Home » Virus List
PUP.Generic
Risk Level 1
 
File Size : 430944 KB
File Type : Portable Executable file Win32 EXE
File Name

setup.exe

MD5

34efb9fde21d28e9dbe9a75845c82fc3

SHA1

fcfcef4cae36a89c45a26d56e171eac4049217a6

SHA256

ad9286aee070e17f27fbdb211028f0590bebe13a9cca2737fc

General information:

* File name: C:\Users\Cognus\Desktop\report\7\setup.exe

Changes to registry :

* Creates value "ns1D26.tmp=ns1D26.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\Cognus\DefaultBox\user\current\AppData\Local\Temp\nsf1CD7.tmp
binary data=6E00730031004400320036002E0074006D0070000000
* Creates value "WMIC.exe=WMI Commandline Utility" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32\wbem
binary data=57004D004900200043006F006D006D0061006E0064006C0069006E00650020005500740069006C006900740079000000
* Creates value "ns374B.tmp=ns374B.tmp" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\Cognus\DefaultBox\user\current\AppData\Local\Temp\nsf1CD7.tmp
binary data=6E00730033003700340042002E0074006D0070000000

Changes to filesystem:

* Creates file C:\Users\Cognus\AppData\Local\Temp\nsf1CD7.tmp\ns374B.tmp
* Creates file C:\Users\Cognus\AppData\Local\Temp\nsf1CD7.tmp\nsExec.dll

Network services:

* Queries DNS "resolver3.qheal.ctmail.com".
* Queries DNS "webres3.qheal.ctmail.com".
* Queries DNS "resolver1.qheal.ctmail.com".
* Queries DNS "pagead2.googlesyndication.com".
* Queries DNS "webres1.qheal.ctmail.com".
* Queries DNS "webres4.qheal.ctmail.com".
* Queries DNS "webres2.qheal.ctmail.com".
* Queries DNS "resolver2.qheal.ctmail.com".
* Queries DNS "resolver4.qheal.ctmail.com".
* Queries DNS "resolver5.qheal.ctmail.com".
* Queries DNS "webres5.qheal.ctmail.com".
* Queries DNS "s2.symcb.com".
* Queries DNS "s1.symcb.com".
* Queries DNS "sv.symcd.com".
* Queries DNS "sv.symcb.com".
* Downloads file from "www.adobe.com/support/loganalyzer".
* Downloads file from "www.adobe.com/favicon.ico".

Process/window/string information:

* Gets user name information.
* Gets computer name.
* Checks for debuggers.
* Uses a pipe for inter-process communication.
* Creates process "null, "C:\Users\Cognus\AppData\Local\Temp\nsf1CD7.tmp\ns1D26.tmp" WMIC csproduct Get UUID /FORMAT:textvaluelist.xsl, null".
* Injects code into process "C:\Sandbox\Cognus\DefaultBox\user\current\AppData\Local\Temp\nsf1CD7.tmp\ns1D26.tmp".
* Creates process "null, WMIC csproduct Get UUID /FORMAT:textvaluelist.xsl, null".
* Injects code into process "C:\Windows\System32\wbem\WMIC.exe".
* Enables privilege SeIncreaseQuotaPrivilege.
* Enables privilege SeSecurityPrivilege.
* Enables privilege SeTakeOwnershipPrivilege.
* Enables privilege SeSystemProfilePrivilege.
* Enables privilege SeProfileSingleProcessPrivilege.
* Creates process "null, "C:\Users\Cognus\AppData\Local\Temp\nsf1CD7.tmp\ns374B.tmp" WMIC bios Get SerialNumber /FORMAT:textvaluelist.xsl, null".
* Injects code into process "C:\Sandbox\Cognus\DefaultBox\user\current\AppData\Local\Temp\nsf1CD7.tmp\ns374B.tmp".
* Creates process "null, WMIC bios Get SerialNumber /FORMAT:textvaluelist.xsl, null".

Additional Information:

How To Remove setup.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where setup.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top