Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 659968 KB
File Type : Portable Executable 32
File Name

sbgak.exe

MD5

b8495d32db28c9daf4581e716be19004

SHA1

56dfc914c02b40c67d1af31a8d585e8c65c3f0c1

SHA256

52b2cc0e0985772026766a7dd3395de0eec8ae4bfd9cf53d9c

General information:

* File name: C:\Users\cognus\Desktop\Analyzed Viruses\4 June 2016\New folder\Sample\b8495d32db28c9daf4581e716be19004.exe

Changes to registry :

Changes to registry ]
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{c9d04f3b-1c7e-11e6-979c-806e6f6e6963}
old value empty
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "b8495d32db28c9daf4581e716be19004.exe=b8495d32db28c9daf4581e716be19004.exe" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\cognus\Desktop\Analyzed Viruses\4 June 2016\New folder\Sample
binary data=620038003400390035006400330032006400620032003800630039006400610066003400350038003100650037003100360062006500310039003000300034002E006500780065000000

Changes to filesystem:

No changes

Network services:

* Queries DNS "safebrowsing.google.com".
* Queries DNS "wpad.localdomain".
* Queries DNS "safebrowsing-cache.google.com".
* Queries DNS "www.virustotal.com".
* Queries DNS "ssl.google-analytics.com".
* Queries DNS "chart.googleapis.com".
* Queries DNS "clients2.google.com".
* Queries DNS "redirector.gvt1.com".
* Queries DNS "r3---sn-ci5gup-cvhz.gvt1.com".
* Downloads file from "google.com/".

Process/window/string information:

* Gets input locale identifiers.
* Checks for debuggers.
* Sleeps 30 seconds.

Additional Information:

How To Remove sbgak.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where sbgak.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top