Virus.Virut

By CagedTech in Viruses

Threat Scorecard

Popularity Rank:	3,222
Threat Level:	80 % (High)
Infected Computers:	11,227

First Seen:	March 21, 2013
Last Seen:	February 6, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

10 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Panda	Trj/CI.A
Fortinet	Riskware/Generic
Ikarus	Virus.Win32.Virut
GData	MSIL:Dropper-NB
Microsoft	Virus:Win32/Virut
AntiVir	TR/Drop.217088
Kaspersky	HEUR:Trojan.Win32.Generic
Avast	MSIL:Dropper-NB [Drp]
Symantec	WS.Reputation.1
McAfee	Artemis!2398F6F4C7FB

SpyHunter Detects & Remove Virus.Virut

File System Details

Virus.Virut may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	mspaint.exe	071b790d9c22f0b4dea3d4cdc47920e5	7
Name: mspaint.exe MD5: 071b790d9c22f0b4dea3d4cdc47920e5 Size: 373.76 KB (373760 bytes) Detections: 7 Type: Executable File Path: %WINDIR%\system32\mspaint.exe Group: Malware file Last Updated: June 26, 2020
2.	rundll32 .exe	2398f6f4c7fb2d6f6224f8c7b678be5c	5
Name: rundll32 .exe MD5: 2398f6f4c7fb2d6f6224f8c7b678be5c Size: 217.08 KB (217088 bytes) Detections: 5 Type: Executable File Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup Group: Malware file Last Updated: March 21, 2013
3.	mmc.exe	32a00814fb3b7ed6f943595420072aa5	5
Name: mmc.exe MD5: 32a00814fb3b7ed6f943595420072aa5 Size: 1.44 MB (1442816 bytes) Detections: 5 Type: Executable File Path: %WINDIR%\system32\mmc.exe Group: Malware file Last Updated: June 26, 2020
4.	ie4uinit.exe	a37a1917e338efafe8b8bb246b4e8c78	3
Name: ie4uinit.exe MD5: a37a1917e338efafe8b8bb246b4e8c78 Size: 745.98 KB (745984 bytes) Detections: 3 Type: Executable File Path: %WINDIR%\System32 Group: Malware file Last Updated: March 7, 2017
5.	cmd.exe	0658414f82b435aace3b014ddee75469	1
Name: cmd.exe MD5: 0658414f82b435aace3b014ddee75469 Size: 323.07 KB (323072 bytes) Detections: 1 Type: Executable File Path: %WINDIR%\SysWOW64 Group: Malware file Last Updated: August 17, 2016
6.	Fuel.Service.exe	1d74f2aa609169bdad764faab74e5ecd	1
Name: Fuel.Service.exe MD5: 1d74f2aa609169bdad764faab74e5ecd Size: 364.54 KB (364544 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\AMD\ATI.ACE\Fuel Group: Malware file Last Updated: August 18, 2017
7.	wmpnetwk.exe	89c8e1174e598acd964f0ee54105751b	1
Name: wmpnetwk.exe MD5: 89c8e1174e598acd964f0ee54105751b Size: 1.54 MB (1545728 bytes) Detections: 1 Type: Executable File Path: %PROGRAMFILES%\Windows Media Player Group: Malware file Last Updated: August 18, 2017
8.	File.exe	48013fdcf7a83efd9c467d172556162b	0
Name: File.exe MD5: 48013fdcf7a83efd9c467d172556162b Size: 33.79 KB (33792 bytes) Detections: 0 Type: Executable File Group: Malware file Last Updated: February 24, 2017

More files

Registry Details

Virus.Virut may create the following registry entry or registry entries:

