Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 24576 KB
File Type : Portable Executable 32
File Name

virussign.com_9d1a5b289cb7037dfcd8081e476082f0.vir

MD5

9d1a5b289cb7037dfcd8081e476082f0

SHA1

502e616289cc32db2cbf36f33193a3c839aade8f

SHA256

033ff1484f3d8b388486ca4e76e79388b0d9bc956ea82a4296

General information:

* File name: C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe

Changes to registry :

* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\9d1a5b289cb7037dfcd8081e476082f0_RASAPI32
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\9d1a5b289cb7037dfcd8081e476082f0_RASAPI32
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\9d1a5b289cb7037dfcd8081e476082f0_RASAPI32
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\9d1a5b289cb7037dfcd8081e476082f0_RASAPI32
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\9d1a5b289cb7037dfcd8081e476082f0_RASMANCS
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\9d1a5b289cb7037dfcd8081e476082f0_RASMANCS
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\9d1a5b289cb7037dfcd8081e476082f0_RASMANCS
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\9d1a5b289cb7037dfcd8081e476082f0_RASMANCS
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\POSIX
* Creates value "Traybar=C:\Windows\lsass.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
binary data=43003A005C00570069006E0064006F00770073005C006C0073006100730073002E006500780065000000
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{c9d04f3b-1c7e-11e6-979c-806e6f6e6963}
old value empty
* Modifies value "SavedLegacySettings=4600000024000000090000000000000000000000000000000400000000000000909F87AE2BBED101000000000000000000000000020000001700000000000000FE800000000000001466833CA0278AEB0B00000020CFAA0FB8CDAA0FB8CDAA0F18CEAA0F18CEAA0FB8CDAA0FB8CDAA0FB8CDAA0FB8CDAA0F10CDAA0F10CDAA0F10D9AA0F10D9AA0F28D3AA0F28D3AA0FB8CDAA0FB8CDAA0F98CFAA0F98CFAA0F90CEAA0F90CEAA0F08CFAA0F08CFAA0FB8CDAA0FB8CDAA0F02000000C0A8BA80000000000000000000B3AA0F00B3AA0F40CDAA0F40CDAA0FB8CDAA0FB8CDAA0FB8CDAA0FB8CDAA0FA0B8AA0FA0B8AA0FB8CDAA0FB8CDAA0FB8CDAA0FB8CDAA0F78CEAA0F78CEAA0FB8CDAA0FB8CDAA0F00CEAA0F00CEAA0F60CEAA0F60CEAA0FB8CDAA0FB8CDAA0F48CEAA0F48CEAA0FB8CDAA0FB8CDAA0F" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
old value "SavedLegacySettings=4600000023000000090000000000000000000000000000000400000000000000909F87AE2BBED101000000000000000000000000020000001700000000000000FE800000000000001466833CA0278AEB0B00000020CFAA0FB8CDAA0FB8CDAA0F18CEAA0F18CEAA0FB8CDAA0FB8CDAA0FB8CDAA0FB8CDAA0F10CDAA0F10CDAA0F10D9AA0F10D9AA0F28D3AA0F28D3AA0FB8CDAA0FB8CDAA0F98CFAA0F98CFAA0F90CEAA0F90CEAA0F08CFAA0F08CFAA0FB8CDAA0FB8CDAA0F02000000C0A8BA80000000000000000000B3AA0F00B3AA0F40CDAA0F40CDAA0FB8CDAA0FB8CDAA0FB8CDAA0FB8CDAA0FA0B8AA0FA0B8AA0FB8CDAA0FB8CDAA0FB8CDAA0FB8CDAA0F78CEAA0F78CEAA0FB8CDAA0FB8CDAA0F00CEAA0F00CEAA0F60CEAA0F60CEAA0FB8CDAA0FB8CDAA0F48CEAA0F48CEAA0FB8CDAA0FB8CDAA0F"
* Creates Registry key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\POSIX
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000

Changes to filesystem:

