Home » Virus List
Trojan.Agent
Risk Level 1
 
File Size : 451584 KB
File Type : Portable Executable 32
File Name

virussign.com_b0d18917610f34019fe020d7a86e0e70.vir

MD5

b0d18917610f34019fe020d7a86e0e70

SHA1

062277fa10b4d863337747cfa9ba7157bb235182

SHA256

b2af34b7eaebff598bccad51e8d1df111dbbc22de8d96e4284

General information:

* File name: C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder\b0d18917610f34019fe020d7a86e0e70.exe

Changes to registry :

* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "TWAscIMM.exe=C:\ProgramData\msAkUwYY\TWAscIMM.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\run
binary data=43003A005C00500072006F006700720061006D0044006100740061005C006D00730041006B0055007700590059005C005400570041007300630049004D004D002E006500780065000000
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Modifies value "Hidden=00000002" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
old value "Hidden=00000001"
* Modifies value "HideFileExt=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
old value empty
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{c9d04f3b-1c7e-11e6-979c-806e6f6e6963}
old value empty
* Creates value "pqMEIYoA.exe=C:\Users\cognus\XCUwQIww\pqMEIYoA.exe" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\run
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C00580043005500770051004900770077005C00700071004D004500490059006F0041002E006500780065000000
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Modifies value "3=C:\Users\cognus\Desktop\AutorunRemover.zip" in key HKEY_CURRENT_USER\software\WinRAR\ArcHistory
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070005C004100750074006F00720075006E00520065006D006F007600650072002E007A00690070000000
old value "3=C:\Users\cognus\Desktop\mal(1).zip"
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070005C006D0061006C002800310029002E007A00690070000000
* Modifies value "2=C:\Users\cognus\Desktop\Analyzed Viruses.zip" in key HKEY_CURRENT_USER\software\WinRAR\ArcHistory
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070005C0041006E0061006C0079007A0065006400200056006900720075007300650073002E007A00690070000000
old value "2=C:\Users\cognus\Desktop\AutorunRemover.zip"
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070005C004100750074006F00720075006E00520065006D006F007600650072002E007A00690070000000
* Modifies value "1=C:\Users\cognus\Desktop\NoAutorun-win32-bin-1.1.2.25.zip" in key HKEY_CURRENT_USER\software\WinRAR\ArcHistory
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070005C004E006F004100750074006F00720075006E002D00770069006E00330032002D00620069006E002D0031002E0031002E0032002E00320035002E007A00690070000000
old value "1=C:\Users\cognus\Desktop\Analyzed Viruses.zip"
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070005C0041006E0061006C0079007A0065006400200056006900720075007300650073002E007A00690070000000
* Modifies value "0=C:\Users\cognus\AppData\Local\Temp\123.rar" in key HKEY_CURRENT_USER\software\WinRAR\ArcHistory
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C003100320033002E007200610072000000
old value "0=C:\Users\cognus\Desktop\NoAutorun-win32-bin-1.1.2.25.zip"
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070005C004E006F004100750074006F00720075006E002D00770069006E00330032002D00620069006E002D0031002E0031002E0032002E00320035002E007A00690070000000
* Creates value "2=c:\BSA" in key HKEY_CURRENT_USER\software\WinRAR\DialogEditHistory\ExtrPath
binary data=63003A005C004200530041000000
* Modifies value "1=C:\Users\cognus\Desktop\Autorun_Viruses" in key HKEY_CURRENT_USER\software\WinRAR\DialogEditHistory\ExtrPath
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070005C004100750074006F00720075006E005F0056006900720075007300650073000000
old value "1=c:\BSA"
binary data=63003A005C004200530041000000
* Modifies value "0=C:\Users\cognus\AppData\Local\Temp\123" in key HKEY_CURRENT_USER\software\WinRAR\DialogEditHistory\ExtrPath
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070005C003100320033000000
old value "0=C:\Users\cognus\Desktop\Autorun_Viruses"
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070005C004100750074006F00720075006E005F0056006900720075007300650073000000
* Modifies value "LastFolder=C:\Users\cognus\AppData\Local\Temp" in key HKEY_CURRENT_USER\software\WinRAR\General
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C0041007000700044006100740061005C004C006F00630061006C005C00540065006D0070000000
old value "LastFolder=C:\Users\cognus\Desktop"
binary data=43003A005C00550073006500720073005C0063006F0067006E00750073005C004400650073006B0074006F0070000000
* Modifies value "Band56_0=38000000730100000402000000000000F0F0F00000000000000000000000000046062300000000003B000000B40200000000000001000000" in key HKEY_CURRENT_USER\software\WinRAR\General\Toolbar\Layout
old value "Band56_0=38000000730100000402000000000000F0F0F000000000000000000000000000A4010100000000003B000000B40200000000000001000000"
* Modifies value "Band56_1=38000000730100000500000000000000F0F0F000000000000000000000000000DC0142000000000018000000280000000000000002000000" in key HKEY_CURRENT_USER\software\WinRAR\General\Toolbar\Layout
old value "Band56_1=38000000730100000500000000000000F0F0F000000000000000000000000000A60101000000000018000000280000000000000002000000"
* Modifies value "Band56_2=38000000730100000400000000000000F0F0F0000000000000000000000000007E076C000000000018000000640000000000000003000000" in key HKEY_CURRENT_USER\software\WinRAR\General\Toolbar\Layout
old value "Band56_2=38000000730100000400000000000000F0F0F000000000000000000000000000900102000000000018000000640000000000000003000000"
* Empties value "ShellExtBMP" in key HKEY_CURRENT_USER\software\WinRAR\Interface\Themes
old value "ShellExtBMP=0000"
* Empties value "ShellExtIcon" in key HKEY_CURRENT_USER\software\WinRAR\Interface\Themes
old value "ShellExtIcon=0000"
* Creates value "WORDPAD.EXE,-300=Office Open XML Document" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\16\52C64B7E\@C:\Program Files\Windows NT\Accessories
binary data=4F006600660069006300650020004F00700065006E00200058004D004C00200044006F00630075006D0065006E0074000000
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "WinRAR.exe=WinRAR archiver" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\WinRAR
binary data=570069006E005200410052002000610072006300680069007600650072000000