Regexp file mask

%PROGRAMFILES%\Microsoft\watermark.exe

%PROGRAMFILES(x86)%\Microsoft\watermark.exe

Analysis Report

General information

Family Name:	Virus.Virut
Signature status:	No Signature

Known Samples

MD5: 35d64bacfa91d35080b73e4690283660

SHA1: 06c2d8685ad970f234e800be395b0b9b31710c70

File Size: 1.81 MB, 1807360 bytes

MD5: 2cb38a16df39aaf240045d4e26363865

SHA1: d4b470cfb9e0f15e15eab3749e418bdb1c4aabc9

File Size: 17.79 KB, 17788 bytes

MD5: d2e3496f0712749ba29c78b7bf878dfe

SHA1: 096a6178c5c66bb2211219f2154b3a7bb467caee

File Size: 48.13 KB, 48128 bytes

MD5: af93c7a5e2dc5a2249b66e64c9e7535b

SHA1: 84b5fb6e21b989d5cb26a708a2de33394c1d1bab

File Size: 558.59 KB, 558592 bytes

MD5: 67ca408685e20a31011ad1b3a9f75b5e

SHA1: 0efe4e0de0882b0cfe5a4fd07ef133efed8f8323

File Size: 163.84 KB, 163840 bytes

MD5: 0ef54df43bd795393e6d99aa2df38d5f

SHA1: e2a34fea8eb81e37406a21283efaa1bc040e2427

SHA256: 51F14FB9EAF5892E4CF852ECC088BF9F956E298DC1E36D78F9F822B4DFD966EE

File Size: 597.50 KB, 597504 bytes

MD5: 442a276d65bf83e5254448b4e4144df5

SHA1: 4b68257d297ee66e250c28c6ed74b9beed3bfc59

SHA256: 4D52C60BA14B6F3097A269930AE3BE268B0DC7A0DB9B7216738B8F451BB3C6F7

File Size: 233.98 KB, 233984 bytes

MD5: c486aa4551033491a4ee1484dc00892b

SHA1: 873a58b8397755ba335f82c4c1b9ed773aea6a51

SHA256: 55EE6E26BBE1D0243C29BFAF8132D70EC5B976517545F92F9AB6F7428A28FF2C

File Size: 154.62 KB, 154624 bytes

MD5: 272a7566b6bbf1d6fdae13e4eff80037

SHA1: 032e55a065911242a4ffdc99dee350b99820f449

SHA256: 23C4A9BC6391C945EF9684D061874A631091DA863FD69B7372E484407247C4E1

File Size: 561.15 KB, 561152 bytes

MD5: 159a59fc62e4a6a7b13aaa55b022b353

SHA1: c2314411e0429f0c2979cb767163c3622036d924

SHA256: BF49728DC496003CA59D50AF357B406035299B9B223B573769E29A7775905067

File Size: 183.13 KB, 183134 bytes

MD5: ccc94f1d58e2702eac6dde089df9e401

SHA1: a2aaae3d7fcbaaa3a84e2ba1d19becc6a2036825

SHA256: CAD12B79FA800F3E2418F6D369C22E7EA5FA59635228AD1B8D41F28F64755E86

File Size: 109.57 KB, 109568 bytes

MD5: 7496af0996bf6c941905b63f8c264077

SHA1: 64cc45a3aa5e835de65e818bb5ab1d21937e2433

SHA256: D3AEFA5140C1FF0DA59E86FDAEC72AA61A1E7816E2D65179301F919C182D1AA5

File Size: 346.11 KB, 346112 bytes

MD5: 39ad146821b5c77230c7a87b5a614f23

SHA1: 893f1a3d9f6bc6ec5ad22e16ca056cdea7a75712

SHA256: 9056DC404800430E501F7414645DC6653B237110A87B65BA40700D618958BD46

File Size: 561.15 KB, 561152 bytes

MD5: be039a1815b5c22389609edf8db18dca

SHA1: cd449f985df747cc7af31201431fb92950402f23

SHA256: 3208AE85D14E14C50015D8A00A744885DD93891AA98D4243823B3FF7832E885C

File Size: 106.50 KB, 106496 bytes

MD5: 2edc870dba860df77f96e9182467e3fd

SHA1: 84e3484bebf3cea88b75aad91955f91e4babd8e2

SHA256: 6DC6047078CC5CFE9CE8F5CECECF7582515042E251F7A50901DC777D055FEF61

File Size: 6.70 MB, 6696960 bytes

MD5: 2b498481d57d2ca3ff2da9550d6f33ea

