About NightWatcher

Malware Hunter.
Google+

Find more about me on:

Here are my most recent posts

Author Archives: NightWatcher

About NightWatcher

Malware Hunter.

Trojan.Crossrider1.53170

Trojan.Crossrider1.53170 also known as W32/S-e57cb847!Eldorado, TR/Crypt.XPACK.Gen. MALWARE ANALYSIS OF TROJAN.CROSSRIDER1.53170 – 1204754AD77D4FDF81D2CB092EE9E4EE.EXE Created files: %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\DD1D66FEE382E07E %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.DAT %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.EXE %SYSDIR%\TASKS\NATURALBALANCE %WINDIR%\TASKS\NATURALBALANCE.JOB Detected by UnHackMe: 1204754AD77D4FDF81D2CB092EE9E4EE.EXE DEFAULT LOCATION: %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.EXE Dropper hash(md5): 1204754ad77d4fdf81d2cb092ee9e4ee Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

AdWare/MultiPlug.btut

AdWare/MultiPlug.btut also known as not-a-virus:HEUR:AdWare.Win32.Generic, TR/Crypt.XPACK.Gen, Win.Adware.Agent-1321919. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.BTUT – 1204754AD77D4FDF81D2CB092EE9E4EE.EXE Created files: %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\DD1D66FEE382E07E %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.DAT %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.EXE %SYSDIR%\TASKS\NATURALBALANCE %WINDIR%\TASKS\NATURALBALANCE.JOB Detected by UnHackMe: 1204754AD77D4FDF81D2CB092EE9E4EE.EXE DEFAULT LOCATION: %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.EXE Dropper hash(md5): 1204754ad77d4fdf81d2cb092ee9e4ee Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Trojan.Crossrider.50422

Trojan.Crossrider.50422 also known as BehavesLike.Win32.Downloader.th, Gen:Variant.Adware.Mplug.23, TROJ_GEN.R02KB01LU14. MALWARE ANALYSIS OF TROJAN.CROSSRIDER.50422 – 6DEE61FA86B346C6AF04B3C62C556394.EXE Created files: %TEMP%\847715E96FCF\IMAGES\LOADER.GIF %TEMP%\847715E96FCF\IMAGES\PROGRESSBAR.GIF %TEMP%\847715E96FCF\TEMP\BG.CA %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Detected by UnHackMe: 6DEE61FA86B346C6AF04B3C62C556394.EXE DEFAULT LOCATION: %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Dropper hash(md5): 6dee61fa86b346c6af04b3c62c556394 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Generic6.EDJ

Generic6.EDJ also known as ADWARE/MultiPlug.Gen7, suspected of Heur.Malware-Cryptor.Multiplug, HW32.Packed.5407. MALWARE ANALYSIS OF GENERIC6.EDJ – 6DEE61FA86B346C6AF04B3C62C556394.EXE Created files: %TEMP%\847715E96FCF\IMAGES\LOADER.GIF %TEMP%\847715E96FCF\IMAGES\PROGRESSBAR.GIF %TEMP%\847715E96FCF\TEMP\BG.CA %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Detected by UnHackMe: 6DEE61FA86B346C6AF04B3C62C556394.EXE DEFAULT LOCATION: %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Dropper hash(md5): 6dee61fa86b346c6af04b3c62c556394 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

Riskware.Win32.MultiPlug.dlguzj

Riskware.Win32.MultiPlug.dlguzj also known as ADWARE/MultiPlug.Gen7, Trojan.Crossrider.50422, Unwanted-Program ( 0040f9681 ). MALWARE ANALYSIS OF RISKWARE.WIN32.MULTIPLUG.DLGUZJ – 6DEE61FA86B346C6AF04B3C62C556394.EXE Created files: %TEMP%\847715E96FCF\IMAGES\LOADER.GIF %TEMP%\847715E96FCF\IMAGES\PROGRESSBAR.GIF %TEMP%\847715E96FCF\TEMP\BG.CA %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Detected by UnHackMe: 6DEE61FA86B346C6AF04B3C62C556394.EXE DEFAULT LOCATION: %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Dropper hash(md5): 6dee61fa86b346c6af04b3c62c556394 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

