Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family AntiVm
Relevant strings associated with this threat: - AntiVmWare (PEHSTR) - newstub.VmDetector (PEHSTR_EXT) - newstub.IWshRuntimeLibrary (PEHSTR_EXT) - \RegAsm.exe (PEHSTR_EXT) - /C choice /C Y /N /D Y /T 3 & Del " (PEHSTR_EXT) - SOFTWARE\Microsoft\Windows\CurrentVersion\Run (PEHSTR_EXT) - SbieDll.dll (PEHSTR_EXT) - Select * from Win32_ComputerSystem (PEHSTR_EXT) - \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS (PEHSTR_EXT) - AntiVmWare (PEHSTR_EXT) - SELECT * FROM Win32_ComputerSystem (PEHSTR_EXT) - AntiVm (PEHSTR_EXT) - cangku\WinOsClientProject (PEHSTR_EXT) - drivers\vmmouse.sys (PEHSTR_EXT) - drivers\vmhgfs.sys (PEHSTR_EXT) - taskkill /f /im OllyDbg.exe (PEHSTR_EXT) - taskkill /f /im HTTPDebugger.exe (PEHSTR_EXT) - cositas.pdb (PEHSTR_EXT) - taskkill/IM.exe (PEHSTR_EXT) - /C-ExclusionPathAdd-MpPreference (PEHSTR_EXT) - powershell.execmd.exeProcessTracker.exeWindowsDefender.exestart (PEHSTR_EXT) - regaddHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System/vConsentPromptBehaviorAdmin (PEHSTR_EXT) - nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS (PEHSTR_EXT) - /c taskkill.exe /im chrome.exe /f (PEHSTR_EXT) - /c schtasks /create /f /sc onlogon /rl highest /tn (PEHSTR_EXT) - Google\Chrome\User Data\Default\Local Extension Settings (PEHSTR_EXT) - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT) - rundll32 (PEHSTR_EXT) - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT) - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT) - !#HSTR:ExecutionGuardrails (PEHSTR_EXT) - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT) - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
1a7459f21ffafdad32a74c37bab2c625a1751ad3aadccfc147006177d044f986