SHA1: dbe7b87d2ca0c2402a17ca11abe1fe5e052c0461

SHA256: ADE790B3145E95BE9A830EB0C96E63756799B38148DCB64366BF53C5431809D6

File Size: 1.03 MB, 1025192 bytes

MD5: 779682b26a10579823fbc4b9efbb2101

SHA1: 9b4be5d4d67547b50572516a193a36b43c09cd14

SHA256: BC7BC6AD672889A96D3C945302293A17403DF4F8458643AB599F924F207086A1

File Size: 400.94 KB, 400944 bytes

MD5: 1ae7946f4133829705b1a0d91161c0f1

SHA1: eeacafb7a73d7909e314c9bcefe9c974177565e1

SHA256: 85EA7FDB32FFC8D4A25530D832A2A7553686EEB91559841C4E54DF71B2A2B6F8

File Size: 188.87 KB, 188871 bytes

MD5: c7c7edd3dca67b61fccc227a5fbabc27

SHA1: 7a40ef2a180978ffa80e097e108d03bab0bd3117

SHA256: 4454190ED9C54EA4D0D221EDB901597816D6368674520F4801A0869E4C7A8FB0

File Size: 1.04 MB, 1038336 bytes

MD5: defd367e1b0037110d3ab3bbae3d4ece

SHA1: f19387ffd62032495f10f6f11a94401279195d48

SHA256: BF16C829B5D5ACE34A7FCF83AAA667003FB191B980D62E9B4564B109A3905C7F

File Size: 172.03 KB, 172032 bytes

MD5: 396cb1a5040a6596ed3c558b909902e6

SHA1: df55e422f65163b9eaf6ab3386a415377f70abf8

SHA256: 268073A785BF119CE5AA2E1B6288DDD6910329325E37FF074463BBF74C84CA64

File Size: 140.80 KB, 140800 bytes

MD5: c672638db09e8d495d68b178e344d937

SHA1: 829e6bea564e31f37c9b1e77406869437be279aa

SHA256: 74377502B7A339952796B20D0AAA36892A1B9AC4FD504DB6160B2F884C70027A

File Size: 122.88 KB, 122880 bytes

MD5: b5b892c624579ff9e7616e99c8910790

SHA1: b3a459e92623a79f445efca363ebb1771ab90422

SHA256: DBAC3421188074C989B4F71B2B94AE73937412306A1FC2A44491FAEC9EE41F36

File Size: 188.87 KB, 188871 bytes

MD5: 66b9240c6f12b90b2600a921b0e72b73

SHA1: db993b231f0b348538a23bd6ca6acd219eaa3bfe

SHA256: 1E71180F45B693C0040D68FAEA56FBDB8591B06FBF7C14FCD295296FD666DA0A

File Size: 86.53 KB, 86528 bytes

MD5: 1f0b5297624729ceef5c934c77572b5b

SHA1: a633a12d29892fbb2220c892c92b12a8d4c4eebe

SHA256: 3A6622C05AE5F78ACCFCC03C7392DB132209AEC3D64FE86D4FF9404E2DA8B636

File Size: 54.27 KB, 54272 bytes

MD5: d815a72ff4052f7675f37539f68cd0d2

SHA1: 584ae243465fe9b071ac1a7ac0bb306fa8db9edf

SHA256: 8A0BE1252263C827E2A3F7E75EDC0B204D67DFF78DB82A4D5326A0A901E27DEA

File Size: 5.66 MB, 5660672 bytes

MD5: 1a29474fb9874a6fdc4b725af7712bbd

SHA1: 9ba876f16540138f80add98edb4e46a8173984ee

SHA256: 956FA265702259338222C802FF9A9941D20FEC6B1789B9CC2222F0C524265798

File Size: 154.62 KB, 154624 bytes

MD5: 7dd1b49e63fab79862ee764053f44402

SHA1: 59d083a391b3b8543dba6d97d273cc94f20fa6ea

SHA256: FAC947B62486E88511B961FB12FD4B8BFE0006318AB3F69252E4CDE4B11F71A2

File Size: 74.75 KB, 74752 bytes

MD5: a3de8c6410d3a496a62a61a771b58e6c

SHA1: 9d4acfa2943825d7d57ef39b53fe247ac0eaff6b

SHA256: 11E38216FAC5010DCE4AE0780A7734032BC6D7AA0C9FAE7DDC7F83E7C264D630

File Size: 799.04 KB, 799036 bytes

MD5: ec65d69a41b9d27d1f5a96cf48ad27c5

SHA1: 487722009e861728eb4782979ae72c743fb583fc