HW32.Packed.5407

HW32.Packed.5407 also known as PUP/Win32.MultiPlug, suspected of Heur.Malware-Cryptor.Multiplug, Riskware.Win32.MultiPlug.dlguzj. MALWARE ANALYSIS OF HW32.PACKED.5407 – 6DEE61FA86B346C6AF04B3C62C556394.EXE Created files: %TEMP%\847715E96FCF\IMAGES\LOADER.GIF %TEMP%\847715E96FCF\IMAGES\PROGRESSBAR.GIF %TEMP%\847715E96FCF\TEMP\BG.CA %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Detected by UnHackMe: 6DEE61FA86B346C6AF04B3C62C556394.EXE DEFAULT LOCATION: %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Dropper hash(md5): 6dee61fa86b346c6af04b3c62c556394 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

malicious (high confidence) pe1

malicious (high confidence) pe1 also known as not-a-virus:HEUR:AdWare.Win32.Generic, Adware.Installerex.A8, virus.win32.jadtre.l. MALWARE ANALYSIS OF MALICIOUS (HIGH CONFIDENCE) PE1 – 17203295CBEB941B1C8A1B3FCD5AE960.EXE Created files: %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\CE58FBA10789F1BB %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\17203295CBEB941B1C8A1B3FCD5AE960.DAT %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\17203295CBEB941B1C8A1B3FCD5AE960.EXE %SYSDIR%\TASKS\PROJECTORCONTROL %WINDIR%\TASKS\PROJECTORCONTROL.JOB Detected by UnHackMe: 17203295CBEB941B1C8A1B3FCD5AE960.EXE DEFAULT LOCATION: %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\17203295CBEB941B1C8A1B3FCD5AE960.EXE Dropper hash(md5): 17203295cbeb941b1c8a1b3fcd5ae960 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading

AdWare/MultiPlug.cjbi

AdWare/MultiPlug.cjbi also known as Gen:Variant.Adware.MultiPlug, SMG.Heur!gen, ADWARE/MultiPlug.Gen7. MALWARE ANALYSIS OF ADWARE/MULTIPLUG.CJBI – 17203295CBEB941B1C8A1B3FCD5AE960.EXE Created files: %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\CE58FBA10789F1BB %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\17203295CBEB941B1C8A1B3FCD5AE960.DAT %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\17203295CBEB941B1C8A1B3FCD5AE960.EXE %SYSDIR%\TASKS\PROJECTORCONTROL %WINDIR%\TASKS\PROJECTORCONTROL.JOB Detected by UnHackMe: 17203295CBEB941B1C8A1B3FCD5AE960.EXE DEFAULT LOCATION: %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\17203295CBEB941B1C8A1B3FCD5AE960.EXE Dropper hash(md5): 17203295cbeb941b1c8a1b3fcd5ae960 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Win32.Trojan.Agent.NN1FRZ

Win32.Trojan.Agent.NN1FRZ also known as Trojan.Win32.Z.Razy.968404[h], TROJ_GEN.R01BC0OAI17. Malware Analysis of Win32.Trojan.Agent.NN1FRZ – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll” HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\:…

Continue reading

Artemis!3BEB4C07187A

Artemis!3BEB4C07187A also known as Trojan.Win32.Generic!BT, TROJ_GEN.R00XC0OAR17, Adware.GenericKDCRTD.Win32.6052. Malware Analysis of Artemis!3BEB4C07187A – SCMBMANAGER.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading

Riskware ( 004de7e01 )

Riskware ( 004de7e01 ) also known as Trojan/Win32.BTSGeneric, Artemis!PUP, malicious (moderate confidence). Malware Analysis of Riskware ( 004de7e01 ) – YX_YXS_AB.EXE Created files: %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO %PROFILE%\DESKTOP\360????.LNK Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading

Adware ( 004dd5ca1 )

Adware ( 004dd5ca1 ) also known as Trojan.Win32.Generic!BT, Adware.Softcnapp.23, W32/Trojan.BIET-3634. Malware Analysis of Adware ( 004dd5ca1 ) – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\:…

Continue reading

Win32.Trojan.Generic.Dvga

Win32.Trojan.Generic.Dvga also known as Trojan.Xpack.Win32.678, HEUR:Trojan.Win32.Generic, Trojan.Win32.Z.Packed.540672[h]. Malware Analysis of Win32.Trojan.Generic.Dvga – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

Trojan.Generic.D45A705

Trojan.Generic.D45A705 also known as Ransom.Locky, TR/AD.Zegost.jthbh. Malware Analysis of Trojan.Generic.D45A705 – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible for…

Continue reading

AdWare.Cdnhelper

AdWare.Cdnhelper also known as Adware.Cdnup.A, Adware.Cdn, W32/Trojan.ZCAP-9292. Malware Analysis of AdWare.Cdnhelper – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Trojan.Win32.Confuser.eksszq

Trojan.Win32.Confuser.eksszq also known as W32/Trojan.XGLK-6260, Win32.Trojan.WisdomEyes.16070401.9500.9984, Trojan.Crypt. Malware Analysis of Trojan.Win32.Confuser.eksszq – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

