https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429189#M8074 <P>Thank you for your help <SPAN class="lia-unicode-emoji" title=":slightly_smiling_face:"><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></SPAN></P> Fri, 06 Apr 2018 13:07:21 GMT Fire_Dragon 2018-04-06T13:07:21Z https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429185#M8070 <P>I was looking at some security events in my Meraki dashboard and it seems to be showing this malicious filename: W32.4E846BBEDE-95.SBX.TG when I visit the virus total link attached to this finding it gives me different information. I have googled this malicious filename and found that it was linked to a malicious Microsoft Powerpoint exe file. What I am trying to gather here is what exactly does this virus do to the system? Any information would help.</P><P>Thanks!</P><P><A href="https://www.virustotal.com/en/file/4e846bbede5e4a76cf1686c145a595d9cdfed95e598a5132e79f7f72cfda0e36/analysis/" target="_blank" rel="external nofollow noopener noreferrer">https://www.virustotal.com/en/file/4e846bbede5e4a76cf1686c145a595d9cdfed95e598a5132e79f7f72cfda0e36/analysis/</A></P> Fri, 06 Apr 2018 00:16:22 GMT https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429185#M8070 Fire_Dragon 2018-04-06T00:16:22Z https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429186#M8071 <P>Were there any other details? I googled that filename and didn't find anything. </P> Fri, 06 Apr 2018 00:56:55 GMT https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429186#M8071 simple818 2018-04-06T00:56:55Z https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429187#M8072 <P>Same here I looked everywhere and could not find anything on it. The virus total link I posted at the bottom said Roblox as the file name. I looked up this hash associated with the file <SPAN>4e846bbede5e4a76cf1686c145a595d9cdfed95e598a5132e79f7f72cfda0e36 and got this.</SPAN></P><P><SPAN><A href="https://www.hybrid-analysis.com/sample/4e846bbede5e4a76cf1686c145a595d9cdfed95e598a5132e79f7f72cfda0e36" target="_blank" rel="nofollow noopener noreferrer">https://www.hybrid-analysis.com/sample/4e846bbede5e4a76cf1686c145a595d9cdfed95e598a5132e79f7f72cfda0e36</A></SPAN></P><P><SPAN>Hope this helps.</SPAN></P> Fri, 06 Apr 2018 01:01:59 GMT https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429187#M8072 Fire_Dragon 2018-04-06T01:01:59Z https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429188#M8073 <P>Microsoft classifies it as a PUA:Win32/InstallCore,</P><P>Summary</P><DIV class="summaryText"><DIV><P class="x-hidden-focus">This application was stopped from running on your network because it has a poor reputation. This application can also affect the quality of your computing experience. We have seen this leading to the following potentially unwanted behaviors on PCs:</P><P class="x-hidden-focus"> </P><UL><LI>Adds files that run at startup</LI><LI>Modifies file associations</LI><LI>Injects into other processes on your system</LI><LI>Injects into browsers</LI><LI>Changes browser settings</LI><LI>Changes browser shortcuts</LI><LI>Installs browser extensions</LI><LI>Disables User Access Control (UAC)</LI></UL><P class="x-hidden-focus">These applications are most commonly software bundlers or installers for applications such as toolbars, adware, or system optimizers. We have observed this application installing software that you might not have intended on your PC.</P><P>If you were trying to install an application, you might have downloaded it from a source other than the official product's website.</P><P>We usually see this application installed on PCs in the following countries. This list is sorted according to prevalence:</P><UL><LI>United States</LI><LI>Brazil</LI><LI>France</LI><LI>Poland</LI><LI>Spain</LI></UL><P><A title="Source" href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA:Win32/InstallCore" target="_self" rel="nofollow noopener noreferrer">Source</A></P></DIV></DIV> Fri, 06 Apr 2018 07:56:16 GMT https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429188#M8073 Zedilt 2018-04-06T07:56:16Z https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429189#M8074 <P>Thank you for your help <SPAN class="lia-unicode-emoji" title=":slightly_smiling_face:"><span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></SPAN></P> Fri, 06 Apr 2018 13:07:21 GMT https://community.cisco.com/t5/cloud-networking-platform/malicious-file/m-p/5429189#M8074 Fire_Dragon 2018-04-06T13:07:21Z