005F00300061006200630061003800330032000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000 .

Changes to filesystem:

* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Sabu_a7d376a6ac7a92a33812b9814f22fc7647d61_cab_0abca832\Report.wer
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Sabu_a7d376a6ac7a92a33812b9814f22fc7647d61_cab_0abca832\WER6807.tmp.appcompat.txt
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Sabu_a7d376a6ac7a92a33812b9814f22fc7647d61_cab_0abca832\WER69EB.tmp.WERInternalMetadata.xml
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Sabu_a7d376a6ac7a92a33812b9814f22fc7647d61_cab_0abca832\WER6AE6.tmp.hdmp
* Creates file C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Virus.Win32.Sabu_a7d376a6ac7a92a33812b9814f22fc7647d61_cab_0abca832\WERA586.tmp.mdmp
* Creates file C:\Users\vmware\AppData\Local\CrashDumps\Virus.Win32.Saburex.exe.3776.dmp

Network services:

no change

Process/window/string information:

* Checks for debuggers.
* Creates process "C:\Windows\system32\WerFault.exe, C:\Windows\system32\WerFault.exe -u -p 3776 -s 132, C:\Windows\system32".
* Injects code into process "C:\Windows\System32\WerFault.exe".
* Enumerates running processes.
* Creates a mutex "Local\WERReportingForProcess3776".
* Enables privilege SeDebugPrivilege.
* Creates a mutex "Global\add4cd6a-2270-11e6-8c41-000c29164906".
* Enables privilege SeShutdownPrivilege.
* Enables process privileges.

Additional Information:

How To Remove Saburex.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where Saburex.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top