Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 1496064 KB
File Type : Portable Executable 32
File Name

tmp1415.exe

MD5

ae797446710e375f0fc9a33432d64256

SHA1

29175a0015909186f69f827630ef3fe2c1c5302c

SHA256

734d9639fcfffef1a3c360269ccc1cda4f1d0e9dc857fa438f

General information:

* File name: C:\Users\cognus\Desktop\Analysis\Trojan.Genric\Sample\ae797446710e375f0fc9a33432d64256.exe

Changes to registry :

* Creates value "WinrarUpdate=C:\Users\cognus\AppData\Roaming\WinRAR\WinrarContainer.exe" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C00570069006E005200410052005C00570069006E0072006100720043006F006E007400610069006E00650072002E006500780065000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "LangID=0904" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "reg.exe=Registry Console Tool" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Windows\System32
binary data=52006500670069007300740072007900200043006F006E0073006F006C006500200054006F006F006C000000
* Creates value "WinrarContainer.exe=Explorer" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\cognus\DefaultBox\user\current\AppData\Roaming\WinRAR
binary data=4500780070006C006F007200650072000000

Changes to filesystem:

* Creates file C:\Users\cognus\AppData\Local\Temp\tmp4A5A.reg
* Creates file (empty) C:\Users\cognus\AppData\Local\Temp\tmp4A5A.tmp
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\Command.txt
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\FLS
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\LitJson.dll
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\msvcp120.dll
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\msvcr120.dll
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\0nbsjxlk.p5u
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\0qu2gbv2.blh
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\0xo2r1py.vfh
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\10zoxkol.k1a
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\1202bgdc.zkq
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\1lxj3at2.ub4
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\1pjbrsvc.aj4
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\1tts1wtc.xwt
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\1zx5lshl.uk2
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\2ct1oqx0.0l3
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\2gzqpeba.ufm
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\2krsayvd.wna
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\2n1ijlrs.eyf
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\2ozp20gh.5v4
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\2sybt2ri.kl4
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\2vlq50xv.jw4
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\2wh3i5ti.qnw
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\324upiph.twg
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\32dobtxj.ggm
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\335sihte.tyb
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\3ikw4l1c.gh0
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\3lnuqrbh.cfq
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\3nzqie1s.tmi
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\3u1kkl0l.kb3
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\3ulakgzj.xaf
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\41bxgo3p.fjj
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\41mu5t5r.ged
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\4ajvroiv.d11
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\4asfpkmv.sgr
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\4hqsh33j.3n3
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\4hsyxngy.zhg
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\4hv4aln4.wz3
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\4z31gxnn.ibi
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\54mhg3uo.45r
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\5a2ecghs.0o2
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\5emcngss.022
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\5hfixxxn.nkp
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\5nphfmed.pmt
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\5omv05q2.ufk
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\5peeqfsx.5jd
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\5qbyixyg.kjw
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\5u0aa4ow.e44
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ahagi0o5.rkk
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\alq5a0j3.rcz
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\aqyo1yhe.r2n
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\areongyb.2mm
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\arh3lj2x.rrf
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\aweagw1r.yuz
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\b0p5aimz.npu
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\b4cvkhnp.cpn
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\bhdyapgp.xpr
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\bllnwmxz.05x
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\blsfg1pk.rtj
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\bmpaacln.zzk
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\bowvpoqi.fwn
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\bvu3xtog.omf
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\bxc52r3p.ei1
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\bzqiw0eh.ci5
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\bztujuk5.e2b
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\c3zsy4ec.e0j
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\c4gkthmv.wug
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\cu343xhv.s0o
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\d1g2qije.3h0
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\d4kmbsx2.v2o
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\dmx2nfx3.j3j
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\dnj0cwtp.sx1
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\dohdvzu2.iw5
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\dyphedwi.ui5
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\eaassawt.c33
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ei4a44xi.0wr
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\eyjpdwdg.qrn
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\f3x3tcp0.1ib
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\f5kum0gt.ngm
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\f5vv3xyh.kg5
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\fanwcy1y.rvi
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\fhdn2wl1.0zk
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\fiek1awy.gok
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\fnt3q1nj.z0a
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\g2y12dii.rk2
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\gd0kli3w.p2c
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\geeqkpzt.tqy
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\gf334nui.c5a
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\gpy3xsut.rbj
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\gsj30nbg.qy2