SHA256: 428DCA195E8137E7AD3E451DE00FEAB5451468787B1F6BD7E4B1C40F1E568C1F

File Size: 170.79 KB, 170792 bytes

MD5: 92d2f555810284801b78eae745860674

SHA1: 6d1b342e15936b13e0c4f7ae667d7bcfc17591d3

SHA256: 120FDB39ABB301686E460FAFAC1A829012472DCC80C28A2AA85404EBFEADC864

File Size: 23.04 KB, 23040 bytes

MD5: 754101a819c3edb9180ce458ff7c388a

SHA1: b42fbb8a69104530f13ef6ee0d0b5406a32ee5bd

SHA256: 665A7D8BAB05835D7ECC43CC775AC7CF3B268514DD6F98B1F879AB0E8E5EBF72

File Size: 1.76 MB, 1762304 bytes

MD5: ebdb22873b88f67a56a82409de82d95c

SHA1: 1dccdc95878b8f614d5920fb29fb7276c1c187e9

SHA256: 6D3072B5094A4FF574F9805127FEC1B35767538228542D1F570FC007EF66BE15

File Size: 11.26 KB, 11264 bytes

MD5: 0d90031fbcb7f52559f1bd48162ed3a8

SHA1: ecfddcfef0c66d14527b98d9b5917937af913a25

SHA256: E58109024E0DC3017C934295A990F5293F2BBCDA56EFB5F46D8670034E8F5868

File Size: 84.99 KB, 84992 bytes

MD5: 7de47ee9f7385a8c949d2d86ad6a0180

SHA1: cdc41edc61f1bf7279533f9d65d95983597168ab

SHA256: F617D011846A1EA4C5A685916A374EE156D2AF893AACA3782E2536574E9F55FD

File Size: 190.46 KB, 190464 bytes

MD5: c760415da74f99770507473e85029e95

SHA1: 0459add54f7233a77c4bfb3fb71dcecad671e5a8

SHA256: 18E134AC9DCE7AE188AFDFB9BBF5B027E11940F5E8D30891F2F1F2D747184370

File Size: 3.96 MB, 3958784 bytes

MD5: e397cfe8de5dc026581ecee4d91dd1d4

SHA1: 5ed0a733513dade7e04ffd44be9c207264bd6581

SHA256: EFEFBA2A7025C82F3C9DECDBBCC622E566AE66A76EF4E87086558A28F65B7FF3

File Size: 156.16 KB, 156160 bytes

MD5: 0ba4b0cd37768d5377b4474d4bfa7c1c

SHA1: 3f0e32e667afda4150c8c8ad9428b17dae6a8c10

SHA256: D0FF8CB23895A1613328EC176BDAC5488BBA2B26A8159A47A4147DF569496115

File Size: 4.87 MB, 4874240 bytes

MD5: 6dc0d43a63281d421b2ca5fcf6a61568

SHA1: a494984eba84f665914d298003719e5363ff7d99

SHA256: 0420625A7656BAE0501C270FC0BE940224D9F329DE3E80290D05011FB6D1A120

File Size: 68.61 KB, 68608 bytes

MD5: ee14ae010e6997205f57d624f54fa231

SHA1: e441c57b62706b314e11ded0558daadcb2c8e9ab

SHA256: 1F069D0CB5D57C1968FE092AB42117CB63A7AC0E4B96171D04E512C53AE0EC21

File Size: 1.01 MB, 1008190 bytes

MD5: 51b8c989bea52e72d063481c71a67dcd

SHA1: 1c69d7b112a323d8fb68133ee6cfb6e0876baad4

SHA256: 8084A9C0BC8B422EF98E2D0F50A5F04DE3BA76AA379346D4BDAC5D23682D0663

File Size: 131.07 KB, 131072 bytes

MD5: 522346eabfb982c23e668fd854fcbaf7

SHA1: 58ab5e899f15b0662dd1f681573ae215f9a8726f

SHA256: 2FC6EF990B73A082DE6EEA55F508592DF7F538EEFD7E0D40AEA5EB2D47323E6B

File Size: 1.77 MB, 1774080 bytes

MD5: 2d0ae11c05e456ec831cedffc9dd4581

SHA1: 65f61ddbb7c1c274d56526560b2a3d6b280fbda1

SHA256: A04560B29E7D21FB7657A3BC08FF3B227B484309517E7F144D9F810555A095FB

File Size: 2.74 MB, 2735104 bytes

MD5: 9c1ab8575168088eded7a1c94aaf802c

SHA1: 4ffe9218d371b3b0707055ca733580446be1c804

SHA256: 15ED565F29EBE23B5D63426E50068A4235E452E9F73812A9B0F7EA40177ACB73

