File Behavior
V1CBVSMQ.EXE has been seen to perform the following behavior:
* The Process is packed and/or encrypted using a software packing process
* This process creates other processes on disk
* Writes to another Process's Virtual Memory (Process Hijacking)
* The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
* Violates Windows/Vista Physical Memory Protection allowing it to look inside the data areas of other programs
* This Process Deletes Other Processes From Disk
* Adds a Registry Key (RUN) to auto start Programs on system start up
* Executes a Process
* Copies files
* Injects code into other processes
V1CBVSMQ.EXE has been the subject of the following behavior:
* Deleted as a process from disk
* Created as a process on disk
* Executed as a Process
* Has code inserted into its Virtual Memory space by other programs
* Added as a Registry auto start to load Program on Boot up
* Copied to multiple locations on the system
Country Of Origin
The filename V1CBVSMQ.EXE was first seen on Nov 7 2009 in the following geographical regions of the Prevx community:
* The EUROPEAN UNION on Nov 7 2009
* TURKEY on Nov 8 2009
* GREAT BRITAIN on Nov 8 2009
* YEMEN on Nov 16 2009
File Name Aliases
V1CBVSMQ.EXE can also use the following file names:
* L61YYP.EXE
* HERSS.EXE
* DPLYMK~1.EXE
* DPLYMS~1.EXE
* 93968559.EXE
Filesizes
The following file size has been seen:
* 115,973 bytes
* 1,856,773 bytes
* 292,312 bytes
* 292,316 bytes
File Type
The filename V1CBVSMQ.EXE refers to many versions of an executable program.
المفضلات