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\gyroiz3i.edo
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\hbzxhbh1.fj1
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\hdjkpp2n.kow
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\hjl5ot10.2m5
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\hkzbuv25.bp1
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\hmiawnys.33o
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ho1kx5v0.xug
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\hs0dobrn.ttl
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ihxusg3v.abk
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ikx2am4o.s5x
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\io1wniih.n3u
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ir3p0kzy.la1
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ixynzm25.kjy
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\jjeqwuk0.czg
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\jp53aksj.xjm
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\kg2dif1x.yhy
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\kke4dazx.bmh
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\kkqpqygu.h23
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\knssftrv.gwj
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\l2sge4wx.w1v
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\lhnagfoc.mjz
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\lrctbjrk.sfu
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\lunte34o.tmm
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\lxlxklyl.cfw
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\m31oei32.sfv
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\m3hdqvjw.va0
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\m51m3lek.h2r
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\mcuhbvts.x3i
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\memfzrc5.5m1
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\mftyztv1.po5
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\mgzjylwl.x33
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\mt4clmaz.no0
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\mvlc2sf4.zao
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\mxtbbvsd.n5d
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\n5ewo5eh.cl1
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ngjlh0wf.j4b
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\njzhvkw2.jcq
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\nocfelwm.cxh
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\nvkksdoe.dpj
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\o1bzoyyg.djh
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\okd2t0vz.v3m
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\omvga0k0.tl2
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\owrk42xz.3ju
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\p02105nt.kyd
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\p5s4oyfe.qku
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\pnuon35w.v2k
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\pqlcpeew.req
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\pvde3i1g.s1m
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\q2mb3g4g.mv0
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\q5kbhsgc.cum
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\qdzp0s5s.fpa
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\qfyqr1oh.wnp
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\qjuwxiwa.tts
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\qn41uhgp.cfm
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\qpudiheq.glf
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\qyyxqhim.0bo
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\r1e3n5kj.0df
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\r4u11jfi.4sp
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\rac5vfxn.hxa
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\rpzjba14.3zj
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\rrgy5oog.e3m
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ryvslg3p.lak
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\s2mjvikf.o1m
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\sgz14z4t.dom
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\sh0keumb.zwc
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\shfni5lk.ts5
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\shfojq3c.yjz
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\smyft11u.zft
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\snuhvrsi.gk0
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\spucmaza.zor
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\sq1210xs.seg
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ssywczqa.jeu
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\sukhmdk2.itd
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\taf45f0u.w2n
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\tahav4jh.kvq
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\tlqrpcqr.cdr
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\tqfzvid1.24x
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ts5ypzsa.koe
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\u0bnnvss.z35
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\u1a53x1d.t4y
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\u1epw0pj.ryp
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\u1qagjsn.rww
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ui11bd4m.u0p
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\uiwuiw42.gmw
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\un5prslq.qb5
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\v2fdorra.rjy
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\vdj1sex5.lsi
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\vma1ntjp.fof
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\vplewtnv.2nr
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\wmgbr4jv.djy
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\wqu2qmom.prp
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\wr5bj5zg.lom
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\wuurmwvo.hza
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\wzzitpzu.thi
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\x44kmyi1.mzm
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\xncmizw1.rk4
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\xwwyo3vp.xg2
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\xytjag4u.zrr
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\yehcgmv0.5wy
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\yjqkoakf.ls4
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\z2e4maa3.qli
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\z4j5gyea.mn5
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\zorjq5zf.a4x
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\zs4reghd.fcr
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\MU\ztit3jyy.rao
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\sqlite3.dll
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\SU.dll
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\WinrarContainer.exe
* Creates file C:\Users\cognus\AppData\Roaming\WinRAR\WinrarContainer.exe.config