* Creates file C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ICQ 4 Lite.com
* Creates file C:\Documents and Settings\All Users\Microsoft\Network\Downloader\Harry Potter.exe
* Creates file C:\Documents and Settings\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\Dropped Files\Kazaa Lite.ShareReactor.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\Dropped Files\No Files Dropped\WinRAR.v.3.2.and.key.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\Reports\Kazaa Lite.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\Sample\index.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\1 June 2016\Trojan.VirLock\Dropped Files\Documents\Downloads\Winamp 5.0 (en).com
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\index.exe
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Microsoft\index.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Temp\Winamp 5.0 (en).exe
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\LocalLow\Microsoft\Winamp 5.0 (en).exe
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\LocalLow\Winamp 5.0 (en) Crack.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Roaming\index.ShareReactor.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Roaming\Microsoft\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\WinRAR.v.3.2.and.key.exe
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\index.com
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Harry Potter.exe
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Reports\Winamp 5.0 (en) Crack.exe
* Creates file C:\Documents and Settings\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Sample\ICQ 4 Lite.com
* Creates file C:\Program Files\Common Files\microsoft shared\DAO\index.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\1.0\index.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\1.7\index.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\ar-SA\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\bg-BG\Winamp 5.0 (en).com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\Harry Potter.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\da-DK\ICQ 4 Lite.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\de-DE\Kazaa Lite.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\el-GR\WinRAR.v.3.2.and.key.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\en-US\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\es-ES\Kazaa Lite.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\et-EE\ICQ 4 Lite.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fi-FI\ICQ 4 Lite.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fr-FR\Kazaa Lite.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\ICQ 4 Lite.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\Harry Potter.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\Winamp 5.0 (en) Crack.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\numbers\Winamp 5.0 (en).com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\WinRAR.v.3.2.and.key.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\index.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\index.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ICQ 4 Lite.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\web\Winamp 5.0 (en).exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\Winamp 5.0 (en) Crack.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\he-IL\ICQ 4 Lite.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\hr-HR\WinRAR.v.3.2.and.key.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\hu-HU\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\Kazaa Lite.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\it-IT\ICQ 4 Lite.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\ja-JP\WinRAR.v.3.2.and.key.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\ko-KR\Kazaa Lite.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\lt-LT\Kazaa Lite.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\lv-LV\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\nb-NO\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\nl-NL\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\pl-PL\ICQ 4 Lite.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\pt-BR\index.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\pt-PT\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\ro-RO\Winamp 5.0 (en).exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\ru-RU\Harry Potter.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\sk-SK\Winamp 5.0 (en).com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\sl-SI\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-CS\Harry Potter.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\sv-SE\Kazaa Lite.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\th-TH\ICQ 4 Lite.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\tr-TR\ICQ 4 Lite.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\uk-UA\Winamp 5.0 (en).exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\Winamp 5.0 (en) Crack.com
* Creates file C:\Program Files\Common Files\microsoft shared\ink\zh-CN\Kazaa Lite.exe
* Creates file C:\Program Files\Common Files\microsoft shared\ink\zh-TW\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\Winamp 5.0 (en) Crack.com
* Creates file C:\Program Files\Common Files\microsoft shared\MSInfo\Harry Potter.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\Stationery\ICQ 4 Lite.exe
* Creates file C:\Program Files\Common Files\microsoft shared\TextConv\en-US\Winamp 5.0 (en).com
* Creates file C:\Program Files\Common Files\microsoft shared\TextConv\Kazaa Lite.com
* Creates file C:\Program Files\Common Files\microsoft shared\Triedit\en-US\Kazaa Lite.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\Triedit\Harry Potter.com
* Creates file C:\Program Files\Common Files\microsoft shared\VC\ICQ 4 Lite.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\VGX\Kazaa Lite.ShareReactor.com
* Creates file C:\Program Files\Common Files\microsoft shared\Winamp 5.0 (en) Crack.exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\Winamp 5.0 (en) Crack.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Harry Potter.exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\Winamp 5.0 (en) Crack.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Full\index.exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\Winamp 5.0 (en) Crack.exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\Winamp 5.0 (en).com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Harry Potter.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\Harry Potter.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Harry Potter.ShareReactor.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Winamp 5.0 (en) Crack.exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Push\Harry Potter.ShareReactor.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\Kazaa Lite.exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Winamp 5.0 (en) Crack.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\Harry Potter.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\Winamp 5.0 (en) Crack.exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\Harry Potter.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\ICQ 4 Lite.exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Winamp 5.0 (en).exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\Winamp 5.0 (en).exe