File Size: 278.53 KB, 278528 bytes

MD5: 50caab5b3cbb1ced9ecbb998dabae74e

SHA1: cf656abc4514d2ef059d010ac634a5cbb159a5b0

SHA256: E10C65DE4519BC1EA217F5755E3E2D463F04CBE5147F387D082CF2821DE2D098

File Size: 411.14 KB, 411136 bytes

MD5: f3de164bb2133f8243bed7c4e237ad5f

SHA1: d29e58ba5f5233f7c2682dcec1eb5b22a8980b48

SHA256: 74C82CC70F11177A9792D58635885F1CC115D64C2E7A01F2A7F4E8740FD26CC3

File Size: 217.64 KB, 217639 bytes

MD5: bef099cee0a5c58aee45f53bab7ed82f

SHA1: e19de81376582d8931ae933499e4428c8a445ef2

SHA256: 787237DA95F8D562373A7753B66DFA16B05F85E8D445778B435BEC0CE7572ED8

File Size: 107.52 KB, 107520 bytes

MD5: 2853c8c8bfa913e20ae142274addcc0c

SHA1: f5727f831034412f2eab73b9aad537e0e7ad2cd6

SHA256: 508A740910F4749295628B1128D008AFE19F6F3463021496D18B1A3A28482389

File Size: 57.86 KB, 57856 bytes

MD5: 7386c345775ad5b228ba58951d7d56d5

SHA1: 2e14a9c3b359d21e9db878498b23ef995e272b32

SHA256: 0313DA687024A792AF156370CFEF850431063788830F09A85DE6ECDA5AEF3A6A

File Size: 229.89 KB, 229888 bytes

MD5: 892935f7b969cf3e8ae4fd9420cb6361

SHA1: b8dedc3feff46d0c2917868b8f473d90adf2c5e9

SHA256: 1B2D6B188618A9C8807748783EB339CEEC03A63CBA198EB647B08532EB1D2EEE

File Size: 330.24 KB, 330240 bytes

MD5: 13bf6b690853887f3d1fb4b785c29c37

SHA1: 744f9e2348824f744cbbb7955fd857ef47973895

SHA256: 69F1BC98C17C9777FCA81DB5342F443852333D8E046E95560593241C7DAFCA21

File Size: 17.91 KB, 17913 bytes

MD5: 31a3ff9dd69dd3441c50e92f5808ca43

SHA1: d91cfce794fc5c550d93b4bbe0c8ccfbb3929e8b

SHA256: BF30945546C115732864668EA746D56FBD05594BB75800E21C5D3F09937C15D5

File Size: 6.08 MB, 6078464 bytes

MD5: 6f11a72a45b36d5d43d1a46810496e0e

SHA1: edae2ad37d349daefcba3e3e6485d8e4311b6d67

SHA256: A3F4192AB9460E9BA78D91056D17B6F0C9DCE18BC40E3AA3B6039862760702D5

File Size: 423.52 KB, 423518 bytes

MD5: 32fe8e1b784d4a187cf716feb81cca06

SHA1: b69e48dfd2c1ae16a102b7db4b0be4fca13a557b

SHA256: 28B607CED70F58777AEF28BE068841F206A4EF8C19A23EEAC2936D6BD3EAA4AD

File Size: 1.33 MB, 1328232 bytes

MD5: feeed337f32dbfd28f3da8f17c38f46a

SHA1: 168c748e710e30d8f84885c2d974463943e7db85

SHA256: 7C0B2B143CE3311177D789EB3232A1C72FC6A2D94EA8C16EC28A0B1BFFFFE097

File Size: 205.82 KB, 205824 bytes

MD5: ad0766b61863d2438f91f73f4edb32e7

SHA1: c987f6565759dcccd3f8cf5bb99635f3631f393e

SHA256: 63B4D9B82DD1BE207302B5946BE485DCE3E8AE6BD1728D6F97006B3404E5F3F5

File Size: 770.05 KB, 770048 bytes

MD5: c5ad54fce44e33773a339534c486c988

SHA1: d03e1f8c8eeda21e5cd2b85c9cc1eed144cde898

SHA256: CF423B0393FF2EFC1A9797A1E89565D09DA5DD4E13B64DA7EB2FB20EB3A4A92D

File Size: 179.71 KB, 179712 bytes

MD5: 1f5819f433155d58e6a36ca08c317a4d

SHA1: eb7857c0ae2abece28116a6d6f18798f7639c57f

SHA256: 269216E3FD7356E1443F16CC4A1AD07B3182D8436AC966DDCDF14ABBB5860459

File Size: 114.22 KB, 114218 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

77 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Author	musvc Hack4cent
Comments	Adorage Application A simple disk transfer rate tester for WinNT Created with E-Batch maker v1.3 Help Documents with Partition Assistant. ST10Flasher UIU Build. Includes all features.
Company Name	3ivx Technologies Pty. Ltd. almalik cobra Aomei Technology Co., Ltd Conexant Systems, Inc. Electronic Arts Inc. Huidu InstallShield Software Corporation Lavalys, Inc. Macromedia, Inc. Microsoft Corporation Show More proDAD GmbH Scienter Technologies (Pte.) SOFTWIN S SteelBytes STMicroelectronics Treyarch LLC Valve Vision Objects Winamp SA
Favorite Website	http://www.AT4RE.com
File Description	3ivx MPEG-4 5.0.4 Configurator 32-bit Setup Launcher almalik cobra BitDefen Change Computer Performance Settings Conexant Universal Device Install/Uninstall Application Electronic Arts AutoRun English to Bangla Dictionary with bangla to english search, vocabulary tests and practices EVEREST Ultimate Edition 2007 Flahser for ST10 family embeded flash Show More Half-Life Launcher HD2018 Help Documents Input Personalization Server InstallShield (R) Setup Launcher LUpdate MFC Application Macromedia Flash Player 7.0 r14 Manages scheduled tasks MyScript Notes Application People Near Me proDAD Adorage 3.0 Application rm2303 MFC Application steel_debug Timer MFC Application Userinit Logon Application Winamp Agent Windows Command Processor Windows PowerShell Windows Update
File Version	V1.0.35.3656 106.42.73 10.0.26100.5074 (WinBuild.160101.0800) 10.0.19041.4355 (WinBuild.160101.0800) 10.0.19041.746 (WinBuild.160101.0800) 10.0.19041.1 (WinBuild.160101.0800) 7.5.7601.17514 (win7sp1_rtm.101119-1850) 7, 01, 100, 1248 7,0,14,0 6.1.7601.17514 (win7sp1_rtm.101119-1850) Show More 6.1.7600.16385 (win7_rtm.090713-1255) 6.00.0154 5, 52, 164, 0 5,9,2,10042 5, 0, 4, 168 3.80.873 Beta 3.1.2.0 2.00.0075 2.0.0.1 2, 0, 0, 21 2,0,0,0 1.4.0.43 1.3.0.0 1.09.01 1.00 1.0 1, 3, 0, 1 1, 2, 0, 0 1, 1, 1, 1 1, 1, 0, 4 1, 0, 0, 1
Internal Name	3ivxConfig almalik cobra AutoRun7.exe Bangla Dictionary cmd EVEREST fsquirt.exe Half-Life Launcher HD2018.exe Help.exe Show More InputPersonalization.exe Inventory ISPNickel LUpdate Macromedia Flash Player 7.0 MyScript Notes p2phost.exe POWERSHELL proDAD Adorage 3.0 rm2303 schtasks.exe SDIAG ST10Flasher steel_debug SystemPropertiesPerformance userinit Winamp Agent wuauclt.exe © Microsoft Corporation. All rights reserved. фжзрюкшэщ
Legal Copyright	2528-6 @STMicroelectronics 2000 Copyright (c) 3ivx Technologies Pty. Ltd. 1999-2011. All rights reserved. Copyright (C) 1990-2002 InstallShield Software Corporation Copyright (c) 1996-2003 Copyright (C) 2000 Copyright (C) 2002 Copyright (C) 2003-2006 Copyright (c) 2003-2007 Lavalys, Inc. Copyright (C) 2008 Show More Copyright (C) 2009 Aomei Technology Co., Ltd. All Rights Reserved. Copyright (C) 2010 by proDAD GmbH, All Rights Reserved. Copyright (C) Huidu Copyright© 1990-1998 InstallShield Software Corporation, Phone: (847) 240-9111 Copyright © 1996-2003 Macromedia, Inc. Copyright © 1997-2023 Winamp SA Copyright © 2000 Copyright © 2000-2004 SteelBytes. All rights reserved. Copyright© Conexant Systems, Inc. 2004 Waliul islam mondal www.cobra.arabe.pro © 2004-2005 Electronic Arts Inc. © Microsoft Corporation. All rights reserved.
Legal Trademarks	Macromedia Flash Player Nullsoft and Winamp are trademarks of Winamp SA
Original Filename	3ivxConfig.exe Adorage.exe AutoRun7.exe BanglaDictionary.EXE Cmd.Exe everest.exe fsquirt.exe HD2018.exe Help.exe hl.exe Show More InputPersonalization.exe Inventory.exe LUpdate.EXE MyScriptNotes.EXE nedwp p2phost.exe PowerShell.EXE rm2303.EXE SAFlashPlayer.exe sctasks.exe SDIAG.EXE Setup.exe ST10Flasher.exe steel_debug.exe SystemPropertiesPerformance.EXE USERINIT.EXE winampa.exe wuauclt.exe © Microsoft Corporation. All rights reserved..exe
Product Name	3ivx MPEG-4 5.0.4 almalik cobra Conexant Universal Device Install/Uninstall Application Electronic Arts AutoRun English to Bangla Dictionary with bangla to english search, vocabulary tests and practices for GRE,TOEFL and others EVEREST Ultimate Edition 2007 HD2018 hd_speed InstallShield (R) InstallShield® Show More Inventory Control LUpdate Application Microsoft® Windows® Operating System MyScript Notes Partition Assistant Help proDAD Adorage 3.0 rm2303 Application Sapco Automotive Diagnostic Shockwave Flash ST10Flasher2.0. November 2000 Steam Half-Life Launcher Treyarch LLC steel_debug Winamp люзанх
Product Version	V1.0.35 106.4 10.1.10.11 10.0.26100.5074 10.0.19041.4355 10.0.19041.746 10.0.19041.1 7.5.7601.17514 7, 01 7,0,14,0 Show More 6.1.7601.17514 6.1.7600.16385 6.00.0154 5, 52 5,9,2,10042 5, 0, 4, 168 3.80 3.1.2.0 2.00.0075 2.0.0.1 2, 0, 0, 21 2,0,0,0 1.4.0.43 1.09.01 1.00 1.0 1, 3, 0, 1 1, 2, 0, 0 1, 1, 1, 1 1, 1, 0, 4 1, 0, 0, 1

File Traits

.UPX
2+ executable sections
big overlay
GetConsoleWindow
HighEntropy
Installer Manifest
Installer Version
MPRESS
MPRESS Win32
Native MPRESS x86

No Version Info
ntdll
packed
PEC2
SusSec
upx
UPX!
vb6
VirtualQueryEx
virut
WinZip SFX
x64
x86
ZIP (In Overlay)
ZIPinO
Zprotect

Block Information

Total Blocks:	258
Potentially Malicious Blocks:	0
Whitelisted Blocks:	239
Unknown Blocks:	19

Visual Map

? ? 0 ? ? ? 0 0 ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? 0 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.EDA
Agent.XFL
BadJoke.XA
DataStealer.A
DataStealer.B

Downloader.Agent.GH
Expiro.A
Expiro.KA
Farfli.CF
Floxif.D
IEHelper.B
Keylogger.DF
KillMBR.XB
Kryptik.VCKV
Lamer.CF
Lotok.A
Lumma.NB
Poison.X
Ramnit.V
Sabsik.G
SchwarzeSonneRAT.A
Spy.Keylogger.X
Stealer.BBA
Talsab.A
Virut.I
Virut.IB
Virut.IE
Virut.IF
Wacapew.CB
Wapomi.F
Zegost.M

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\crm_modu.mod	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\dos_font.fon	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\exitframe.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\exitframe_mask.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\exitskin.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data

c:\users\user\appdata\local\temp\framevorstellung.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\framevorstellung_hl.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\framevorstellung_mask.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\generell.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\icf.zip	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\install_hl.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\install_mask.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\installframe.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\instskin.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\lgw594f.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\mainskin.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nfoframe.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nfoframe_hl.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nfoframe_mask.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nfoskin.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\pdx.x	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\winhqwag.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\winhqwag.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winhqwag.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~df644eeca3e38399c0.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\~df8215389a629b47e5.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\ike.log	Generic Write,Read Attributes
c:\users\user\downloads\ikecrash.log	Generic Write,Read Attributes
c:\users\user\downloads\liblist.gam	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\liblist.gam	Synchronize,Write Attributes
c:\users\user\downloads\temp\shsandbox-win32.dll-5.22.1.9999-x86.dmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\gupd.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\142a1	Generic Write,Read Attributes
c:\windows\system.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\system32\drivers\etc\hosts	Generic Write,Read Attributes
c:\windows\syswow64\bassmod.dll	Generic Write,Read Attributes
c:\windows\syswow64\unace.dll	Generic Write,Read Attributes
c:\windows\syswow64\unrar.dll	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\run::gtalkupdate	C:\Users\Qjhwyket\gupd.exe	RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\096a6178c5c66bb2211219f2154b3a7bb467caee_0000048128.exe	c:\users\user\downloads\096a6178c5c66bb2211219f2154b3a7bb467caee_0000048128.exe:*:enabled:@shell32.dll,-1	RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\84b5fb6e21b989d5cb26a708a2de33394c1d1bab_0000558592.exe	c:\users\user\downloads\84b5fb6e21b989d5cb26a708a2de33394c1d1bab_0000558592.exe:*:enabled:@shell32.dll,-1	RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\a2aaae3d7fcbaaa3a84e2ba1d19becc6a2036825_0000109568	c:\users\user\downloads\a2aaae3d7fcbaaa3a84e2ba1d19becc6a2036825_0000109568:*:enabled:@shell32.dll,-1	RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\893f1a3d9f6bc6ec5ad22e16ca056cdea7a75712_0000561152	c:\users\user\downloads\893f1a3d9f6bc6ec5ad22e16ca056cdea7a75712_0000561152:*:enabled:@shell32.dll,-1	RegNtPreCreateKey
HKCU\control panel\international::sshortdate	dd/MM/yyyy	RegNtPreCreateKey
HKCU\control panel\international::idate	0	RegNtPreCreateKey
HKCU\control panel\international::sdate	/	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride		RegNtPreCreateKey

HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications		RegNtPreCreateKey
HKCU\software\jguh::u1_0	啕啕	RegNtPreCreateKey
HKCU\software\jguh::u2_0	ᖍ	RegNtPreCreateKey
HKCU\software\jguh::u3_0	権ă	RegNtPreCreateKey
HKCU\software\jguh::u4_0		RegNtPreCreateKey
HKCU\software\jguh::u1_1	䴜㱃	RegNtPreCreateKey
HKCU\software\jguh::u2_1	書牥	RegNtPreCreateKey
HKCU\software\jguh::u3_1	ᥜ獦	RegNtPreCreateKey
HKCU\software\jguh::u4_1	獵牥	RegNtPreCreateKey
HKCU\software\jguh::u1_2	ꋏꁼ	RegNtPreCreateKey
HKCU\software\jguh::u2_2		RegNtPreCreateKey
HKCU\software\jguh::u3_2	賃	RegNtPreCreateKey
HKCU\software\jguh::u4_2		RegNtPreCreateKey
HKCU\software\jguh::u1_3	婯䁹	RegNtPreCreateKey
HKCU\software\jguh::u2_3	俒地	RegNtPreCreateKey
HKCU\software\jguh::u3_3	ぶ嘳	RegNtPreCreateKey
HKCU\software\jguh::u4_3	婟地	RegNtPreCreateKey
HKCU\software\jguh::u1_4	鼭ⷤ	RegNtPreCreateKey
HKCU\software\jguh::u2_4		RegNtPreCreateKey
HKCU\software\jguh::u3_4	ꟽ좖	RegNtPreCreateKey
HKCU\software\jguh::u4_4	췔즕	RegNtPreCreateKey
HKCU\software\jguh\1214104697::1919251317		RegNtPreCreateKey
HKCU\software\jguh\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\jguh\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\jguh\1214104697::-912929324		RegNtPreCreateKey
HKCU\software\jguh\1214104697::1006321993	K	RegNtPreCreateKey
HKCU\software\jguh\1214104697::-1369393986	http://padrup.com/sobaka1.gifhttp://190.120.227.91:8080/sobak	RegNtPreCreateKey
HKCU\software\jguh\1214104697::549857331		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\f19387ffd62032495f10f6f11a94401279195d48_0000172032	c:\users\user\downloads\f19387ffd62032495f10f6f11a94401279195d48_0000172032:*:enabled:@shell32.dll,-1	RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\db993b231f0b348538a23bd6ca6acd219eaa3bfe_0000086528	c:\users\user\downloads\db993b231f0b348538a23bd6ca6acd219eaa3bfe_0000086528:*:enabled:@shell32.dll,-1	RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\a633a12d29892fbb2220c892c92b12a8d4c4eebe_0000054272	c:\users\user\downloads\a633a12d29892fbb2220c892c92b12a8d4c4eebe_0000054272:*:enabled:@shell32.dll,-1	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\fonts::dos_font	dos_font.fon	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317	Û	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662		RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655		RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324	#	RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993	é	RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986	http://affiliate.free.rongrean.com/logo.gifhttp://demo.mosiva	RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331		RegNtPreCreateKey
HKCU\software\apcr::u1_0	鱞댶	RegNtPreCreateKey
HKCU\software\apcr::u2_0	⏑	RegNtPreCreateKey
HKCU\software\apcr::u3_0	権ă	RegNtPreCreateKey
HKCU\software\apcr::u4_0		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\direct3d\mostrecentapplication::name	3f0e32e667afda4150c8c8ad9428b17dae6a8c10_0004874240	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\explorer::maxlimit2	RBUZBSTYDS46014	RegNtPreCreateKey

Windows API Usage

Category	API
Network Wininet	InternetOpen InternetOpenUrl
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
User Data Access	GetComputerName GetUserName GetUserObjectInformation
Keyboard Access	GetAsyncKeyState GetKeyState
Network Winsock2	WSAStartup
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Shell Execute	CreateProcess
Syscall Use	ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtOpenKeyEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtTestAlert ntdll.dll!NtWaitLowEventPair Show More ntdll.dll!NtWriteFile UNKNOWN

Shell Command Execution


							C:\Users\Hnnkwzqe\AppData\Local\Temp\LgW594F.tmp c


							c:\users\user\downloads\e19de81376582d8931ae933499e4428c8a445ef2_0000107520  -deleter

Virus.Virut

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Virus.Virut

File System Details

Registry Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed