Virus: Generic.e!71CDC3201116


This is virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it’s quite common for viruses to do nothing more than spread from one system to another.

Aliases –
Microsoft    –    Trojan:Win32/Bagsu!rfn

Symantec    –    Trojan.Gen

Indication of Infection

Presence of above mentioned activities

Methods of Infection

“Generic.e!71CDC3201116” searches local drives, removable and network shares for Windows PE executable files to infect. It replaces the original entry point of the files it infects with its viral code and appends itself to the last section of the PE image

Generic.e!71CDC3201116” is a parasitic virus that infects Win32 PE executable files.

Upon execution the Virus tries to connect to the following IPs.


Upon execution the following files have been added to the system:


The below entries confirm that the Virus gets executed on every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Firewall: “%TEMP%\lsass.exe”

HKEY_USER\S-1-5-21-[varies]\Software\Microsoft\Windows\CurrentVersion\Run\Windows Firewall: “%TEMP%\lsass.exe”


Leave a Reply

Your email address will not be published. Required fields are marked *