Changes to filesystem:

* Modifies file C:\BSA\LANG\Translator.exe
* Creates file C:\BSA\MAEC\library.zip.exe
* Modifies file C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
* Creates file C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
* Creates file C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe
* Creates hidden folder C:\ProgramData\msAkUwYY
* Creates file (hidden) C:\ProgramData\msAkUwYY\TWAscIMM
* Creates file (hidden) C:\ProgramData\msAkUwYY\TWAscIMM.exe
* Creates file (hidden) C:\ProgramData\msAkUwYY\TWAscIMM.inf
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\128.png.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\128.png.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\128.png.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\flapper.gif.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\images\icon_128.png.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\128.png.exe
* Creates file C:\Users\cognus\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\imgs\icon-128x128.png.exe
* Creates file C:\Users\cognus\AppData\Local\Temp\123\HotKeys.txt
* Creates file C:\Users\cognus\AppData\Local\Temp\123\question.jpg
* Creates file C:\Users\cognus\AppData\Local\Temp\123\question.pdf
* Creates file C:\Users\cognus\AppData\Local\Temp\123\Questions.docx
* Creates file C:\Users\cognus\AppData\Local\Temp\123\targets.xls
* Creates file C:\Users\cognus\AppData\Local\Temp\123\targets.xlsx
* Creates file C:\Users\cognus\AppData\Local\Temp\123\Test.doc
* Creates file C:\Users\cognus\AppData\Local\Temp\123.rar
* Changes file attributes C:\Users\cognus\AppData\Local\Temp\Rar$LS0.061
* Creates file C:\Users\cognus\AppData\Roaming\Notepad++\plugins\config\PluginManagerPlugins.zip.exe
* Creates file C:\Users\cognus\Desktop\826b71b3b795597d35cd7c73511788cc.zip.exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\Analysis\Worm.VB.NZQ\Sample\a35363827c0db2d4b8bfb6fcdcbbb770.exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\AutorunRemover\Setup.exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\Autorun_Viruses\1\1 (1).exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\Autorun_Viruses\2\1 (4).exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\Autorun_Viruses\4\1 (16).exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\Autorun_Viruses\5\1 (25).exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\BSA\LANG\Translator.exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\cleanautorun.exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\CR_A377E.tmp\setup.exe
* Modifies file C:\Users\cognus\Desktop\Analysis\Worm.VB.NZQ\Dropped Files\IDA_v6.1.rar
* Creates hidden folder C:\Users\cognus\XCUwQIww
* Creates file (hidden) C:\Users\cognus\XCUwQIww\pqMEIYoA
* Creates file (hidden) C:\Users\cognus\XCUwQIww\pqMEIYoA.exe
* Creates file (hidden) C:\Users\cognus\XCUwQIww\pqMEIYoA.inf
* Creates file C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Large.jpg.exe
* Creates file C:\Users\Public\Music\Sample Music\AlbumArt_{5FA05D35-A682-4AF6-96F7-0773E42D4D16}_Small.jpg.exe
* Creates file C:\Users\Public\Music\Sample Music\Kalimba.mp3.exe
* Creates file C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.exe
* Creates file C:\Users\Public\Music\Sample Music\Sleep Away.mp3.exe
* Creates file C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.exe
* Creates file C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.exe
* Creates file C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.exe
* Creates file C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.exe
* Creates file C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.exe
* Creates file C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.exe
* Creates file C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.exe
* Creates file C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.exe
* Creates Alternate Data Stream \\?\C:\USERS\COGNUS\APPDATA\LOCAL\TEMP\123\HOTKEYS.TXT

Network services:

* Queries DNS "google.com".
* Queries DNS "dns.msftncsi.com".
* C:\Sandbox\cognus\DefaultBox\user\current\XCUwQIww\pqMEIYoA.exe Connects to "216.58.199.142" on port 80 (TCP - HTTP).
* Downloads file from "kbfvzoboss.bid /alpha/gate.php".
* Downloads file from "176.114.3.173 /userinfo.php".
* Downloads file from "107.170.20.33 /userinfo.php".
* Downloads file from "146.185.155.126 /userinfo.php".
* Downloads file from "ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D".
* Downloads file from "ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D".
* Downloads file from "ocsp.godaddy.com//MEkwRzBFMEMwQTAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCAOAWJVWSu%2FF".
* Downloads file from "139.59.166.196 /userinfo.php".
* Downloads file from "crl.microsoft.com/pki/crl/products/microsoftrootcert.crl".
* Downloads file from "crl.microsoft.com/pki/crl/products/WinPCA.crl".
* Downloads file from "google.com/".
* Uses POST methods in HTTP.

Process/window/string information:

* Gets user name information.
* Gets input locale identifiers.
* Gets volume information.
* Checks for debuggers.
* Enumerates running processes.
* Creates process "C:\Users\cognus\XCUwQIww\pqMEIYoA.exe, null, null".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\current\XCUwQIww\pqMEIYoA.exe".
* Creates process "C:\ProgramData\msAkUwYY\TWAscIMM.exe, null, null".
* Injects code into process "C:\Sandbox\cognus\DefaultBox\user\all\msAkUwYY\TWAscIMM.exe".
* Creates process "C:\Users\cognus\AppData\Local\Temp\xWIMEkww.bat, C:\Users\cognus\AppData\Local\Temp\123.rar Viruses\1 June 2016\New folder\b0d18917610f34019fe020d7a86e0e70.exe" , C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder".
* Injects code into process "C:\Windows\System32\cmd.exe".
* Creates process "null, reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1, null".
* Injects code into process "C:\Windows\System32\reg.exe".
* Creates process "null, reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2, null".
* Creates process "null, reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f, null".
* Creates process "C:\Users\cognus\AppData\Local\Temp\123.rar, C:\Users\cognus\AppData\Local\Temp\123.rar Viruses\1 June 2016\New folder\b0d18917610f34019fe020d7a86e0e70.exe" , C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder".
* Creates a mutex "Local\HGFSMUTEX".
* Creates process "C:\Program Files\WinRAR\WinRAR.exe, "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\cognus\AppData\Local\Temp\123.rar", C:\Users\cognus\Desktop\Analyzed Viruses\1 June 2016\New folder".
* Injects code into process "C:\Program Files\WinRAR\WinRAR.exe".
* Creates a mutex "WinRAR_Busy".
* Opens a service named "Csc".
* Opens a service named "CscService".
* Sleeps 3035 seconds.

Additional Information:

How To Remove virussign.com_b0d18917610f34019fe020d7a86e0e70.vir

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where virussign.com_b0d18917610f34019fe020d7a86e0e70.vir located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top