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\ICQ 4 Lite.com
* Creates file C:\Program Files\DVD Maker\Shared\DvdStyles\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Program Files\DVD Maker\Shared\Harry Potter.ShareReactor.com
* Creates file C:\Program Files\Google\Update\Download\Harry Potter.ShareReactor.com
* Creates file C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\WinRAR.v.3.2.and.key.com
* Creates file C:\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\Harry Potter.com
* Creates file C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\51.0.2704.79\index.ShareReactor.com
* Creates file C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\WinRAR.v.3.2.and.key.com
* Creates file C:\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Program Files\Windows Media Player\Network Sharing\WinRAR.v.3.2.and.key.exe
* Creates file C:\Program Files\Windows Sidebar\Shared Gadgets\Harry Potter.ShareReactor.com
* Creates file C:\Users\Default\Downloads\index.com
* Creates file C:\Users\Default\Downloads\Kazaa Lite.com
* Creates file C:\Windows\lsass.exe
* Creates file C:\ProgramData\Microsoft\Network\Downloader\Harry Potter.com
* Creates file C:\ProgramData\Microsoft\Network\Downloader\ICQ 4 Lite.exe
* Creates file C:\ProgramData\Microsoft\Network\Downloader\index.com
* Creates file C:\ProgramData\Microsoft\Network\Downloader\index.exe
* Creates file C:\ProgramData\Microsoft\Network\Downloader\index.ShareReactor.com
* Creates file C:\ProgramData\Microsoft\Network\Downloader\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\ProgramData\Microsoft\Network\Downloader\Winamp 5.0 (en).exe
* Creates file C:\ProgramData\Microsoft\Network\Downloader\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\ProgramData\Microsoft\Network\Downloader\WinRAR.v.3.2.and.key.exe
* Creates file C:\ProgramData\Microsoft\Network\Downloader\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Harry Potter.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\ICQ 4 Lite.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\Kazaa Lite.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\icicibank.com\Harry Potter.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\icicibank.com\Harry Potter.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\icicibank.com\index.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\ICQ 4 Lite.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\infinity.icicibank.com\#ArcotWallets\Harry Potter.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\infinity.icicibank.com\Kazaa Lite.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\infinity.icicibank.com\Winamp 5.0 (en) Crack.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\infinity.icicibank.com\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\Kazaa Lite.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\Kazaa Lite.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\macromedia.com\Harry Potter.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\macromedia.com\index.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\macromedia.com\support\ICQ 4 Lite.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\macromedia.com\Winamp 5.0 (en) Crack.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\player.vzaar.com\ICQ 4 Lite.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\player.vzaar.com\index.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\player.vzaar.com\player\Harry Potter.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\player.vzaar.com\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\vidtech.cbsinteractive.com\##77923906CF86DAAD\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\vidtech.cbsinteractive.com\##B915E329B19FEBB5\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\vidtech.cbsinteractive.com\Harry Potter.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\vidtech.cbsinteractive.com\index.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\vidtech.cbsinteractive.com\player\index.ShareReactor.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\vidtech.cbsinteractive.com\Winamp 5.0 (en) Crack.com
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P7B9D5JT\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\WinRAR.v.3.2.and.key.exe
* Creates file C:\Users\cognus\AppData\Local\Temp\uzewdaxug.txt
* Creates file C:\Users\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\Dropped Files\index.exe
* Creates file C:\Users\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\Dropped Files\No Files Dropped\Winamp 5.0 (en) Crack.com
* Creates file C:\Users\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\Reports\index.com
* Creates file C:\Users\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\Sample\Kazaa Lite.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analysis\Trojan.Downloader.MSIL\Winamp 5.0 (en).exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\Trojan.VirLock\Dropped Files\Documents\Downloads\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\Trojan.VirLock\Dropped Files\Documents and Settings\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\Dropped Files\index.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\Trojan.VirLock\Dropped Files\Documents and Settings\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\Sample\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\Trojan.VirLock\Dropped Files\Documents and Settings\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\Trojan.VirLock\Dropped Files\Documents and Settings\cognus\Documents\Downloads\ICQ 4 Lite.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\Trojan.VirLock\Dropped Files\Documents and Settings\cognus\My Documents\Downloads\index.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\3 June 2016\Virus.Win32.PolyRansom\Dropped Files\Documents and Settings\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\Dropped Files\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\3 June 2016\Virus.Win32.PolyRansom\Dropped Files\Documents and Settings\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\3 June 2016\Virus.Win32.PolyRansom\Dropped Files\Documents and Settings\cognus\Documents\Downloads\Harry Potter.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\3 June 2016\Virus.Win32.PolyRansom\Dropped Files\Documents and Settings\cognus\My Documents\Downloads\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\Dropped Files\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\Dropped Files\YDQ8VZVV\Kazaa Lite.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\Reports\index.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\Sample\index.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\31 May 2016\Trojan.Downloader.Uptare\Winamp 5.0 (en).com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\4 June 2016\Ransom.CTBLocker\Dropped File\current\Desktop\Analysis\Trojan.Downloader.MSIL\Harry Potter.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\4 June 2016\Ransom.CTBLocker\Dropped File\current\Desktop\Analysis\Trojan.Downloader.MSIL\Reports\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\4 June 2016\Ransom.CTBLocker\Dropped File\Program Files\Common Files\microsoft shared\Stationery\Kazaa Lite.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\4 June 2016\Ransom.CTBLocker\Dropped File\Program Files\Common Files\microsoft shared\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\4 June 2016\Ransom.CTBLocker\Dropped File\Program Files\Windows Media Player\Network Sharing\WinRAR.v.3.2.and.key.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\4 June 2016\Ransom.CTBLocker\Dropped File\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.16385_none_10bfc8e81625ecbd\Kazaa Lite.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\4 June 2016\Ransom.CTBLocker\Dropped File\Windows\winsxs\x86_netfx35linq-csharp_31bf3856ad364e35_6.1.7600.16385_none_1702052d757d6e3d\Kazaa Lite.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Microsoft\Internet Explorer\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Microsoft\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Microsoft\Windows\History\History.IE5\Harry Potter.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Microsoft\Windows\History\Winamp 5.0 (en).com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Winamp 5.0 (en).exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YYDMVD30\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Microsoft\Windows\Temporary Internet Files\WinRAR.v.3.2.and.key.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Microsoft\Windows\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Temp\DLG\exe\618609b78ddc2f9ad06b5b204799c1fc\Harry Potter.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Temp\DLG\exe\Kazaa Lite.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Temp\DLG\Harry Potter.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\Temp\ICQ 4 Lite.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Local\WinRAR.v.3.2.and.key.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\LocalLow\index.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\LocalLow\Microsoft\CryptnetUrlCache\Content\ICQ 4 Lite.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\LocalLow\Microsoft\CryptnetUrlCache\ICQ 4 Lite.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ICQ 4 Lite.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\LocalLow\Microsoft\Kazaa Lite.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Roaming\Kazaa Lite.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Roaming\Microsoft\Winamp 5.0 (en).com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Roaming\Microsoft\Windows\Cookies\ICQ 4 Lite.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Roaming\Microsoft\Windows\IETldCache\Kazaa Lite.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Roaming\Microsoft\Windows\Winamp 5.0 (en) Crack.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\WinRAR.v.3.2.and.key.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Dropped Files\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Kazaa Lite.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Reports\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Sample\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\PUP.Optional.DownloadGuide\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\all\Microsoft\Network\Downloader\Kazaa Lite.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\WinRAR.v.3.2.and.key.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\index.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\Winamp 5.0 (en).com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Full\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\WinRAR.v.3.2.and.key.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Memories\WinRAR.v.3.2.and.key.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\OldAge\Harry Potter.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Performance\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Pets\index.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Push\index.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Harry Potter.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Shatter\Kazaa Lite.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\Harry Potter.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Sports\ICQ 4 Lite.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Stacking\Winamp 5.0 (en) Crack.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Travel\index.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\Winamp 5.0 (en) Crack.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\Vignette\Harry Potter.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\DvdStyles\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\DVD Maker\Shared\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\Google\Update\Download\Winamp 5.0 (en) Crack.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.30.3\WinRAR.v.3.2.and.key.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\51.0.2704.79\Kazaa Lite.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\Winamp 5.0 (en).ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\index.exe
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Program Files\Windows Sidebar\Shared Gadgets\Winamp 5.0 (en) Crack.ShareReactor.com
* Creates file C:\Users\cognus\Desktop\Analyzed Viruses\6 June 2016\Worm.Win32.Fujack\Dropped Files\Users\All Users\Microsoft\Network\Downloader\Winamp 5.0 (en).exe
* Creates file C:\Users\cognus\Documents\Downloads\ICQ 4 Lite.exe
* Creates file C:\Users\cognus\Documents\Downloads\Winamp 5.0 (en) Crack.com
* Creates file C:\Users\Public\Downloads\ICQ 4 Lite.com

Network services:

* Backdoor functionality on port 1042.
* Queries DNS "www.msftncsi.com".
* Queries DNS "dns.msftncsi.com".
* Queries DNS "mail.revouninstaller.com".
* Queries DNS "revouninstaller.com".
* Queries DNS "mx.revouninstaller.com".
* Queries DNS "smtp.revouninstaller.com".
* Queries DNS "safebrowsing.google.com".
* Queries DNS "wpad.localdomain".
* Queries DNS "alt1-safebrowsing.google.com".
* Queries DNS "www.google.co.in".
* Queries DNS "www.virustotal.com".
* Queries DNS "clients4.google.com".
* Queries DNS "www.gstatic.com".
* Queries DNS "ssl.google-analytics.com".
* Queries DNS "clients1.google.com".
* Queries DNS "stats.g.doubleclick.net".
* Queries DNS "safebrowsing-cache.google.com".
* Queries DNS "clients2.google.com".
* Queries DNS "mx1.free.fr".
* Queries DNS "mx2.free.fr".
* Queries DNS "free.fr".
* Queries DNS "mx.free.fr".
* Queries DNS "mail.free.fr".
* Queries DNS "smtp.free.fr".
* Queries DNS "mx1.win-razyr.com".
* Queries DNS "mx01.t-online.de".
* Queries DNS "mx00.t-online.de".
* Queries DNS "mx02.t-online.de".
* Queries DNS "mx03.t-online.de".
* Queries DNS "t-online.de".
* Queries DNS "mx.t-online.de".
* Queries DNS "mail.t-online.de".
* Queries DNS "smtp.t-online.de".
* Queries DNS "nwk-aaemail-lapp02.apple.com".
* Queries DNS "unicode.org".
* Queries DNS "bpsoft-com.relay1a.spamh.com".
* Queries DNS "mx1-lw-eu.apache.org".
* Queries DNS "ismtp.sitestar.everyone.net".
* Queries DNS "mx.bryson.demon.co.uk".
* Queries DNS "mx.cam.ac.uk".
* Queries DNS "pb-mx9.pobox.com".
* Queries DNS "mail.bryson.demon.co.uk".
* Queries DNS "mx4.mindspring.com".
* Queries DNS "onlineconnections.com.au".
* Queries DNS "smtp.bryson.demon.co.uk".
* Queries DNS "theriver.com".
* Queries DNS "mx2-lw-eu.apache.org".
* Queries DNS "mx1.mindspring.com".
* Queries DNS "mx2-lw-us.apache.org".
* Queries DNS "mx2.mindspring.com".
* Queries DNS "pb-mx12.pobox.com".
* Queries DNS "mx1-lw-us.apache.org".
* Queries DNS "openoffice.org".
* Queries DNS "pb-mx11.pobox.com".
* Queries DNS "pb-mx1.pobox.com".
* Queries DNS "mx.openoffice.org".
* Queries DNS "mail.alumni.caltech.edu".
* Queries DNS "mta2.teaser.net".
* Queries DNS "mta.openssl.org".
* Queries DNS "alt2.aspmx.l.google.com".
* Queries DNS "alt1.aspmx.l.google.com".
* Queries DNS "server.com".
* Queries DNS "mta1.teaser.net".
* Queries DNS "aspmx3.googlemail.com".
* Queries DNS "mx.server.com".
* Queries DNS "alumni.caltech.edu".
* Queries DNS "cl.cam.ac.uk".
* Queries DNS "mta.teaser.net".
* Queries DNS "aspmx2.googlemail.com".
* Queries DNS "mx3.mindspring.com".
* Queries DNS "mail.server.com".
* Queries DNS "gzip.org".
* Queries DNS "openssl.org".
* Queries DNS "pb-mx10.pobox.com".
* Queries DNS "aspmx.l.google.com".
* Queries DNS "mail.openoffice.org".
* Queries DNS "mx.theriver.com".
* Queries DNS "pobox.com".
* Queries DNS "cryptsoft.com".
* Queries DNS "mx.cl.cam.ac.uk".
* Queries DNS "mx.onlineconnections.com.au".
* Queries DNS "mail.onlineconnections.com.au".
* Queries DNS "mx.gzip.org".
* Queries DNS "mail.cl.cam.ac.uk".
* Queries DNS "smtp.openoffice.org".
* Queries DNS "mail.gzip.org".
* Queries DNS "mail.theriver.com".
* Queries DNS "mx.pobox.com".
* Queries DNS "smtp.theriver.com".
* Queries DNS "smtp.gzip.org".
* Queries DNS "mail.pobox.com".
* Queries DNS "netcom.com".
* Queries DNS "mx.cryptsoft.com".
* Queries DNS "mail.cryptsoft.com".
* Queries DNS "mx.alumni.caltech.edu".
* Queries DNS "smtp.onlineconnections.com.au".
* Queries DNS "smtp.pobox.com".
* Queries DNS "invincea.com".
* Queries DNS "mx.openssl.org".
* Queries DNS "smtp.alumni.caltech.edu".
* Queries DNS "mail.openssl.org".
* Queries DNS "smtp.openssl.org".
* Queries DNS "mx.netcom.com".
* Queries DNS "mail.netcom.com".
* Queries DNS "smtp.cryptsoft.com".
* Queries DNS "mx.invincea.com".
* Queries DNS "smtp.netcom.com".
* Queries DNS "mail.invincea.com".
* Queries DNS "smtp.invincea.com".
* Queries DNS "urlquery.net".
* Queries DNS "mx.unicode.org".
* Queries DNS "apis.google.com".
* Queries DNS "ssl.gstatic.com".
* Queries DNS "www.google.com".
* Queries DNS "mail.unicode.org".
* Queries DNS "smtp.unicode.org".
* Queries DNS "id.google.co.in".
* Queries DNS "bpsoft-com.relay1b.spamh.com".
* Queries DNS "bpsoft-com.relay1c.spamh.com".
* Queries DNS "bpsoft.com".
* Queries DNS "mx.bpsoft.com".
* Queries DNS "mail.bpsoft.com".
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "206.165.76.174" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "17.151.62.67" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "75.126.136.140" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "216.200.145.235" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "207.69.189.220" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "37.48.69.230" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "216.97.88.9" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "64.147.108.50" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "207.69.189.217" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "37.48.69.231" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "207.244.88.149" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "207.244.88.150" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "64.147.108.53" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "131.111.8.146" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "64.147.108.52" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "74.125.25.26" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "173.194.72.26" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "213.162.54.65" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "131.215.242.114" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "74.125.25.27" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "213.162.54.64" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "208.72.237.18" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "194.97.150.230" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "74.125.200.27" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "64.147.108.51" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "173.194.72.27" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "74.125.200.26" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "209.249.171.103" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "64.147.108.71" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "174.37.161.38" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "208.43.89.139" on port 25 (TCP - SMTP).
* C:\Users\cognus\Desktop\Analyzed Viruses\7 June 2016\New folder\Sample\9d1a5b289cb7037dfcd8081e476082f0.exe Connects to "71.174.50.132" on port 25 (TCP - SMTP).

Process/window/string information:

* Gets user name information.
* Opens a service named "Sens".
* Opens a service named "rasman".
* Sleeps 1692 seconds.

Additional Information:

How To Remove virussign.com_9d1a5b289cb7037dfcd8081e476082f0.vir

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where virussign.com_9d1a5b289cb7037dfcd8081e476082f0.vir located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top