Network services:

* Queries DNS "www.virustotal.com".
* Queries DNS "ssl.google-analytics.com".
* Queries DNS "stats.g.doubleclick.net".
* Queries DNS "chart.googleapis.com".
* Queries DNS "wpad.localdomain".
* Queries DNS "dns.msftncsi.com".
* Queries DNS "teredo.ipv6.microsoft.com".
* Queries DNS "virustotalcloud.appspot.com".
* Queries DNS "clients4.google.com".
* Queries DNS "safebrowsing.google.com".
* Queries DNS "safebrowsing-cache.google.com".
* Queries DNS "nvidia-support.com".
* C:\Windows\System32\rundll32.exe Connects to "5.39.221.5" on port 80 (TCP - HTTP).
* Downloads file from "go.microsoft.com/fwlink/?LinkId=57426&Ext=pe".
* Downloads file from "shell.windows.com/fileassoc/fileassoc.asp?Ext=pe".
* Downloads file from "shell.windows.com/0409/fileassoc.css".
* Downloads file from "shell.windows.com/Win_FileAssoc_Header.jpg".
* Downloads file from "shell.windows.com/HeaderSlice.jpg".
* Downloads file from "shell.windows.com/favicon.ico".
* Downloads file from "yahoo.com/setting.doc".
* Downloads file from "www.yahoo.com/setting.doc".
* Downloads file from "exonapps.nl/v2/listener.php?pcnaam=WIN-KGL9TO64INN&uni=8e717043b93c5fb6b76d9c2d1695414c&winos=Windows%207&cpu=Intel(R)%20Core(TM)%20i3-4170T%20CPU%20@%203.20GHz&gpu=VMware%20SVGA%203D".
* Downloads file from "nvidia-support.com/Command.txt".
* Downloads file from "nvidia-support.com /D5A66309-D00C-45A8-9827-9A8793D335C1.php".
* Uses POST methods in HTTP.

Process/window/string information:

* Gets computer name.
* Checks for debuggers.
* Installs a hook procedure that monitors keystroke messages.
* Creates an event named "Global\CorDBIPCSetupSyncEvent_15740".
* Enables privilege SeDebugPrivilege.
* Creates process "null, "reg.exe" import C:\Users\cognus\AppData\Local\Temp\tmp4A5A.reg, C:\Users\cognus\Desktop\Analysis\Trojan.Genric\Sample".
* Injects code into process "C:\Windows\System32\reg.exe".
* Creates process "C:\Users\cognus\AppData\Roaming\WinRAR\WinrarContainer.exe, "C:\Users\cognus\AppData\Roaming\WinRAR\WinrarContainer.exe" , C:\Users\cognus\Desktop\Analysis\Trojan.Genric\Sample".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\AppData\Roaming\WinRAR\WinrarContainer.exe".
* Creates an event named "Global\CorDBIPCSetupSyncEvent_15480".
* Creates process "C:\Windows\System32\rundll32.exe, "C:\Windows\System32\rundll32.exe" C:\Users\cognus\AppData\Roaming\WinRAR\SU.dll,_FuckIt_, C:\Users\cognus\Desktop\Analysis\Trojan.Genric\Sample".
* Injects code into process "C:\Windows\System32\rundll32.exe".
* Creates an event named "Global\CorDBIPCSetupSyncEvent_14812".
* Creates a mutex "Global\.net clr networking".
* Creates a mutex "Local\!IETld!Mutex".
* Enables process privileges.
* Contains string Detected Anti-Malware Analyzer routine: Norman Sandbox detection ("CurrentUser")
* Contains string Checked for registry software presence ("REG.EXE")
* Sleeps 205094 seconds.

Additional Information:

How To Remove tmp1415.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where tmp1415.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top