Worm: Win32/Bagsak.A
Posted: April 18, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 5/10 |
|---|---|
| Infected PCs: | 241 |
| First Seen: | April 18, 2016 |
|---|---|
| Last Seen: | September 18, 2021 |
| OS(es) Affected: | Windows |
Win32/Bagsak.A is a stealthy worm that may compromise Windows-based computers. This parasite is highly contagious. Once Win32/Bagsak.A infects a system, it can spread its corrupted codes to all connected devices quickly. Win32/Bagsak.A may cause various issues, putting at risk both the security of its victims and the functionality of their Operating Systems (OSes). Win32/Bagsak.A relies on vulnerabilities to enter and achieve its tasks. If you have not updated your programs for a long time, it may be easier for Win32/Bagsak.A to compromise your PC. This issue applies with full strength to Adobe and Java since the hackers may target these two applications mainly when they search for loopholes. If you land on an infected Web page that contains some harmful JavaScripts, then Win32/Bagsak.A may enter automatically. Another common distribution strategy may involve spam emails. If you download an attachment from an unknown sender, you also may trigger the infection. Win32/Bagsak.A will try to modify the Windows Registries immediately to evade detection. Win32/Bagsak.A also may make the necessary changes to launch at system start-up, thus being active whenever your machine is working. Win32/Bagsak.A also may create a few new files like c:\subst1\flower.exe, c:\subst2\flower.exe and c:\flower.exe. They may not be located in a single folder. Win32/Bagsak.A spreads them across the system. Thus, even if one of them gets deleted, Win32/Bagsak.A will continue working. This cyber threat may turn off the Windows Firewall and deactivate your browser's security features. After that, Win32/Bagsak.A may attempt to connect your PC to remote hosts, which may allow hackers to send instructions to it. Win32/Bagsak.A may start recording your account credentials and transferring them to the Command and Control (C&C) servers. Win32/Bagsak.A also may contribute to the installation of additional threats. It is essential to have a powerful security program to protect yourself from attacks with Win32/Bagsak.A.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%WINDIR%.old1\rundll32.com
File name: rundll32.comSize: 1.04 MB (1040384 bytes)
MD5: 17a67f40659e74d52808afb21bd66fdc
Detection count: 82
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%.old1
Group: Malware file
Last Updated: September 21, 2017
C:\trushna_mca\banking\banking.exe
File name: banking.exeSize: 910.33 KB (910336 bytes)
MD5: f5f591c4a88dceee6eee7f3b3c148613
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: C:\trushna_mca\banking\banking.exe
Group: Malware file
Last Updated: May 5, 2023
%WINDIR%.old1\rundll32.com
File name: rundll32.comSize: 1.39 MB (1394176 bytes)
MD5: cfc69c593ed25db076d6757a2df48c3b
Detection count: 42
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%.old1
Group: Malware file
Last Updated: September 21, 2017
C:\Users\<username>\Desktop\file.exe
File name: file.exeSize: 2.16 MB (2162688 bytes)
MD5: 7af65c07e474e3fa745f17e91953124b
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\Desktop
Group: Malware file
Last Updated: February 21, 2018
C:\Windows.old1\rundll32.com
File name: rundll32.comSize: 1.92 MB (1927168 bytes)
MD5: 29ec6a897b593257d51bfea6c6b7acea
Detection count: 26
File type: Command, executable file
Mime Type: unknown/com
Path: C:\Windows.old1\rundll32.com
Group: Malware file
Last Updated: December 9, 2021
%WINDIR%.old1\rundll32.com
File name: rundll32.comSize: 2.16 MB (2162688 bytes)
MD5: adadae70446a5f943d6e4841b4b29b0c
Detection count: 21
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%.old1
Group: Malware file
Last Updated: September 21, 2017
%WINDIR%.old1\rundll32.com
File name: rundll32.comSize: 1.49 MB (1495552 bytes)
MD5: f40133163c4a656a5c22a0103bdf5884
Detection count: 16
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%.old1
Group: Malware file
Last Updated: September 21, 2017
%WINDIR%.old1\rundll32.com
File name: rundll32.comSize: 589.82 KB (589824 bytes)
MD5: 610754af4c82b92db3b88dfc019ffbf2
Detection count: 13
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%.old1
Group: Malware file
Last Updated: September 21, 2017
%WINDIR%.old1\rundll32.com
File name: rundll32.comSize: 151.55 KB (151552 bytes)
MD5: 548d5fe26ae047109a2bba4db48eeda6
Detection count: 9
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%.old1
Group: Malware file
Last Updated: September 21, 2017
%WINDIR%.old1\rundll32.com
File name: rundll32.comSize: 975.36 KB (975360 bytes)
MD5: de251bc7080233ccc2d54128872b83a3
Detection count: 7
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%.old1
Group: Malware file
Last Updated: September 21, 2017
rundll32.com
File name: rundll32.comSize: 151.55 KB (151552 bytes)
MD5: c388a020000d16fab6de2398434eaa56
Detection count: 7
File type: Command, executable file
Mime Type: unknown/com
Group: Malware file
Last Updated: September 21, 2017
%WINDIR%.old1\rundll32.com
File name: rundll32.comSize: 151.55 KB (151552 bytes)
MD5: 908981ac63d5099d370062cc57a1b07f
Detection count: 5
File type: Command, executable file
Mime Type: unknown/com
Path: %WINDIR%.old1
Group: Malware file
Last Updated: September 21, 2017
Registry Modifications
Regexp file mask%HOMEDRIVE%\Windows.old1\rundll32.com
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.