W32/Trojan.ZCAP-9292

W32/Trojan.ZCAP-9292 also known as Win32/Trojan.Adware.33f, Adware.Cdnup.A, Adware.Cdnup.A. Malware Analysis of W32/Trojan.ZCAP-9292 – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Trojan.Agent/Gen-Wews

Trojan.Agent/Gen-Wews also known as malicious (high confidence), a variant of Win32/Wews87.A potentially unwanted, PUA.Wews87!8.642 (cloud:8AaTlPhNa1R) . Malware Analysis of Trojan.Agent/Gen-Wews – YX_DTS.EXE Created files: %TEMP%\NSSD2D1.TMP\SYSTEM.DLL %TEMP%\NSSD2D1.TMP\UCBROWSER_V3.1.1644.29_4443_(BUILD14102814)_DOWNLOADER.EXE %TEMP%\NSSD2D1.TMP\YX_DTS.EXE %TEMP%\NSX1004.TMP\BG.BMP %TEMP%\NSX1004.TMP\BGWORKER.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd…

Continue reading

Win32/Trojan.Adware.33f

Win32/Trojan.Adware.33f also known as BrowserModifier:Win32/CNNIC, W32/Trojan5.CJK, PE:Trojan.Win32.Generic.148B9C89!344693897. Malware Analysis of Win32/Trojan.Adware.33f – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Ransom:Win32/Milicry.A

Ransom:Win32/Milicry.A also known as Trojan.Generic.D461E6D, Win32:Malware-gen, Trojan.GenericKD.4595309. Malware Analysis of Ransom:Win32/Milicry.A – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

BKDR_ZEGOST.SM13

BKDR_ZEGOST.SM13 also known as Trojan.Win32.Injector, Trojan.Win32.Rbot.ellhso, Trojan/Win32.Zegost.R196288. Malware Analysis of BKDR_ZEGOST.SM13 – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible…

Continue reading

Trojan ( 0040ed1c1 )

Trojan ( 0040ed1c1 ) also known as Trojan.Gen, Trojan.Generic.afrpn, malicious (high confidence). Malware Analysis of Trojan ( 0040ed1c1 ) – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

W32/Trojan5.CJK

W32/Trojan5.CJK also known as Adware.Cdnup!RDqouidOmx0, BrowserModifier:Win32/CNNIC, Adware.Cdnup.A. Malware Analysis of W32/Trojan5.CJK – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Troj.W32.Invader.mCVz

Troj.W32.Invader.mCVz also known as HEUR/QVM39.1.3A53.Malware.Gen, ML.Attribute.HighConfidence, Win32.Trojan.WisdomEyes.16070401.9500.9999. Malware Analysis of Troj.W32.Invader.mCVz – TMD625.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: TMD625.DLL Default location: %SYSDIR%\TMD625.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Trojan ( 004be5b21 )

Trojan ( 004be5b21 ) also known as HEUR:Trojan.Win32.Generic, W32.Clodbc5.Trojan.1ac2, malicious_confidence_100% (W). Malware Analysis of Trojan ( 004be5b21 ) – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Win32/Virus.WebToolbar.d32

Win32/Virus.WebToolbar.d32 also known as RiskWare[WebToolbar]/Win32.Linkury, WebToolbar.Linkury.amp, not-a-virus:HEUR:WebToolbar.Win32.Linkury.gen. Malware Analysis of Win32/Virus.WebToolbar.d32 – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading

TROJ_GEN.R01BC0ECB17

TROJ_GEN.R01BC0ECB17 also known as PUP/Win32.Linkury.R196393, Trojan.Win32.Generic!BT, W32.Adware.Gen. Malware Analysis of TROJ_GEN.R01BC0ECB17 – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading

Ransom.SageCrypt!8.E42C (cloud:U9BlmGjtVxI)

Ransom.SageCrypt!8.E42C (cloud:U9BlmGjtVxI) also known as Ransom.SageLocker, Trojan.Win32.Filecoder, Atros5.RXZ. Malware Analysis of Ransom.SageCrypt!8.E42C (cloud:U9BlmGjtVxI) – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

GenericR-JLF!12C6A555B5DD

GenericR-JLF!12C6A555B5DD also known as Trojan.GenericKD.4595309, Trojan.Win32.Generic!BT. Malware Analysis of GenericR-JLF!12C6A555B5DD – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

TR/Crypt.Xpack.ykxwa

TR/Crypt.Xpack.ykxwa also known as Trojan-Ransom.Win32.SageCrypt.asr, Trj/CI.A, Ransom:Win32/Milicry.A. Malware Analysis of TR/Crypt.Xpack.ykxwa – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera