Worm.Win32.WBNA.aot

By GoldSparrow in Worms

Threat Scorecard

Popularity Rank:	17,852
Threat Level:	50 % (Medium)
Infected Computers:	173

First Seen:	August 23, 2011
Last Seen:	February 18, 2026
OS(es) Affected:	Windows

Worm.Win32.WBNA.aot is a dangerous worm that copies itself to spread from one computer system to another and runs as a hidden background process to bypass the detection of security programs. Worm.Win32.WBNA.aot uses malicious tricks to download harmful malware items from the web. Worm.Win32.WBNA.aot opens up firewalls and gathers personal information and transmits it to remote hackers. It is strongly recommended to remove Worm.Win32.WBNA.aot as quickly as possible to protect your computer.

Table of Contents

File System Details

Worm.Win32.WBNA.aot may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%AppData%\cnqsm.exe
Name: %AppData%\cnqsm.exe Type: Executable File Group: Malware file
2.	%AppData%\manager.exe
Name: %AppData%\manager.exe Type: Executable File Group: Malware file
3.	%AppData%\5ykq.log
Name: %AppData%\5ykq.log Group: Malware file

Registry Details

Worm.Win32.WBNA.aot may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Local Account Authority Service\Security

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database

HKEY_LOCAL_MACHINE\SOFTWARE\tgs90gv74r

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Local Account Authority Service

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\cnqsm\DEBUG

HKEY_LOCAL_MACHINE\SOFTWARE\skd3uf1wbd

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENT\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENT\0000\Control

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\cnqsm

HKEY_LOCAL_MACHINE\SOFTWARE\f6h45yhjqa

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENT

Analysis Report

General information

Family Name:	Worm.Gamarue.DA
Signature status:	No Signature

Known Samples

MD5: cccdac69aec1c1e50aa0f583907224e5

SHA1: f61d828f067c256fb82bd49efc70ed2e9df4330f

SHA256: 28FB4748B4BCD43C3BC8830A004693005147B9F461139AE4D50726C438F97EA0

File Size: 281.09 KB, 281088 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed

IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Comments	Dagim
Company Name	House
File Description	Sirem
File Version	2, 1, 4, 0
Internal Name	Dafne
Legal Copyright	Copyright Zile© 2009
Legal Trademarks	Sepa©
Original Filename	Midzor
Private Build	Zira
Product Name	Regi
Product Version	1, 2, 2, 8
Special Build	Pakam

File Traits

2+ executable sections
HighEntropy
x86

Block Information

Total Blocks:	115
Potentially Malicious Blocks:	14
Whitelisted Blocks:	84
Unknown Blocks:	17

Visual Map

x x x x x x ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 ? ? x x 0 ? ? ? ? x x ? x x x x ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File	Attributes
c:\users\user\downloads\42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv42c3cdv4	Synchronize,Write Attributes
c:\users\user\downloads\8f067c256fb82bd49efc70ed2e9df4330f_0000281088.mun	Synchronize,Write Attributes
c:\users\user\downloads\`¨nl	Synchronize,Write Attributes
c:\users\user\downloads\f61d828f067c256fb82bd49efc70ed2e9df4330f_0000281088	Synchronize,Write Attributes
c:\users\user\downloads\ldc:\users\user\downloads\f61d828f067c256fb82bd49efc70ed2e9df4330f_0000281088	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list::c:\users\user\downloads\f61d828f067c256fb82bd49efc70ed2e9df4330f_0000281088	c:\users\user\downloads\f61d828f067c256fb82bd49efc70ed2e9df4330f_0000281088:*:enabled:@shell32.dll,-1	RegNtPreCreateKey

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Worm.Win32.WBNA.aot

Threat Scorecard

EnigmaSoft Threat Scorecard

File System Details

Registry Details

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

File Traits

Block Information

Block Information

Visual Map

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Submit Comment

Trending

Hacktool.Autoclicker.PB

Trojan.Agent.GYG

Trojan.Tasker.EA

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

How to Fix 'macOS cannot verify that this app is...

Discord Shows Black Screen when Sharing Screen